hxxps://cutt[.]us/discord-nitro

Analysis

max time kernel
651s
max time network
653s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29-11-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.us/discord-nitro

Score

8^/10

discovery evasion execution exploit motw persistence phishing privilege_escalation trojan

Malware Config

Signatures

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPGetSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.4\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Encode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\FuncName = "WVTAsn1IntentToSealAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs

exploit

pid	Process
6208	icacls.exe
6284	takeown.exe
4740	icacls.exe
3076	takeown.exe
1084	icacls.exe
3720	takeown.exe

A potential corporate email address has been identified in the URL: currency-file@1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: kinguin-new-checkout@kinguin
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 27 IoCs

pid	Process
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
7148	LDPlayer.exe
5696	dnrepairer.exe
5280	dismhost.exe
6608	Ld9BoxSVC.exe
1996	driverconfig.exe
1740	dnplayer.exe
4180	Ld9BoxSVC.exe
6984	vbox-img.exe
2320	vbox-img.exe
236	vbox-img.exe
6300	Ld9BoxHeadless.exe
1108	Ld9BoxHeadless.exe
2280	Ld9BoxHeadless.exe
6988	Ld9BoxHeadless.exe
460	Ld9BoxHeadless.exe
6256	winrar-x64-701.exe
4612	winrar-x64-701.exe
5448	winrar-x64-701 (1).exe
6776	Evony_aqHEH7dnDUc.exe
2164	evony.exe
820	UnityCrashHandler64.exe
5480	UnityCrashHandler64.exe
7020	mmex-1.7.0-win64.exe
3412	mmex.exe
6536	mmex.exe
2968	mmex.exe

Loads dropped DLL 64 IoCs

pid	Process
5696	dnrepairer.exe
5696	dnrepairer.exe
5696	dnrepairer.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
5280	dismhost.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6608	Ld9BoxSVC.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
6596	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
2948	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6568	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
6472	regsvr32.exe
1996	driverconfig.exe
1996	driverconfig.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
6284	takeown.exe
4740	icacls.exe
3076	takeown.exe
1084	icacls.exe
3720	takeown.exe
6208	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mmex.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mmex.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mmex.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	LDPlayer9_ens_Fortnite_25567197_ld.exe
File opened (read-only)	\??\F:	LDPlayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1188	discord.com
1189	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
501	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\nb.pak	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.ClusterInputModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\res\themes\default.mmextheme	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\tstSSLCertDownloads.exe	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\sharedassets3.assets.resS	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\StreamingAssets\AssetsBundles\local-prefab	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\Assembly-CSharp.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.SpatialTracking.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.XRModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\bin\wxbase32u_vc_mmex.dll	mmex-1.7.0-win64.exe
File created	C:\Program Files\Money Manager EX\res\reports\Others-SVG_Clock_animated.grm	mmex-1.7.0-win64.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\il2cpp_data\etc\mono\1.0\machine.config	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\sr.pak	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Resources\unity_builtin_extra	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\bin\api-ms-win-core-file-l2-1-0.dll	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\x86\dasync.dll	dnrepairer.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.ClothModule.dll	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\StreamingAssets\AssetsBundles\local-texture-star.manifest	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\ldplayer9box\ossltest.dll	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\bg.pak	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\level0	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.AssetBundleModule.xml	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.DirectorModule.xml	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.TextRenderingModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.UIModule.xml	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\bin\api-ms-win-crt-math-l1-1-0.dll	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\platforms\qoffscreen.dll	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\en-US.pak	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.GridModule.xml	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.Physics2DModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.CoreModule.xml	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\MonoBleedingEdge\etc\mono\4.0\settings.map	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\bin\pl_PL\mmex.mo	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\Qt5Gui.dll	dnrepairer.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dll	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\sharedassets1.assets	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\StreamingAssets\AssetsBundles\local-buff.manifest	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\sharedassets0.assets	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\WinPixEventRuntime.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\help\ru_RU\budget.html	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.UmbraModule.xml	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.TLSModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\res\themes\colorful.mmextheme	mmex-1.7.0-win64.exe
File created	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\zf_cef.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.CoreModule.dll	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\el.pak	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\StreamingAssets\AssetsBundles\local-webgl-font	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\StreamingAssets\event_list.json	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\bin\sr\mmex.mo	mmex-1.7.0-win64.exe
File created	C:\Program Files\Money Manager EX\res\reports\Others-Simple Clock.grm	mmex-1.7.0-win64.exe
File created	C:\Program Files\Money Manager EX\res\reports\Transaction-Withdrawals.grm	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.inf	dnrepairer.exe
File opened for modification	C:\Program Files\TopGames\Evony\Game\320016\evony_Data\Plugins\locales\da.pak	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.CoreModule.dll	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Program Files\TopGames\Evony\Launcher\241128\Launcher_Data\Managed\UnityEngine.StyleSheetsModule.dll	Evony_aqHEH7dnDUc.exe
File created	C:\Program Files\Money Manager EX\help\img\flags\es.svg	mmex-1.7.0-win64.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll	dnrepairer.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\CBS\CBS.log	TiWorker.exe
File opened for modification	C:\Windows\WinSxS\pending.xml	TiWorker.exe
File opened for modification	C:\Windows\CbsTemp	TiWorker.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1864	sc.exe
3588	sc.exe
6524	sc.exe
5208	sc.exe
6992	sc.exe
2532	sc.exe
6128	sc.exe
4676	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dism.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Evony_aqHEH7dnDUc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmex-1.7.0-win64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_ens_Fortnite_25567197_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x001500000004598b-6593.dat	nsis_installer_1
behavioral1/files/0x001500000004598b-6593.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mmex.exe = "11001"	mmex.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mmex.exe = "11001"	mmex.exe
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	mmex.exe
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	mmex.exe
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	mmex.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mmex.exe = "11001"	mmex.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ = "ICanShowWindowEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3618-4EBC-B038-833BA829B4B2}\ = "IExtPack"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\ = "IGuestMonitorChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FF5A-4795-B57A-ECD5FFFA18A4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\VersionIndependentProgID	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5f86-4d65-ad1b-87ca284fb1c8}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E64A-4908-804E-371CAD23A756}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ = "IGuestDirectory"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\ = "INATNetworkStartStopEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\VersionIndependentProgID\ = "VirtualBox.VirtualBoxClient"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-aedf-461c-be2c-99e91bdad8a1}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ = "IGuestKeyboardEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\NumMethods\ = "16"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1F8B-4692-ABB4-462429FAE5E9}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-808E-11E9-B773-133D9330F849}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ = "IMachine"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AE84-4B8E-B0F3-5C20C35CAAC9}\ = "IStorageDeviceChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\NumMethods\ = "15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D612-47D3-89D4-DB3992533948}\NumMethods\ = "17"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CD54-400C-B858-797BCB82570E}\ = "IPerformanceCollector"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-cc7b-431b-98b2-951fda8eab89}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44A0-A470-BA20-27890B96DBA9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\ = "IInternalProgressControl"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ = "IGuestFile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3CF5-4C0A-BC90-9B8D4CC94D89}\NumMethods\ = "17"	regsvr32.exe

NTFS ADS 6 IoCs

description	ioc	Process
File created	C:\Program Files\TopGames\Evony\launcher.exe\:SmartScreen:$DATA	Evony_aqHEH7dnDUc.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 322110.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 306938.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 67420.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 805544.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 615509.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4292	vlc.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
332	msedge.exe
332	msedge.exe
764	identity_helper.exe
764	identity_helper.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
5680	msedge.exe
5680	msedge.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
6672	msedge.exe
6672	msedge.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
5696	dnrepairer.exe
5696	dnrepairer.exe
5168	powershell.exe
5168	powershell.exe
5168	powershell.exe
6780	powershell.exe
6780	powershell.exe
6780	powershell.exe
3548	powershell.exe
3548	powershell.exe
3548	powershell.exe
7148	LDPlayer.exe
7148	LDPlayer.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
4276	msedge.exe
4276	msedge.exe
1740	dnplayer.exe
1740	dnplayer.exe
5136	msedge.exe
5136	msedge.exe
6780	msedge.exe
6780	msedge.exe
968	msedge.exe
968	msedge.exe
2164	evony.exe
2164	evony.exe
5960	msedge.exe
5960	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4776	OpenWith.exe
4292	vlc.exe
4940	OpenWith.exe
5368	OpenWith.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1972	AUDIODG.EXE
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe
Token: SeDebugPrivilege	7148	LDPlayer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
332	msedge.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
4292	vlc.exe
1740	dnplayer.exe
1740	dnplayer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
6968	LDPlayer9_ens_Fortnite_25567197_ld.exe
7148	LDPlayer.exe
5696	dnrepairer.exe
6608	Ld9BoxSVC.exe
1996	driverconfig.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4776	OpenWith.exe
4292	vlc.exe
4940	OpenWith.exe
4940	OpenWith.exe
4940	OpenWith.exe
6256	winrar-x64-701.exe
6256	winrar-x64-701.exe
6256	winrar-x64-701.exe
4612	winrar-x64-701.exe
4612	winrar-x64-701.exe
4612	winrar-x64-701.exe
5368	OpenWith.exe
5368	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 1612	332	msedge.exe	84
PID 332 wrote to memory of 1612	332	msedge.exe	84
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 1688	332	msedge.exe	85
PID 332 wrote to memory of 4364	332	msedge.exe	86
PID 332 wrote to memory of 4364	332	msedge.exe	86
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87
PID 332 wrote to memory of 4320	332	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://cutt.us/discord-nitro
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffea56246f8,0x7ffea5624708,0x7ffea5624718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff6a7a25460,0x7ff6a7a25470,0x7ff6a7a25480
    3⤵
    PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9408 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11284 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11176 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11676 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9680 /prefetch:8
  2⤵
  PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10676 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680
- C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe
  "C:\Users\Admin\Downloads\LDPlayer9_ens_Fortnite_25567197_ld.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6968
- - C:\LDPlayer\LDPlayer9\LDPlayer.exe
    "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:7148
  - - C:\LDPlayer\LDPlayer9\dnrepairer.exe
      "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=786934
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5696
    - - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:232
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:5172
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6848
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1420
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:360
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:3076
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:1084
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:3720
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:6208
    - - C:\Windows\SysWOW64\dism.exe
        
        C:\Windows\system32\dism.exe /Online /English /Get-Features
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\321992B7-6370-43DE-A256-39E912E116EC\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\321992B7-6370-43DE-A256-39E912E116EC\dismhost.exe {B556F222-6296-4EFC-BB98-04373CC11A8B}
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5280
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query HvHost
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:6992
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmms
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:2532
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmcompute
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:6128
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:6608
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
        5⤵
        Loads dropped DLL
        
        PID:6596
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2948
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:6568
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6472
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:4676
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" start Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:1864
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5168
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:6780
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3548
  - - C:\LDPlayer\LDPlayer9\driverconfig.exe
      "C:\LDPlayer\LDPlayer9\driverconfig.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1996
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:6284
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
    3⤵
    PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffea56246f8,0x7ffea5624708,0x7ffea5624718
      4⤵
      PID:5200
- - C:\LDPlayer\LDPlayer9\dnplayer.exe
    "C:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=Fortnite|package=Fortnite
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    PID:1740
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:3588
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:6524
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:5208
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
      4⤵
      Executes dropped EXE
      PID:6984
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
      4⤵
      Executes dropped EXE
      PID:2320
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
      4⤵
      Executes dropped EXE
      PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11208 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10820 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1
  2⤵
  PID:6980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11656 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11696 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=9700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11008 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11924 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11520 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11420 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:712
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4612
- C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=11532 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11912 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11804 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12216 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11092 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11076 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11420 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Users\Admin\Downloads\Evony_aqHEH7dnDUc.exe
  "C:\Users\Admin\Downloads\Evony_aqHEH7dnDUc.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:6776
- - C:\Program Files\TopGames\Evony\Game\320016\evony.exe
    "C:\Program Files\TopGames\Evony\Game\320016\evony.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2164
  - - C:\Program Files\TopGames\Evony\Game\320016\UnityCrashHandler64.exe
      "C:\Program Files\TopGames\Evony\Game\320016\UnityCrashHandler64.exe" --attach 2164 1528050946048
      4⤵
      Executes dropped EXE
      PID:820
    - - C:\Program Files\TopGames\Evony\Game\320016\UnityCrashHandler64.exe
        
        "C:\Program Files\TopGames\Evony\Game\320016\UnityCrashHandler64.exe" "2164" "1528050946048"
        5⤵
        Executes dropped EXE
        
        PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11688 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11528 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11428 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11920 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10932 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11344469029899180848,6378343977511822654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:6352
- C:\Users\Admin\Downloads\mmex-1.7.0-win64.exe
  "C:\Users\Admin\Downloads\mmex-1.7.0-win64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:7020
- - C:\Program Files\Money Manager EX\bin\mmex.exe
    "C:\Program Files\Money Manager EX\bin\mmex.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4776
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Release.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4292

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4940

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:4180
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6300
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6988
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:460

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3c55038bd561456bb2f6c1c4737f1c91 /t 5484 /p 6256
1⤵
PID:1124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5368

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\452d7b104756400dba83f164011a512b /t 5048 /p 5448
1⤵
PID:3064

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d1df2ba0bdae4c0884363dbc851f9e10 /t 7064 /p 4612
1⤵
PID:3096

C:\Program Files\Money Manager EX\bin\mmex.exe
"C:\Program Files\Money Manager EX\bin\mmex.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:6536

C:\Program Files\Money Manager EX\bin\mmex.exe
"C:\Program Files\Money Manager EX\bin\mmex.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
3fbded9e727b555bc9cfe73fc0907b7c

SHA1
a2310a7fe4b80d58c50fa9410e0ee691142a30a8

SHA256
5ae59de492f6223ac33cb5bb8ff460c9232d09a0cd8ae069f065ba6859654e63

SHA512
6fd755d2bbc0bc36bb2c46e564b5b6eb6aeb56c95c7ebfe5d3bb8115c1f6ff6d70d33e0c83125ec7f232368dd5ddf5a18a5f3651b5af2949cd132c8d67e8575b

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.6MB

MD5
9b986141683b1272269b634b8a4eb1fd

SHA1
666e1b5cee8f57984e02ab51ad28e231262ff1df

SHA256
76d41e5b70a52b7cd8e03809ce48f68a083352f07051e192950cb49bdb89cc80

SHA512
e18be0d9347856bc2f24043a89e626e59de37dd4d4a314af7f3994754e08f6f5fa967e7b91bbf7674e2f08920507f6141ab656621d655239f87408d549ff668c

Download Submit
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\Program Files\Money Manager EX\bin\it_IT\mmex.mo

Filesize
161KB

MD5
c1e31c9d851124122bbb1aab5fb18458

SHA1
a2001e1f9e9f622073f1c0ee885d4bc0cb2da69a

SHA256
77bd1f60e37f5c8f5e0fcfdae0d05a66a57fd2e9433f73305c79f0b11a4511f1

SHA512
8c6beabc711d04e3d1a60b50479e2ea73bd8eadcbf627e4c416b9beb269833124028a57c5ea92fea496ef53c7c7a00669ee4f587f040e6ed155053ff2508af1b

Download Submit
C:\Program Files\TopGames\Evony\Launcher\241128\MonoBleedingEdge\etc\mono\4.0\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Program Files\TopGames\Evony\Launcher\241128\MonoBleedingEdge\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28a972e24eef6f7e3924ba37204f9fd

SHA1
56df67c07d6d851756dd408ccb01857ccdfbe414

SHA256
26ba40d2122798635b637009c7d041f149eabdf1d0b075a87a5e65ea203f2821

SHA512
8d3f8e3297dccda92a5222f4007dea5adc04531703c47ab0e626231cdd71ef9dd7fe30566aa989a5e60da4e6427da7af100298d8d64cc848df1a981ee18a3f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
5f65521f6c6223e1e18cb161832bea2a

SHA1
f03800023e7bbe2579cd24e122cdf8c6ecf8b4c6

SHA256
787b69b93681cf41784dfa8655cbdafe8a56ecc62f0112a6ea2241a284a0e3c9

SHA512
4aa87e0f16d2be6398849314b375b865a8a3b2287dce712192f234ea8ba2222720555540cb8f20b9df36e6a9dd6b84849450ebe611a772ef488f89082802fd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
17KB

MD5
9f2385157e4637a0426a9bf25312627a

SHA1
395b7c1428ee59ebd152d6917494ae39edc460ad

SHA256
6b20ede33b01a5b351c42913c5478fd87bda02c26c07782ba22a1112e16b896b

SHA512
e220fc5181801c0f02bfae8784057f0800ff31ff05e1233bea9d6f95f94b501c2f1215e38590bec76ba00d3ddee29ef41158d60d3bca0613dcc73ea7b58c5e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
19KB

MD5
1ff4e07e8379deec5ef64c722f86eb1c

SHA1
acc5a21472a0d23365d87e16f51842b750cc8130

SHA256
fd884f8c7cbee586a41e93e5f085b4615198f068901f736142bb3acc9114d06c

SHA512
4c76ce9d4c9d2a5df3640673724132fef3bee2c89f60d663ff369b5c99baa7040933b48c49adff56a91f87ad7d57cb02acc6ea24009f86ae2884b0fa324fe080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
52KB

MD5
94a0a5fdc55da2656bfd731b429bd70c

SHA1
7cb645fbb4920463401c1158ea5caa23c719393d

SHA256
1c82a199cb3143cd5ad83116c89c4b16f05cbaf67aa0cd2313a09a401b6f3e6c

SHA512
504a7efa04c17df146b491c20cc9a173602951e3ddfee1e607a870ac401d133556d831a9a6bd8ddbacc682f414af84fc917947c657ac50d779e90f3428b3eccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
32KB

MD5
51a545f2f6c34e8dfb2963f160640815

SHA1
5e5c59137dc1a149dadde694f2c79e59d9267fe1

SHA256
9231291709cd36f0560cea6b22d6a4e83a78c6c69c504d2f9f239a73d700bacf

SHA512
60ee725b95b5615c00b34e1ff5864eec3ae663af728a63d78334ed49a59e5021835b80a0869e7db07458fe523d46d0445817e5ce66ca212d78e45c7d2691071e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
141KB

MD5
ffa7f92c3438e5d918122a61092cba72

SHA1
fbd855cc6b2a29f4ac079740625e02a052e4a817

SHA256
189de1d9a36ad6137ef1471b91d498c19a7baeec1f41327316e440916a043d4f

SHA512
cee450ba02fa369ab7bf1673a1aa25e3fe4bc7353e931dafa82e5717196702499643a56b63a792edcdc77802bd8ad09c60dfa2427743994031d694b93ad826a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
21KB

MD5
bed7c8cc93d86ac8ceccdb0ff76da8ed

SHA1
e4d568c937e4373ee22fdd79f0c12ea385abe5be

SHA256
df92b313e2303d7eed525932ccfb9e06c44e7c07a7fe9dee213af2f4a7cc0ee1

SHA512
35e21a06ff32a30cf4217d15ad9183d81737b3b280d14633e20a3fa337dedce83f503056232af3bb49fc1b2090c0d762611f959a15fab56add5fc01f8afef551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
95KB

MD5
e1ea4cc3b53e23ba4078caee1f5bbe02

SHA1
2a0500b244aa47ff4ffc31f4d0cfb11a9515c768

SHA256
564b7a7da5cd5449f6338f1fe5e0dbb787cc1ec3c38d6eae9c11228a46326a8f

SHA512
6c7b4cf8fce09adf649c6fd943f954745df18f7e8e5961c75af656097dc97aee73ea69c98d8a7e207a0bc34cb3b36799c11e9e17a3cfddae8afd58bc7286e748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
136KB

MD5
0e018082bf74fe30ada7a8715f87d92b

SHA1
6f0a9105fe6935b9bf8d000000b0e1bedfe87269

SHA256
59c718136215009681b24815620040957ee23edb896b76e7be42e0144af6c23f

SHA512
40b02badf852ba1a997710a99b59a0755d8353ac47f64f6152678610fe5f86f230f07c4288cfeaf6cba5d9b817d8231ccc3cab7f063a1005ba078800dc7d0cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
88KB

MD5
b9df7733d3403f9c5d05b6354a3fc210

SHA1
62372aabf5d3ee72a508766c98d727f30f4c9eb6

SHA256
e5db430314db7e857dc903e5afcd82b7fa4a02be6674ec63e52c0d2ea970c5b4

SHA512
43d7c496bdd3eca09e46507f59eee754c65ebf0731e5af1f713beeb978989eee4667464f3d3618e02846aa894ff35aa5cbac8ab84fc4da5514ea603b19d58c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
84KB

MD5
c9c12577feed8113e13b9b5dddf6010a

SHA1
1c4a4d44e5590cf7865c062c0ae5bf2d8fdbd908

SHA256
b163ac261564b3ddee492c4b86e6d72fd88e98fa203944124381795ca0bcc38e

SHA512
260e2948efdab22f178b01c829b76d5afc7ad0038b14728c563bf6f3f5fea90eaa7cf04c5bee41f91c2dcc129293504d12e5f0b7d58723fed3ad4705301ce0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
20KB

MD5
02f47815318fbaf97240d37ff1f176ea

SHA1
099a875874a50c898851f03b6d20c0ce1660c438

SHA256
d17ff5faf30401d59dd584bd63c8f904405e295de6ee89b0025c010eb62c5d91

SHA512
9c22d3c3ebd160db1555ad18c0245473ce439c28c5a5d35d9230e394fd9aff299a483782ffd72c75f06a56432c6b96f3f5a175193bd79261797d8ab6bc058d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
88KB

MD5
f6da85373297605d2b515eb8ef1dc5da

SHA1
7f9dd680b88736e274c259ccd39cbae6ae32f6ef

SHA256
276e9e4da0b7fd5ed62561fea424fb2640a4b44ca57abd207accedd9090b51f2

SHA512
223d86b6be4d516880d038c71fb1c012d413074b9cd517622a444c499c67b8a8e97a92bcc921af7108fc6b6c120a0c60243c37969bccd91ecd790c9a63106b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
28KB

MD5
b8d23587abb01a892ef21319a8bd0e85

SHA1
b91ed2d886fc8073c15e155363d8cc38a58d76ad

SHA256
a52d6052b9a00507e9277a1c7dc2fec0a83ab6c69ddd5389bab34e1b54136e4d

SHA512
193b304d2f6618293c25d474d65417653f447d87afd508b66c980522bed36fa45dbc4f3cc6a21bfa432b8c7d270767277e8cc85765468c02312f002eb0370c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
43KB

MD5
27b6e59fbc0f388ab4f89f6bd674d852

SHA1
efbb2c4bcb89d119b1c0431a22680aeec1e22816

SHA256
f4017b833a825d9126f5795caff21eb6bc31d0856fd5b4d70455ddb73312f14f

SHA512
9c4efaa97bbc993970d5c6009d53b758cabec35ee736287b2dc01ff0c2d1031bb23ecbcd165bf2d475288bf6f26793bb6f9ffac028f0d3d20cb07070d996579a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
91KB

MD5
36947e8c26bbf22bb93799bb32a19bba

SHA1
6a9119b6fe0e4729e5f2264bab6c3a7789acbf32

SHA256
a0f5e0a4e1f944e042e50a6121ad3efbf9357bd3e48c20c1f094c250fd9d6321

SHA512
e95b2759f3dc3e4c39f472dc500a8fe909b3097b2fc02f625d13c26eeb1cf715588efcfc223c4dc42d54cdc389c82ddd5b0feac8cf3acd551a9b67995a2460fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
123KB

MD5
41ef1a04ba979132a18b0bcc68f897d1

SHA1
b6926f52c11b6eb577539e1124ea1c55abc173d4

SHA256
df68beeeb33cf551b42b888b162a1478e2a8627e79300b0136162bbf71463059

SHA512
aa0ebcea66335f6fd55c7717899ad332a0a0b7f1dab8d96249a2823a4318ad24b0398ad5df9bfa6f63fefece8cc9ca5dd78d76661e1844160b31e8bc09335778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
20KB

MD5
0fd3b46fd7e5dd422bde5768a83ffdef

SHA1
00bbe47c66179502aba235f9f5c01a0cf2e76051

SHA256
4027d8ff4ab76b54c34765b96344808d7ec72c0d8e1c26060a8a300f2933a72e

SHA512
d63690a50479d19b959ec1e7ec27214a4a53bb2205b9008982ccc68bab93f1cacc7bf788d20476dd9e0d9b12299f66803f5377136da28470dd460c875dbcea2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
20KB

MD5
e289d2e9803f4638958b0b5c8145151d

SHA1
01d526196a4814482d2ab7a3725cf8a1ed3d5acf

SHA256
1e3f997dac17c7efebc0c89760d7751fa7d224e20bc8bb91556909392c166563

SHA512
7ce02c1a99198bb9b945107804d29104fbf21042916751f16f9c28c621dff4ffd98ac90331b09d591ff3307cfd109111cdd3c20a3d20acfe080a91f8ec8396ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
60KB

MD5
b100307705c311e8ae4d31d8b2a4a93c

SHA1
3b1ec50ed6b09f7b3c14f6e8e201f2a2b1c98975

SHA256
4a9f5d41f5ac4c03f7772f676247d201dadf15f9ac01a31ac26685d2f559c2fc

SHA512
213f7dbe76418eaf912a232d0650215b481674943ed689ed8ea4716caa6f5293b4495597040822a62ed9372f3703245a9498e28b852f00a2256fd28a54899ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
20KB

MD5
6e66e3bf9f2115f6617707f3722af2e7

SHA1
25f71e02c1432d1bc5084893d92d9ea7ada81a0d

SHA256
a7ad46b8246cb9e29a26c3172c8163353c98f813f89bb2f7a7bc8db4f92c64ec

SHA512
5f56451cfa99a7554d31e24bfb2aa0349f4b6971261e56aa5686af69c95e782e898d9844b9fb31a4566c0a3175b209fd7196cd764d073a0031c842fc0b12682c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
32KB

MD5
7cc9b78226acb93f406eb1e4e17d4d5a

SHA1
8edf2712deade134ce6bd42fc8ee70eb68891656

SHA256
45afa895ac254a15f8928733b5c07204aee680dfc3f0b3a1e87da9430dd99ef7

SHA512
4dbd56f013826532e5ce24410fce357abeecec07e4d525cea627e911e96842ff0fa3a8848f8695a6476aef4c343601451a69d53e0469eb388e753956f94723cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
99KB

MD5
3ad1aabdc81a20c719c8826a93698d4d

SHA1
bec0f35829b01aa93ff7db02c977962b39539986

SHA256
9b0aaa628c79d953f0c2399804d2a4993a2fd718e9910d87e6c37ca089d8a0ad

SHA512
61bf66b7414922064d12c790b7df995d0cb71c42bea9148376f2abda5bf3269bd3b7a1769a9d9022cdb900a7a26569e88635338588948de754ad41d3323c2251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
28KB

MD5
7adf4bdd52949df290411904bf271d99

SHA1
c8ce25904566078c91fa358a52a5b542ace07499

SHA256
2e1e540ed1906eba4f2490ccf5a27267ad8df5500f8928e5185ebb12f99dcbe4

SHA512
e7c62a9b9ece56928af45eedadb5c7b715dda23c9932745a324b9827b74146f769f2f69da25faeabcdbbec49e3925b9a3af2f36ec8791f59703a78afe7e9909b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e0

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e9

Filesize
62KB

MD5
fdd3922edde39c73dc37b568650e47d2

SHA1
1566ef03ec365d9d7e4ac9fc9cbb4e5609b9b976

SHA256
d464beb2c15b29d24af42a7cf74db9539652dba74de861feb169145b5589a3ad

SHA512
b3c7e48d1bdf62d8436ff428af14155a5c2e834ffec8003e9457fc1458cd77b7474210edbb5f57eb838723844f6139b3c523d3a9d1d4f525aa067bbccb9e146a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

Filesize
31KB

MD5
a4da976dde535a4f11ff4c9d57a8a56c

SHA1
fc4c29049db6d81135507dc3736cb638340f55aa

SHA256
6b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9

SHA512
e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
2.5MB

MD5
881c61873a75748f9374c63a035afecc

SHA1
6e410fb4733044fb131946184fe1fec1bcd68336

SHA256
0ba02eb39f93e0b5b408d77ee9937847f4de2244120b3af3f41f8e3425c9281c

SHA512
aef9c5343dddf39b94e388691d54910069b2b5b969ebbb0b51b67f6c156049b755169ca19cd4757a0af28622b16672740cff4489d5c90f9a8498e9d449689711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
108KB

MD5
5abefba49cc7aed39ed9b6cb4cfd6f88

SHA1
898899ac6e8200c1ca000db3a8938e164e33367d

SHA256
8af5feef13faeb14a95d687e476ebddbe35bd36835b36048b938f02704090c37

SHA512
19207c99435b7a559b31eed978b828353d5ba36cac0f9a2f0732d86a76d848ecd0e317c6b29d4b9d04b689c48e23fe4fadfeb250175909c59cdad9ec7ec7b42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000108

Filesize
17KB

MD5
e786d96da47d0720f404e753c216897b

SHA1
ad5037120f26e864e7b10c18a51c47cf11282a7f

SHA256
bf3db29896c76e4f1f7db3f3fb950f77085100fe06779cfa35a014bbc19a6cc3

SHA512
a86f29fb49a364c38543caf54b47a135cc10bbee821fb0752ae3110fcf49f70693659dae85f337c5f93f2af5c1602dfe22f807c14a4b5efae53ff7a1aa39089c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000153

Filesize
6.7MB

MD5
c6355db74fda9ffce0e01eddbb5274fb

SHA1
1da2003b84f95afe52f8879327b8f85840eb71d1

SHA256
2c554758c8c01d147e940e6a4cbd6ee44e0d8fe22351938df800d2d76bd45f7d

SHA512
a0a1cf5e92d32f9ae600456382ceb7e4cfaba84854be4a5a396f33b9524bf8bfa900c8a2abbb455779e502d6c78fabbe2b0561f2b28ba57ebca6601548e77e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a2

Filesize
1.1MB

MD5
dba533edfe91246318f3baa8e2efa47a

SHA1
63e0789a8169ee6f1f58e0562feb41aad9d24591

SHA256
5a31e3fe32f6c77525512f701a4b321432050b99d2772b6556efb361fa28c71e

SHA512
26639c83fbc575c0438857117c97f21bb58b0066789878b405cf2ab1eb1da410ab9e595cc84cc41a4d95fd0cafb2874e7696cdb69f7c8ee565e982715babe7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
371db1df947046e6d1975b3c1daf6b8d

SHA1
7ae90abd99947d36370f0c0591245aa0e5a0a691

SHA256
596f56aa5bd641d5f4d3048c5577ce86728e716e19af578a1ed37ea163da3488

SHA512
2b6e3c641bbc343897d7f52dd8f92dbcdaed6269eec38fb1033322f07739035bd5ce1e8d5d6b88e1ef2a0c3160121d241a2075e6e663908f4d936cfc56a0cbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
b7b10b97453d407e96168e5407ba1f4e

SHA1
a8dca4426508c914b869e534eb36dffacdcb1b6c

SHA256
a0154ad59d48b396b59ded74165e9743ea5d7f2aadcf743b28df29d589054b34

SHA512
19906ec0efda2996a32db4adccb719faa0b580279675c99baaf7cc21b559d6fae9bca87b4dad979d963a1bbccc7c07a0be6836a575cccb8fac0f6a266634e085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
94f38368306313aef79be24cffefe555

SHA1
d85daa46dd85619ff6deea3b06c06a13c49fc411

SHA256
d81454ba953d9d23dccc3c35197f30eb21997fc9f2e3cdcf92d41f55f491ac4c

SHA512
4b329c7f1465ed92fef1e3ab636ee7fe0a421551eaef419950191ba0006897d6b2fa190ec088f12da6df6458041523ee02565cf99e7662ebce5c9944fbcb4dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10e7f09a1dadfa79_0

Filesize
252B

MD5
29500e435c5790285466a56fb9bf3231

SHA1
85f62e5658c955044ea7b5de8974d4972103826e

SHA256
c22b07e20dab2dd4212a165fee3c4d6ba144e41a9fa094437bab8d340db0b22a

SHA512
19d43bf107c3c6e90912eb9103b07122140bf857d6ff3d82dd9e0eda74e2e105ee009d161d2eaea7c80717ac1d0e7d3bfcb8951798f8b192ba0bc03611397bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\118c7f3c9055a906_0

Filesize
227B

MD5
8c620272a358129ff8f5136089230412

SHA1
b73246ff33638f9b34f6718e536d15782a986e4f

SHA256
7fe1c08b2e1060dc10276ecacab1a87fe99a23b4652ff7ade2154bcf8963033e

SHA512
a634cf81bab4e14188ebf9e036cc83bb73cb8c3756eb47b9daa62fb96ec640fca4f1116852974059571490aaf46dbc8ebc14db8392195b3f23f173bea24c5054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11b00a2ead514f70_0

Filesize
289KB

MD5
8a3df2e0b7f04b61b1818e41a776ce22

SHA1
d4a63c3206f4dd46b74ed70ea90578294db874cc

SHA256
9f0e56b0794a21ecead9af3bfebbdd1232d40a03f0e046335b0ae06a82837d9d

SHA512
b4f0b920d948cb8eee740eb0035f31fb1404134273d2fda64b45d2ed39ea8d8313035d2e797e6426271e94d9d970bd40ffdfea1c4a2b7c28088601ba2d0b6f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1267c71dec0bdf70_0

Filesize
552KB

MD5
51258e5e92f46ca1d70067c272f88ea0

SHA1
9ecff56581ae9d19a8214e4188459f5856b5773c

SHA256
6963df9941eb20e94c2b77adbdb21eade263398f8dd103fea88bfe788aed1801

SHA512
4a51753c6998e80be5556a732bb2d1c0a1a7d0e1b9d66a3fe778c7a57430ce66fa3314fb146b9dd5ebb870fc6f21f2bc7051de4bb43d357990912ef8cac63527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1488271b285af1a9_0

Filesize
74KB

MD5
2bc908bd6e09fcf50804ef854983c7b5

SHA1
3a377945daa46e3f8ca3b63c1540dceeb5c0c4b0

SHA256
c1121d22a2802be9027309ced60e651f59b42752f07ad215aa0e831f6ebd027f

SHA512
3744c53f999f7a03c5f45311d1418fd6ce03c0432e98eea51d9696eaa41d3142fef9810a19adff373832e672a6fd1c065c9ecafd6b09bc798a614d71b6d21f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
8048d00fb1d3a64005dc9c25f5628ed7

SHA1
d36d6f76000467253cd8a00709fa4d80b19dee75

SHA256
618243934fced57d7aa233dc748d28c685bface4c4b0bc2d9c1b574c8798f1fe

SHA512
81f7e1a553a498d3106d1d5c3a62448a723d9d777b310512c5641727725ea450ba58235d0836eaec2e32aa2a6bb5c91633ebd6881ef5812564e671d94c4d7e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15008b327caa7137_0

Filesize
31KB

MD5
299d27a6e7ae677c4ccf13614f5143fd

SHA1
4bfb7e7c0d5d59905bbf8b3a6a4d0f1995c379e8

SHA256
64787685a2cef5548da3a328dff6eb6a55b3783c59938e607085e04593345186

SHA512
b3206c54cbaaaea239de722a0b92f3fde757b43dcdc753a1d2717ae64031deed5c38e39b9a012b0bb4796fda7787759169515fa09822c1088eefc8fb94661560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17884c5dabbcda26_0

Filesize
609KB

MD5
ffeee565888125961b0596188d9fb459

SHA1
55d90e1c9a4177ec5596698281037518312412de

SHA256
74d8702f22a97bce2dc3b3144072a469251436ab5e94695eaad6c9c5e13fe583

SHA512
a3397f21f0885b754f0f5b55ec2705c478778bb18f18ec8228c51c2900dd87b9e7498c0a3d10c2a05da5af4c1cab3ac4fb3877c4a948703c2058457881497701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1836ce308ea9b733_0

Filesize
296B

MD5
11c6a3828ef4e95aa8e97f443f7ad349

SHA1
efc635caf6a98c6fdb50f7d09c26d1cd145791ab

SHA256
39aa159589f45a4d8b9f8882e07ed0092ae19ca130f98b4770aa7fed19aae772

SHA512
bbd09464c6b5d4ab8976a52e4f0d2d79ffa7c6f9f32deec5bc252c0d9ed970ad1fbbf10b9d67e4584baf9489234fa2f2d015d0f08b2489e074a9fb04eaeeb4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a29c5989d22056f_0

Filesize
3KB

MD5
4ca04f2914b07ed074afe8e53a212565

SHA1
7e9203a5e6c0b279ab80027cf03eefb983ea7290

SHA256
7ac1712b7d2736c647631f3959de7e478bdc702a69b21b85e90b060f744ebfab

SHA512
86a701554c7c60eb957f93453d6f306085dfd819bf9d2cc250b892981bc9e2565ca84a8aa4c4c91b0e6121f7c9e6ef9747e2d405ac1f7a6058b20b714fef4dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24029b20a1b39be0_0

Filesize
263B

MD5
729f832c5a7ef437151b86949f0c5e0e

SHA1
3e0d3394caead2c550d8699fce9f4e4b6c6479f5

SHA256
49a879e805b1f37b185f6af4939c30b780dfbb9f4a2f3f3d8a85fde956f9547d

SHA512
e324d58bce59163b3db19a5797e7c8d10741c589f6a7ac25bc7f84cd8fe7355622fd2c4be9ce832fee58c559aa6b1093692c1af33e371f217afdb931953c6596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
20b8d13cf440a8fe8e6805decea1c8da

SHA1
6bba0b3073808a35afe55f8a71143cd354ec6f49

SHA256
30e20df52aedda9a89a8d8669f7cffdf4150b58744dc081f53ce3bd3820a20c1

SHA512
525aad420bb53ba07f7700861b1aee02ef481de0a11b7960b1963168c91419eeea2592b4e65a0bd66edbc480fd3a54166e801909857e70c49e6e194b79a772b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
161d1ce4e18a30ce4c09f6a0bf5a534f

SHA1
de4b1f6b958a755f1054e394dcd829a2b97fed4d

SHA256
1157d6e52710324417b07c056a3def40ba3470a7cb7f38e0b41ba58097a9170b

SHA512
410199771412c3b659b54ba09ad9c2313c76493bb34c7dafad35289a54d73cc33f8f690fa96c6cb87e2de32182a892dc537c28d5a392fb4e1efeaa1d82e191df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\288856d808eeb01d_0

Filesize
534KB

MD5
b24ee3a8089bf3f793550c6de75534c6

SHA1
94c5737174257827d175d48736c6de09b73505bb

SHA256
2903e6f97337f42fcffbd7d52f0e9d22f7579448e46313725400a6a229ed6c94

SHA512
7dcbb5dccc6bf34869c15645059ce97dfd1110814650af1381c0561a09054eeffcb3065dc043b7facfcf86e89633c2c5838f8c8b3cf41f34583211530b4c90b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e74b75ba238edee_0

Filesize
251B

MD5
1e52ad3126b74035be295a5f9a099d15

SHA1
52b775ecb0f4b8da711ce078b1ff26f02b7f8387

SHA256
4359bd315d8482d6be82190691068b2a2f9c2219dd7fb60a63ffbbd269d516fa

SHA512
8a69650673753420e6ec97c1de5355179f1d14220a51651261f7d3cb738579f3731104c3e4d1aa4a9d778e4b1be5231f3c10c9a5917884afaa1338b9d1b4c83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
01dd8e4da10bd8ceb9fafdecfd185ced

SHA1
a26df59c0dd04d0221b67dabd98aa8278d73f99d

SHA256
d8e920b8e8be96366c3d5c5b9369d683e190b77fac17f1e4439d79e6c03e352c

SHA512
41a6aa72d030e60e6edbfe8a0cc35d1002c5abbdc2f5759d620073d5054558fa8809685fa7e237acbb8cc110391388fe64d10f57c1a4332a734ea915d0fe73be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30bf906e04c5b843_0

Filesize
249B

MD5
85015a9f61823c28ef104b5b6b02db39

SHA1
5817af7f2ab1d4772563173d231aaadc7c8b8236

SHA256
5c92ff4580c27815ce7e3ab9a96d140725320cd402e86ff109ed069160b2f069

SHA512
439addcb7e6949b67b4a61500ee1f70e9e34ca635e7ed37da2744d29138909330279fa7203e43858c38d3ae32966237369ad892cdcc6c9917eb1ec6907e5284f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
92cf29a281fc1136c243d825a779b1b2

SHA1
e3b17ba1e72e17ccc295041a7f36b3a01b2c8947

SHA256
b689f471f09ac49d3e18f1793a4798bf44dffb10d329d9209b7452cd929f9cee

SHA512
3d452794047547be314a39151dd8950b30ab8cb7302a5009d6b3fd7d76b3fdc37304c0fa263351175ff2d70401ebe45b15d1f296c9aaf95feb7503d204949d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3545a9e694a7a24c_0

Filesize
289B

MD5
bf2dedf37e42f12b375239819b4853bc

SHA1
f84bbcd3917a851690f248023c2584877ffc7bfc

SHA256
d28e54d49ea622fb16c6db7596cfce0c2fbf7685c10f0a0a5631c0b4d5d6a48f

SHA512
6d605ffaa48215e455cabb21e32d6f33f9c33c6c088bad3860ccd7c289614602e62a31363a56972c3de26c5ad4a1a0776d3822c6cce6cf6e08c1f8f551e9edc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
41add2ce0c8a2ef458e065a9ed30180c

SHA1
c9da09482991a36bc32af5f164aac23a4b17f243

SHA256
546c34b589b02b7eaf9ed9349310d844098998ce75ae93040805869fea320783

SHA512
594d88c93c28644cabe941bcf96ebfd997b444eea695152deec6a2d89ddbebe12b4e3f9f083426740625ad24cca04f4fc0e88fe803cbb93412c4184a07c72c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c89b92581d444a7_0

Filesize
80KB

MD5
af0099feb199cb7488922c004c774049

SHA1
a8903571be6feba42ae008ba34e0303451c5b50d

SHA256
2c43e4cf1aa3ad365818d02e620d24e5a152362983a283fa82514c48f68232b9

SHA512
cc4dd8a49466f43bb0429db72436d0a289a9fe0663a6ab6f8b490fcaaa3548161072076d8a1a33c9977a7899930b5da5a6c9f718d4ded173412c6a9a322a60d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
7a0ed651180b3bda7e176771f949b51a

SHA1
b0124d4ece436bf8d0a4eadfb76be900ec5ee2f5

SHA256
9b89bf42fb705a8afd654b5fdd2efa74161af7f64fdc1736b0a244ef9627a53f

SHA512
cefca2f6d75d51f73ab2e049b034365a00572a643d277156b167227dc12371da3c6b5943bc4a7c7c011e11f22652d2e4d82aa8dfbd7d34f1a8ab38c065af779f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
2KB

MD5
36f61535d0d03741af4b80bfceade649

SHA1
1246e9b535afc6373c61361187a10312a0d76a4a

SHA256
7fbac1640cbaee8263e6e899d6b961bb35963ae22f5ea82a7f195db83cb478ab

SHA512
0b8b31a5846ddc04ce2e326d51f7dbb7ddd6620121e34f70c92805d56b11d765a8f790a04e0be53e21ab0f4a9b7587392052e6d9b7d48abff3c6de4c9d9a8853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\451de8d2484120b9_0

Filesize
129KB

MD5
f4382d862fe5ed133b13c07e96888e00

SHA1
a4fbd0d539ab0ed52b86593b008e733273fee62f

SHA256
d11f00e6e35e8f4ddd377d72cfc5bb70fa68c260d220e013205252f029274513

SHA512
44e00619e9b626c3991917d558fd39b0d66d55aec56d2ac2df5302f419f6da359682527595ca1db7f25dcaa82837decde79b5be6d09fdfd36d0602deb40490ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
291631f12e8bf8606f1e1b926b3f97b5

SHA1
a480583abe1f9494222e30483e595c59aab0bfb4

SHA256
432b26e92513698c447fe25b816bbf4e6739cbc54e98227d1a4b1d8b9a0129d8

SHA512
de1d7e2931c74aea502e61edac610ebfd4286856bc57ff06ed8c9d5a9553901b5950bf85c1dea4edb02f48ede717b81d039e477a2aedcd0133b4fc9b812f77cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
25KB

MD5
9d8a3d1ffdd796a68adcc69bbbba5aba

SHA1
c92b8a4ccc000093270bee884a11723186476fb1

SHA256
9622d7b21055736926ef151a358444b2713f8a2595f4d653c4ab8ed925156b4f

SHA512
18fc89340c76264220cb3e0f521aa7ac1795e1f3cb391ac48493f581853ce164f94964711a84039a831209dc953fe6052461a15bdd4fca44f717b01dd369691d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
ab034e8e373d71d715de356fd9ab8ad1

SHA1
4271f3c9c361c122965b934c8c61e08ef3babe9e

SHA256
f5cb77f0aac52cd6c40c5bf3b877f7a977e3eccb809e3f331821a8594f248eb5

SHA512
87e660469b537e122d7f6002d8de99dea443596b33fe94dd5980fe18cb52099d73b636403fff71eb8784806e093c5fc85c3b89292689d0d215437a32f02322c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
57e6b50915c8b32605fc5b74745d75c2

SHA1
5846eb0c7e1b4ba14d2f9125e782e1949390bc2d

SHA256
0276643ab01622d0e94e0363c74fd17b6a49cd27ceb71978456a3ff4da5f2383

SHA512
b283d7defcce2642e3d705f558a0f193a5d7f61259af39380391241a33861983ada4d9f09e68863d8e4fef10554650e23cf9a8b5b38a1f93a016f139bc3d1de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
62199d8f2298cd1f440790f972f6a6c2

SHA1
29d2d831c223397dbc8d5dce122dba840d4f3118

SHA256
0289abbd3c5620af04c1618e4b80af53cc74906595c3084ffdcc5a4f13837be3

SHA512
146b204fa1b8c589e8b43e0e4929b803e809a07ac32f6234b0169ad72308e05575652e389a5e2f6fde1149fbe6a111bd2c542b4625fc9dff8f9801ee2c51fd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
c9ad6abad93c7b12a27d9125d7b12790

SHA1
070ef077a71d79c5ef6bb9ee65528235b6fd6629

SHA256
a6d32b3bbbd220445a7884ebcf5ba35961138826f49315984538f04730cc8ee6

SHA512
54088cf1c4f0699899530bbbfd83bcbadd364a881ff81010a8d61b6c257d777bef775dc35696c003cb8c6c3940dd8067a50228d52fe750759da9a1513a98c5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

Filesize
11KB

MD5
450588b21f516704af1b5399e185d9bf

SHA1
4075c722ee4cbf942a3175401f826fb7d1094b4c

SHA256
8e4e332d5e33563142c1054221d01042b4f66b701bc70e378e87f62ddb94afe3

SHA512
a4be29458c4091c842e30316bc6b3c6feb024d2486f395832a49c05978aa3f3353ea9d5262fe4c97092c0ba7c38976ced810b0fe8ba5abc0e7643a0875578809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f51814f2e30d254_0

Filesize
45KB

MD5
89e02cbf13834ba66dce08fa62575470

SHA1
e44097e8d89a83ff23c49fa29477bc579115a127

SHA256
e4c1d2578a97fab85b4005f4608d70e2e91722144ea1f6b3702178609a0f9416

SHA512
819dfd62c29ba277f4dcbe92565f38eb6789ee87ac5eabad5cfb561477fe66ba9c833b5d135b27a8164c03aa21381e9446d67de131fcc61eb037a24f4a43ef35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
a6df73bf460f284bbea2d9c16c9b53ab

SHA1
ae385384f5e211279677eb3811139440b686a636

SHA256
cd90471289e9bba15f22e2cf4f104441791ea04049c5bbffd36490949d99758b

SHA512
9e64c74045333c654f35b295a3de18600d7b6cc503679b2ffca5e82e55a9773da09299fe6f86e6f4f5b245ae3b62d2e62d2a27176614a01ac3210a94a5ee902a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61d7daa325b7356d_0

Filesize
145KB

MD5
29ef9eadd07a2037f14fbb4459342c4b

SHA1
a6fb3384cd6fe3d405c94242e1bb28fef4667ccf

SHA256
3a716347aa657454c61811f6e69f8f3aa3e9eb3de48126a0fe839b3deda4da45

SHA512
78113b6bbaf728916ab6b22fe4421f83114c2be1b6748c2e0fa592c559c659efba5f3275ea321f81c0b8e079beb63537bad9598ee5a9e3d0d48f9fcd893efe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\633a701d526166be_0

Filesize
352KB

MD5
99b0cc96d171c977ea8c188298ff9fcf

SHA1
f5ad807d9749b9484560ca3182441bb84a6cf374

SHA256
71eb5827c82056338d9311d2d4fd56da63ab38c0be0cf9383c4f8ee5313c255b

SHA512
eaf3bdd738865e298c84b867cff8b1cee34d577595f82d4f642c011f399cc4950bf5920a289331aa3592414ef4ee0c69eae4361b1659c2409b33a19d4bf7a72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
fc3f6dcc8c9950c713bae05db01bbc7d

SHA1
a187152c70441619cdd6d8852d5ef1b86850610b

SHA256
e2789bbba13640c99b473324c7e4796bfc401e0fa8668f5abd7d15d38e3164f1

SHA512
0b5f5a0a11e9c56ce139617190ed1ceb6af7c1505e6624958771e94711d5d0a2c03df5be8dc508fa73e9f5518194d53513c15faf254b4ac7d8930906597975d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6557413cb43b6d68_0

Filesize
198KB

MD5
7bd4ff6f1f7c297ba132ba0c4e435e31

SHA1
508183ca9908d203d79c2af19d21b64e337b11fa

SHA256
e97925ff10504650e794a68f54403216a9302a3abb6f57682dae76d889bec5cd

SHA512
ff5246bb3e6e187fb82d62fbc2aa5197abc091695a4ff3f675c96779ee954f45364bf536b5eb4c3b0236d9c46fdae27c661134ec5da9e0ed8f29f4b6409aedd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66cd6265ac100d22_0

Filesize
876KB

MD5
dea689aaa72468d05e7fa5bdb4ee3ac0

SHA1
0ff0ad4886ada3cbdfd55dae4858b80fdcc8f370

SHA256
7b8542461ec40bf0246830ef31632c8892413cde4e8e173f70917be8ee9f10e7

SHA512
4c15fe91c55e08210f4a6d0690aa2bda4e25d208c8d9e948e972f64d09d200c5a1ee616d9ee6b2d409ec6d60c9981792af34752c2da58df0f1662335f0997ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
5e674168436dbff8e7276142329aa6df

SHA1
e1049daa297d5d609c25e2b1f453c0523c033360

SHA256
e845626a9be6387a51bf5c7bb3476cd9109bb27b2e578672e8ea9895baa9fc7b

SHA512
b755cfbc8abd76a70ff5cf1cfd9532d5c36dc7a4d6227d47072fcca45fd59644ef4d3b98e544a1452d32b0a83cde17e38a4e6f708dbcc00621fe1db56c63965c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
0023b7b80e4119f4e42ffedd73bbc861

SHA1
b1f1341db5d1f612b8e5b8c3f7aa0e9db7553559

SHA256
f2dac8bec19be0e0e49096deb2876e37bbb6cd35a6b3b984b87f110620c7cb69

SHA512
b140c5e73c719b606553fbf47990fb9d5afb75f391c59ac789ec1cdd68ee5d4d343c9d4860d3105cf51c8d2593242f2f775c64c109f25c18e2630397b0dfdd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
2KB

MD5
749d114daee557360b107530cf95a00d

SHA1
0001e15d1050bb8d0a7ffe0256bd4e51eae28915

SHA256
8ec132c6e5b74d01c6b0e55dd6ab517477554fd2e2861c2af8bb9fa254b36191

SHA512
387d4f95c6f06d5022c9633e99cc1a0d98d95104a24a76ae5ed7f755d0abe95c514eccd1faab1764ac60e49969f387ebd8adf3b81821b1f7b22401ed1658527b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
93dcbebd1a861cf250395d01978c0868

SHA1
867c967272852991040cc0e875e0fa89f12055fe

SHA256
a6fcad9fb20bd06fe3c03b79a0c5a2b1c9bce5bcde94a40aa89bade278845981

SHA512
7cf7b31dd7a611c3caa70bea39556c11f7006a712eff70e01d68e9bf66f0fe87bea9bcc2487ad6643978893795359711fa05461dd864f70fb52905b3479e4b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
e8148e2e4fc81ec405661dc2023017b1

SHA1
91be871efac0127f8d03aa8329ba929dca5f539e

SHA256
731810baf33bf5f6f2f32247374a2bbc63f4855f4292f7d4376e051849c4431b

SHA512
40ce0a314c4e7e1c8b8dec38de5335bccca071d4ce0c0524ff5a38b11319fec4484b06fb4b9374a323f47af3fe454223ba919a7f30c02780e1c0273fe65150a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e2f3d5cfcb3712c_0

Filesize
13KB

MD5
cadc18a1fbfb0b583ab55b005f67ba26

SHA1
b265bedbb66fbbc17fc9c93cc9428269f968e691

SHA256
48aaf37e4105986fdc46b3351b942c17a0bd682815cc294bdc31f1628340ee95

SHA512
782a6d837c2f3c657ab40bdbe4e923fe3d1693bfa5204cede375113429a101cfba270ee4c181963befb2b59f10a3a6cff60ea93adee6c8b9e17259b70666ca9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
6KB

MD5
72550ebb65451f22678cbdaceff8f6c6

SHA1
3bda22650810ee49bd714f5752db16ade4bf204b

SHA256
4dd92031bd9016a89cedd91f50da0cc83e1e18a15b7dfe86fea7716aee1f584d

SHA512
3f8d8b4487a076c346db0bef091cac1c3eedef2a728ae01a9c90779dea3897fae2f4b0c9ba5e9ab1b370fd727c8ea9af4e030c802f0aeb8842b591689533caee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\73517c9630722628_0

Filesize
157KB

MD5
615592f1ac277ac43f85c0796f6b5a0b

SHA1
71f03a3c8b58f6739c75511020dbc40787117e8b

SHA256
4a8d623b6c56efa42409639df9a6b32f590a8484c850dcf5e0683c712b473105

SHA512
ac538b59e272b7c47f2b2bbe25a0efbb2792a4ffaca33d74e709c488d4a42c142913ebc7d1682ee948f98393ff7f0843846cbb2be1de7be41038fb079d031929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
5a96737664f5ce24bcddd75eb8019bd5

SHA1
6351dc702d3301942d745b2ea7df7e3a15ce56a8

SHA256
3d2ae0d354211fd3cb12e4f089b1a84c5d800e717c9f10175fc6d7d9a90f8678

SHA512
4e8a97a769099abf4160070f4e4eff1ac73ac80f9c1ab96b5756d38cd5239e230572fda7bdbceea6d90c1c1d7c010c0d27b21c0a2919da3de07e7892fdec3294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74d5b461fb29296b_0

Filesize
252B

MD5
f474283ded16f5fb64308313e9345163

SHA1
02beb101ecebc87ede20dff0a2cf966f6f58bd1a

SHA256
89c3b25fdd94b4a4a8eeba94fabef936570b5f4f56922573deb2e858a01a3977

SHA512
925d8932d36a30276564e448d8a9fef755001a4b1513c4713184a1fa2b3549eb5a24381a3a54ebd2708dc52a9b1ee1c7d6a04d3710824a7e837647d3f284e3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
a670ea41f36ff78b09855d1b18786d0b

SHA1
756d7fc81232382c4f1b3cb2d8920bb051d239ae

SHA256
1822cdcaccda99d323923a81f58f968f6e08676f7bce524a7ca2a4f152934ceb

SHA512
3ae308e654f6716466a91c83fc08a5706d3e2e03cfb326dbded704cd6e6b9e313e3876ecf794fa75dfadf3eb5c1847a209bf4a07dde5fead3deeff83acee8341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
b4f3df7ab14eca7d9348829fc46b03c5

SHA1
08b2018049e51f1fb3890bd14fe3be378a98ce54

SHA256
723d7290d6156a925f151d386ca4fdf7e63e107aed49fcf46ff557524b81cfb5

SHA512
9dd68fa88b4444373698f780e3493b40c7769adc8bf8eb85b0619df33263b455368004b32e3a6fce71f13559cde3eb8a9e9bce2e8d4c227979373821e31f6a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
38626affd4093dffbb0e865c0bcdbb70

SHA1
d77202912e7d79329ee2717d5a098ec100036c7e

SHA256
f842939adabed2c4cea718cb24ffef60d856e8f67e50f25cd883765d05395b54

SHA512
1d05d2ed9c869a0f1c03fbb440f1cbfd0d569cc03717ed8ee70f27ed40e52ea39e75dd6dd245e932aef99dc68487b3c38a06b50f9696ba6c255f72cf131248ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
e51e232e823ff56d449c4eebc2831f64

SHA1
634def7c26a904a9e8b1eef8cfa83941039d97df

SHA256
8aced7b12f3d93ee86bca669f7e4d2318f902dd0f082ec62ea2bd8fe2ca3f2f2

SHA512
6dbbd047fcbb41dfce05af58cfe33ba05783b9d2b24846158f2b3a757ccf6354b465c06c2a71fea858649c1e29b0a53d9db6379bcfed5399901de506c2a5a0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
310791f729e5df043bf4bdd929ce97d6

SHA1
08fba4dc07f3a6c83b1229b9c5935f1dfede1ea7

SHA256
8ecbc4129d6c8b010b0b00bd219893d804d702afe52d0fec3e7535460b5977e4

SHA512
443a7cf28bd4da3976210b8af2c36c1bf8241d0add36f87423cec55d9c186295ced56f0b40480b89e647d41b9c98bf91d1355caf10c99a1eb393397cde3b6766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
84baead0e1bce3fb8306437d9e628d09

SHA1
fd232555bbc2bb6e8fab4985df1e524e28a1193e

SHA256
41dbbb1fdee21c5b29a29623332ba8ac5275afef4dd3c267844f67c38b78c814

SHA512
fa4383da8946aa1b1ecb68684f282101a28b1459c7c19403db906ee1f72b9a8ae42801e8e3accdd39c4e3c3cf74a592051cfe6cfdb4cf73a562726039a53bd10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
c65a36391fbd8c22650e72c86d5400f1

SHA1
71c8c11154c4628b758bf977feeffb49099bec19

SHA256
e5b7c508e29355cdc01e33e73939d8b34a53ff7b6c2068a73b2164e5918444f0

SHA512
41fc3df468b11a58b31f1322b1980d5983b7317399441dfbf117a644649f27cc79db6eddf5942a6b76ec6865edec4ae90ca21a34993d21332bc9b742aa6dca1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8700e3151614dcca_0

Filesize
72KB

MD5
b7559404409cf17115a2d694063ad5d5

SHA1
b9f476b8b2b8beb8e4da754bfd221bf72f89a8ad

SHA256
b83a8cff31c70614987729bd9794da469510479c22b796261e129f0e77f2d1f6

SHA512
2f979f7161cf90c229a7375129d4402d404cce75f37b6d692f867c71e980b662fa027729092c4febd6dc6303613aa3d625966cd4bc366c916336ba71d5369fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ccafcde2f4b6a04_0

Filesize
938KB

MD5
ac81a10d53e30635d80bbb4b9819aaee

SHA1
b2de9a959dbb9208c11d1c70e6ad490548041500

SHA256
943feabf5eecc3c661badfbedd4a10c4f9ecfb3e596260a0f08ebf680a28bc85

SHA512
d6bf2e67d9fc288693c669dae7ed8ad85a95ecf6299540cd202c4351d2bbececc9d26885bab26182ea528148841f997346e37aa2312c25ce86687bb3504d3708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8d0e0ae8e0b42bc0_0

Filesize
21KB

MD5
7935583a5e08283afd81fc6f6db2bca2

SHA1
dd3344c7e6640395cf6a901fbd17b45ea8831166

SHA256
56466106e241bf742bbedb85709c04b56a35b32e8a581e566976b733e3ab3a59

SHA512
35ea8cc08d0f8424a61103d127c04c6cfaaf9f8eb5323104518f5ed5624ab4ff293795e99a5eed92843ebea475da061528dd9affd11b53ab676e3f3e82426f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
dba3145341c2453cf3a287531898d0ab

SHA1
55e93c130accc5d3eee8b8965e3e9d186e09df59

SHA256
3eb45cf7474d78aa21d102df979dcfb7440976d36fcbf5627630759ad1b7ce9e

SHA512
f70edb3ee4fc70eedd73963a5c63b575b3fe3c70aef20203d6e36f2d28fd5c285edba90ff1cdeedd1cf38458940af303355b0fced33448fffcc6ac97e84b1656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\908fae417ecafe16_0

Filesize
350KB

MD5
8cf0c439cd699cafd5fbeedd5e42d859

SHA1
30ad819dbb275da5e26216c2478ee6e6cea2253d

SHA256
415dd614a6adb113cdb0fa83883ff9785816bca7dcf3409fbc9003ba2932c249

SHA512
7ccb591f516ed46403f9bef4dc66137322709be0cf82a34805fa9a60520352bb3dd83b6933f90bfcfaaabcef1ce3fd8a3f438b378534037f07a49879cbf8d5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
5f4e3fc9ee900ed93d07031d891ec332

SHA1
62a5cc5337a3233ea653fefb1685e3079b5ae74a

SHA256
69bac61d6022ec43d12b03977bc9e05fb5f5d64c440fedc070b31f7afc198e1e

SHA512
974d9a90e2ac98648ee011615ba78b9a4454e27ab718fbc54bc3d2ab7c847d2f12411416ede00b44e451fbe2a4b18482c674a3aae964f74d22c0b7397e17954b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94124545ff7315fb_0

Filesize
22KB

MD5
61db04225cf98db923a1ea761f2c2cfd

SHA1
48abf0babd112e760ab0bfa0a1bccc4fda379ebe

SHA256
3c0e273b90f7b6f6f4fa1ac860cd3732e5110683568cc20f93484ce630104c67

SHA512
787d4af4e0b357395ca44b08a88f69b7592b07588b44f1357ac44dbf3751a22ed73b4ad868a11aab13ab9b059383be0496cf63e5efe114e866a4e2647c74a67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95ebb9c26144b754_0

Filesize
306B

MD5
c07f8b05a8f53f8f2a86dad74aab3785

SHA1
be53c937db74786fac73b25fe2b76f5f97a6adf2

SHA256
4889c4f56e00665b19caea8ecca005d5a8df46c5490811424b1fe018e7109d59

SHA512
7942e075666fa0e109ad2cb78ee51dc687738b50f4ef4b6e9381ba9d6ca4f230aa6b611ab495093f888f15fce7849847df88ebd9e6b9d74c7b68ae8a06bff2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
04b492cb410f18a6a4ef0738620941d9

SHA1
b516126bfe7dfa0e6f448ffd21386c7a74c9b91e

SHA256
ba4f2efffaa10cf0fa944c4c2a9f1a4c46981caca74fc8d34b48e93013450acb

SHA512
9656aefbf94d1bca56bc9ce053a26b3ab6016b173e976a19a1cd84a69d54d1e1e103375dc72d8ff4991c8e14ac45911b2263903439a91d8eff25d462c443370b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9720c0a5002ca626_0

Filesize
192KB

MD5
6c107f7930b21a305783588f1142c04e

SHA1
7ed8dfa3d15795bcbffdb28eee9315230ee67391

SHA256
af5d922671912968424e777613d8a5d8d43fbefb232fc637a5c0c3c2c5ed1969

SHA512
ab4c7b6241517578402b82d59ff7d04f9a8b94e45287964c2ff441d6c79348ef0757f222bf59673fc15be354a8fc132565f641e2c6e55831b8a8b98a69198245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a5083c5ddadf72f_0

Filesize
294B

MD5
9cd626038fe131adb066491a3cff879a

SHA1
b92e014b9538eab727b8cd6cfb28f4dbb6288cac

SHA256
cef19417463bf0722c8fc186581286ef6e5fd219f40cf3acf915bf2faad95d19

SHA512
d188253bfb714606115fc608ac044520d7966af4e9d4a7fced1e31cc62330da8aea2e12032bcb9706670d3c620e71912aa4e0a8cf70e4379715a50767e6ca324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aaa41f6df4d31c9_0

Filesize
74KB

MD5
e8b5a4b1cb49169fcf6a9cdf0025b67e

SHA1
0499ae7e1714f92b40fe0d8e8f6bba046cd2cde2

SHA256
9138f67d8d30d0e9b739a92700674b3d78d8dc8d63afb536c9551f60b42da7e1

SHA512
f95d31853dc7c07a2f923c4309e427e1a67410dc1ed56625b2628892c015efec9d284b4769126036b1824e546c86012741361462902f25e1d21b77fef4504412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9abaae9efc13e351_0

Filesize
252B

MD5
6e137b512461e98def7bd0e2bcd00a06

SHA1
56fe5d71dcc10908d5d989f9aca42c727ccc0348

SHA256
babff3cc8bb0c4c3ae8d7e1aaab08f2637f29bc17f38cbef3d8459f5cb0cada0

SHA512
5ae39149c363d50fec21f6d541a0b3bdd221f19443d799a41331180b112bef1bde5aa0a2c772b2cd483989e522efa986441564726b0e28e7f6ee70f3b28826b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d0f8ed7796ab969_0

Filesize
306B

MD5
2efba035086f4d03baafdd9922c6bae3

SHA1
6fce7a1e43f98b4bc62ce8ce44f077097bcaa94e

SHA256
b43a373097b99feaea5ae401bec36123a21f9bccb9bf71dae0a86408f322ecac

SHA512
a187caf73ccb3a4be31bc703eeac24b0984ef7face1be424dce0705f1c21d939becd60946e99bdb49fa3d9ad9e0a7d540d15fc22a5f4097cc26a66653255379c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
400ed89184c8bb134034ec3d82c8aa43

SHA1
0fbfc660151c465a7a1cc96e7d575623c4fbf563

SHA256
72776f701168ad3b61f0a452638d0002de0890806aab37bd6515332d272ec6bd

SHA512
73867c1b4d2b0db29e6fb9121eec255d34e0df4b49fc53b1af6f92263302e6825ab4cd9100884a571dd55404fc1a6f3506e0d49401bcaa4ef70f905324530252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e04f19de8f5d184_0

Filesize
260B

MD5
4767455515072b152a65c64d62e3abea

SHA1
31955a5e9558951456c02995df9e8d85d4914946

SHA256
759ba28049a9e49557557576608613f244cc4f70bb6bdcccc4e5cbb1c32714a6

SHA512
78cd294c966851f040ce69b115f96d9be373028733d2712e43ac75cea0b6189d3363ab190a3ec4b82c498e75405c37585295b58461c254331f079a3ed81ed7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ff5bc0f79e60293_0

Filesize
175KB

MD5
e9ab367db7416d7c3d2d0f8b95b7eb63

SHA1
1c5f7bdb36321f994e140debcad64b139ac6ebd8

SHA256
4d9e162370a5bc0d98084fc9b4fd7094500c25ba734ebc1afd2f493a69ae154b

SHA512
258aa69e9c7e6b40eb0bec3fdc9314b0b532a83419d69d4f14f68d389fc6bd407d4361b08f94decc4a47f1fe7d0ba1e7a1315894cb27fbce55fd0c1a3b04cd20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4cf9181081d8ddf_0

Filesize
129KB

MD5
e5591aef96f5e788bcddd5cac9424da2

SHA1
de278f0972c73f67dee9269cbb65365f47798e0c

SHA256
a7d17fe93c0664ed613ac760892fa1bdd8f7cbc752e32563ad4ff99211149467

SHA512
05a0f79e1972751200826eda14c1be499bf850feabe2bd2eeacf54d69b91265bd4fdebf84b9bf594f708a71f3f72db329cfcfa3aff4f88420fce605317d650d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad391a0f451df4e9_0

Filesize
2KB

MD5
4b8a39c5983416c2d351f96df4db62b4

SHA1
deacacbbb7c2938d3f18ec45e7390afaa2642312

SHA256
07c5e9502de5d588574dad27225c90e07ba214ca55d1fb522d7c1a61b511f735

SHA512
d37f273712e934853d9dd3e2d60150e4c1a7b564d2974078c327bcb9bf116a4e827a05957206d01a529f7cdcf0ebde48b69680efeb285bfceed10c5be622eb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adce463dc0e730b5_0

Filesize
23KB

MD5
affb2ee8ece0cbd65dae5d601e5c3b58

SHA1
08030a4c2c4d697cd4fffd6e1c672bb6231640a4

SHA256
69e38f5670db661fd465c4e53df6309d6708db8d8a237bab1d7cdc4041192767

SHA512
c3d91bf76d175d72ec008e98a86fd51087ad882b0f3f1cffd0fae497b68e0b77ed644b4d6253e63710952a1a7cf12108a56e744f89d79900f1e42f1cf52b8b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae0c3bc54beee747_0

Filesize
387KB

MD5
7cd80860ed54daa4d332956bd9281406

SHA1
9a6c13a7e5da2623446c4e7ab80b48294b962004

SHA256
a06b02ca7fbbf5c3fecf3f95e3060c9a49135b4a4d49730259edff9e6075c16f

SHA512
834484242dde16dbc6830520527a1f6b98eb49530413b82a598b2944fc86abb707d3ec09d3adb14a01da3adb963f2f4cff808871dc631ba7ac854060aa0997f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af685a4c8625d684_0

Filesize
306B

MD5
ebcd0931f0c584f30095e0ccf705b099

SHA1
d6e472712b491f7e9d7da40fbead32af8687be5a

SHA256
cd0dfb7a60e1df3ee2d39d45996e47adb99311cbd2a84259aa6707180ae28911

SHA512
61ba08c01e2d2df3f658dbf4270699118ec19fcb47237639dc051470cc0d22c263c021bfbd260ae8d69068febd4d80eba737e1135fa8e02e66651f4e5dba8a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
4c952a4f0752f78b45edda401bcbf676

SHA1
9a01915648422e613a9088e84697a6cfcbde5171

SHA256
03dfdcde23d4c8d8a713ae7902a60c02099172e350f966f99dc6abeda7323952

SHA512
46bdf0c38fbb31f993a5d34f515315828d5b6aab2d07074cb937bc4ac2615695b104456b257ebd091739d8a43fcf6674da3e0f406255db1082f7480acd5d8822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b366c7255e5e3c7b_0

Filesize
54KB

MD5
494efbbef3650a9ba0d5fd3f610d4bed

SHA1
a874419ef2bfd30ebbb3478f7b0711f68e6c9e9c

SHA256
2eabe9f1c6fa8a4e3caa5635aa460b999b0b50bc9f11e2ca48417b424feef69c

SHA512
48b31c7bf8bd8fc73a40ff3b7f5133d9645356da09b9d5ad8c7190945215bb3ac94017598e1405b01527c9601faa1eabfe3d388783e0a9d2311b84e1797fe2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b389095db6a3c4d9_0

Filesize
32KB

MD5
be182e112ea43d88e89ccaa32bbe641e

SHA1
198b4509f8f17b74fb3162608bef23bb9c03c38e

SHA256
4df5887dd558f040b4c4282f28b1d07e34fd785d25e194c30e0067022d4f736e

SHA512
cfaaf1bea809e838d9b6c9b671f6e3171014b6013d62c07183498c05cf83b2bc5d4209e771b8ff7b4c3a1c19fbf69212b8d2c5082ab80b56445fca0b181ac12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b389095db6a3c4d9_0

Filesize
32KB

MD5
7115fbf488ba2a4bc2f86c825101de0f

SHA1
e678f35767188019bfba87496f64881fd4deb24d

SHA256
6d8f285c6cced99c477f9e3af15b6327bf3e3f9ebd2a2c95e007ad6dda4e6c13

SHA512
d9fab23c58af03a647c13b9b17ff38af1b027045ba7820e9a0f87d42e7c5b9a89df36a7874ed9716555faa4ec13e415928fb747231029af6e0adb38a0d3897dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b8fb7f17faf71513_0

Filesize
251B

MD5
6cc83ff8845256b602e2426152e4609a

SHA1
e71915517ebc6db5368ee5897132e04c3b1f59d7

SHA256
a740f3b24c134359c3cdb6f2ce6822c5a120eaab033017cef8cc20d95e279141

SHA512
b264b50d8f3d0d74383d015b2748e4282a393d3cb587b90f18f2f3f4ddcecffb4bf90ff283330a81387919c2834c1ae99bfb388af75479f679593ff617883b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc0276656709e65b_0

Filesize
259B

MD5
69542dbb60137d7ad01fdc13d2aa0c2a

SHA1
0fd61ea1eaa16cc1ec37614169360113957c2770

SHA256
0b8cd3bb83db923c93e07169e1db0ae2ec8fb868c4babd2185d593da0cb02c4c

SHA512
51202c786364917f49dc03b1b1511e473f402cf8e80e79fe0794baa34ea33cc56744dda8e2f06be81e6471260606c3ed8fa5e8ca97b4b1bd2bb5c3960ae4d8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc305ec98db04438_0

Filesize
414KB

MD5
da30022d1c1df82d0d40ef4a47f3e14c

SHA1
c71ad4785733db2f550a87538f181b4618e3f7f8

SHA256
958e1a02cd267a0cc6b929ca9b63b41af9208edcc2bbe7dce546d2a11ed42fd0

SHA512
8d086085493ab5e885278e298d495b2bdab7c6115ed57a5c4d509003c36d1c20b601cdf82a54e66371c3b98c21a554baf989637e3182e7d9d4acf02417ab2b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd6b414df7ecb6ef_0

Filesize
250B

MD5
218d186124c19f3c83423e5fe516308f

SHA1
2234175df3d58fce5abb45a1e7d9563f0082c8f8

SHA256
bba4202975ecec82e160af41f11ae42b1610242b50b1bdd738b3c2fb48d70986

SHA512
0d24e22c84c554b6efdcdce3093f754e35f36072bf82e7a7d70e627bb7271c08cf4a6c60e99def8ff830cd361878b1940b9c9211e62d90ece66991884a9588b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

Filesize
2KB

MD5
a0fd19aaa380a7926414bef2d3c85b4f

SHA1
0c4f2b9842528f4c892ba165cd1bc0e7ff3a0546

SHA256
1ef1f596283c916e6ab70043689229da2166a5a0e6d56e16a86255cfcaf8b407

SHA512
a7a7f69d77d326091f72b29765ee252ed15b0b27d79d65f83adc79b7495df1a4fc54674142470eda5ae518b977881c545f1cbe040b8d4fc24f0040a9f4804522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
2cc594d00942e6746da4489f4b69df37

SHA1
1263e0e9cdc96580d2500af85ac4086533de734d

SHA256
2bf512a17ae2c696bacee16a38348a78881171a9915e1b30bf3135aa7b7d1304

SHA512
00a5627f9887482f59570fccf47e5d710afcbe93827df2b165bb9b18f322996db44b9abc41bca81858b54658339582e584ef34961b98b3efdf376eb263aacc1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
09b256b7e600bce7dcc5259c4154a8f2

SHA1
506439297db911d6e9204383b05e8a82925c65e0

SHA256
a98f93d205a7bd3a00cdb7c63a3a930bd6c2a17bbf2002850cbb4faaf8c44655

SHA512
67ae32e5dfc543f89ba1fd962ae6be416910a236e1ab41d25aff6ff5e9a1006a6466eaf700b1eb6c9bc38ed4a81417238673b2ec66cb06bb730060f34f1942b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44449928b6297bc_0

Filesize
270B

MD5
c9655df051e392daacbac7fdc9da0f44

SHA1
c3e8a62ae25df181dfc8c6efd5bbb879e12feea1

SHA256
50cdc35281782a31ce887a08f389737afa6ef3c1a89f18c2eb9be630183fd3e4

SHA512
dc570865b562976a6cfcd309539793ffffbd5a5fb4e9929e7c43e0041bb289115f2cb93ffefaf8b0b35717e549dd306f9e492bf624b411f9c9f108e637525b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
67fe47526a5ab927bb287964224753de

SHA1
d24e9592b3f516c072002d40ff1813c435ca5b1c

SHA256
c0ef7c5f8c224e3729a0a75d594212201d2a8ddc68d91e03040441aa5665c666

SHA512
e43886b17fa61a3c6630afecd1c83e142cbab8730956e46810af9ce6bddab58f6847ac97f614c2273f9ecfe9c750ff10c1f3ac03d76f01f8c7de8fef5f8b3d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
985a23abb05b6c38e60431d6083e17bb

SHA1
e1359586039df4e5e7b8769a313cd0d558cd764a

SHA256
d2469aa555aa0ca694a65121fa14e5dc93815f4a5d7eaefa597cf5648b996e1e

SHA512
d6771bdb9f62ba741650fa483260d6995bc010c58e723d8a6ec916c8bacadcb8978e8c2d90662df58809046ddbd65cb87b73267ff082bec9f444586397d83496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
cd1c4d9c5fff247d4d6e93932a92026c

SHA1
7e20304d3238aa7c8c768b2c592c6be1d29b68d7

SHA256
4e63c35ee9b92dd8f6b16552ec02960bc5ae36ecc4e4691770b25cdd8c106e37

SHA512
80902dc9c7e7fcdb400a094b6add7bf852d7a16c260049257fdcf12dc0920257e29214073289f2ccfe91d95a1888e6a30a5d6b17d6730e3ba5359388cbf39352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d16e7811b38cef70_0

Filesize
337B

MD5
bc63cb6d4ffe544009618a5000ecc740

SHA1
b9b233bed7629c72b9357f6b4c69d3c660cac48b

SHA256
a9fab1898bed20877844f9ebb7e4af2923f64e710ae212053643fa3e9117b12c

SHA512
cce8eb2bd768222ecf8dfb8b25fec6014d438b7f704e04dfac8aca5acaaafba40efd92d9cca617f6dced68ac90583eeaf20a6bd59ade9ade4de5a7607e96a9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d23c5885716d996f_0

Filesize
262B

MD5
19e85bf88d91bb11f4ca474bdcf196ec

SHA1
1ec54bd988c0e0153e5b24ee9797b67dd98fa121

SHA256
7b466866a73cb22f94ec79136913954fec33dfbafc699633382419c7d8843282

SHA512
81f893ab64befe7c4ffcd2a8ecbfaafb0982cb7d6ddcae5861f331ccf862cdb52b278f087a278faaeb2122b65b7752c100b09b22590e90a4ebdd1490f6ce536f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
064c953bf8f5f34e4213368ba1121f58

SHA1
e671ba3b9f0e6da3bff82b4a88eea02cbed07ee0

SHA256
76eecdcb643a8cff91aace8b6e7ecfb289e55cf20dc9e3c6da9fea5dee9e9886

SHA512
e28e738de6036a0d1580da7e1352e91e9f45e792005c249e1aaad0dc2f49f737412aa7ec2efb47d08d0928a0894b62830fd1d2f14b16afcd94333a7850b57a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7082b136006c70f_0

Filesize
14KB

MD5
e44cf860114cf43cc66c0bbbe6f8198f

SHA1
2ef02d9135fac5e313134f5886cc4e61b7c2f070

SHA256
3385e4f93a925a741ed749f77cbfd203b9261aaf2f126578ec37774ad78960bd

SHA512
bad5dbc1ba75c8a01ba86baa0d7ab9649d0976097a8f0d5ed3bbbcb8855a14ae420ea5dfc17f022eca70f252a78a6235208330d9a57606cfab2e1563c77338b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
116190ed887f3905f385d212f521b74a

SHA1
bdca783e7c47fa0e4616c8298a13a709b06ad4b3

SHA256
756fc5be19289f053dfc2c20478b5c81f6088d8601951657c83c4d2341e4b849

SHA512
af4bdd40432c766f6903f3a9053d4b88d1f3707b2aa586f9788180c2684f0737751759b051d17b76ee97ae8cb27e64d5c3d55db2747fe199d81defc1f3379fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
cdf31dc18ef1891b17c198ee3664441f

SHA1
09a27679cb56b92e4600364fd785922f5f5f7292

SHA256
2f0b19f6ff40cdcd9b9dde172be198a539016ada12802cfea49b2f601c9baf9e

SHA512
6dc816374d0503c69d3757c4660f1b43792c7cb50381ec95325c112ef700244f648bd595254ed2d7df09a576273d857bf97f3ec12d579d8ecaf18c5c8ba86bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
28KB

MD5
2db39e7a2bf89a0d8e8c1b13813411f2

SHA1
33ee049739c5e4a5c548aa31260c5a89c4e68bb2

SHA256
bcb7616cce090ab58c7af6123fcb3119a5167fb3d47d3114c87d9d54c7663b36

SHA512
80b94026e387e34dc095c9b479d9b94067c533cf99123d7b9ad927cc4bed990feddd399f521ea829f85868f5c86ae5f2a84170ef31055776a2057c8f2fd4b041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dcf1aca4eb5caec2_0

Filesize
108KB

MD5
21eeaee534c2a17845d5279a3b7b16e4

SHA1
0c454e6e86237534235dcba31b070313f83e4732

SHA256
04c03805b7ed258ca9a0dba30bd91c0ca323ae67a520327eb377fe4d627790e9

SHA512
8514f3e3b82b795bdfc0ff16c4da199d53f678826ee7729c9c1209c83f2b2d70e86995de3f61a8d2afb0d9f69e2e147332bfba1245d0e7b1a5978f79b162074c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd0d1dca65539905_0

Filesize
380KB

MD5
98532bfd9e1bc7bc6a97529aae89d153

SHA1
969d124e3181276a18933a4e041f9700797a06d7

SHA256
ef9cea196cf6fa46fc1455d2424a69939dccbeb863b29cd6c6347a52ac34fa4a

SHA512
cb809082d7c017a207e777c70006bf650eecd4815a6a50cd31c932b63bd54cabf3bc3a3012b91f7cdf4457c4434f90d0ca40db8c92b45e0dfe3d4c6145685772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
3f96240e47c8bc1afd50821a7ba811be

SHA1
8099d6c06af0f64a636661c43366a8a21f0b27e8

SHA256
48d75909b1344761d86364d194db1d286f84c192494fa024b62f9be80b59800a

SHA512
14483b70b1dce3ca3253c09d2b832cbdbc24ee50794001966b619f8b43a0b17511716b812b6bab86e768de65d2ead90b4aca15c8acdbe6fba897981f2dd165ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e201db4afc7e2e56_0

Filesize
307B

MD5
57b5569da7ea60b94b3813568c034ed0

SHA1
88fd4b54f0c0b4c495fe9ab532d4d75d711317de

SHA256
29bf872ca631fc0153a9b08b9de9fc522a31224b84aa5e92e799b46e74717720

SHA512
93afbb9e87a4672b2c38b6b1acc37f0a0736db17138f30c6b38a3370547900b0444c0839423f790c2a32b084f7f602162fd64fc09f8845df0ad93d5107bf8422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e974ef6972c574db_0

Filesize
739KB

MD5
163fa80c0058d0ecf6002b73a4788465

SHA1
eb43ef12776f71453f178e8b086ac877a302006b

SHA256
0e894110f58f48a12137cadb815321e24ef607a6d483c179020b16153b5b6e7d

SHA512
b94ad25bdda0f81cdc4e2d844551f83198ad7f14b6fe8566f60f69359d87966f37894673bb280632a7bdd793d39922a3e3a1451df8136f56be943779e919e282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
47KB

MD5
243fbfd71068d05314ffb1218236d606

SHA1
b897511640268de36d6761d92aab938e6e37991e

SHA256
aacb82b88cf7a4d6ad55be9d99a444773a4d4ea74199ea5cc625a5e333291304

SHA512
493d4e433dc56640452428680def1652b96f95fc5f6b4dd176b907a6a1e1200c3d0f3af3941353bc8eeaf7bceb8c8e6e68faed356e3e894284fab223b1044de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb9aa4691e62ba3e_0

Filesize
269B

MD5
ac82a55cc4d37c9f477b43d1d3e6846a

SHA1
a28f7a3dd1b8076c436cd5f05b8d16f624c8edc1

SHA256
a0443bf48dd412d6106dfc5a294ec19de4bcee017db00d46823de28e453c3784

SHA512
af414f9cbc899a889fbc106880969c3d4da9abfcd37b189281c2656f1cd4d26abb2c1e582b0a3d7847dc305abf73ccd1bceaebd5281903329b82714d94050993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebf8493d76b2bd33_0

Filesize
4KB

MD5
5fc54fc8b31028e8d5fd9546c5c51c90

SHA1
2d40c500a79c926429abce033bcff965387fe743

SHA256
31d3fc6df9792c3d246480a7d3457e98ee28b56dcdb19937a50212a244609f25

SHA512
146c88b517287ad8f4d04ac5c5405c3fe9ecb7f2ac2266a4a606e8092cda6573a9864effed10c8f060f817a63f53e0814d68a45be250430666616952b16b74e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
afe409623c29d9bfcf34cb7d67afd757

SHA1
d1ca620e13c2cbcf8fbc0486a0cb845f545b7822

SHA256
2b9d5694bef88e31126cd4961c87a51a90d63e33a76f7dbe494b41c225ec72a6

SHA512
07d78126ddcaea84f3db98b873eb7a87b500c1ec7868424f6c479d8838f44cc296de0859c27ed2139b7dddb8c798c5de3c533891f92289ffde3948b0163f89f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f603e28966b72b3c_0

Filesize
386KB

MD5
a5da854090a8bbbf3ba75c29c147a54a

SHA1
2e158f2fe46d0f7678b0f73f99f27b2877cb6992

SHA256
189ad039824512cf429d59002da63f38e481ca2e86848d09d7f559c47e212dd8

SHA512
f873f3784fed2b34888bb6cbf658aebac77557847157858ba5e49b34422ff6808342e9af73d293afc64dcd0da41fa1b244fac661cdb12283b9f05dfc160218fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
94c7338fbfa7ae35e2726a766902eaae

SHA1
3cc311dc0a4a91ca98f10544aff6ffafd1a42eae

SHA256
22ee45f9e0075d0a84c5c835a9cbea17a7f8f438c02cbf51b8aa31de2f3df4d1

SHA512
95c48d0f7cf6446b590ce8392e5586a56f3141c118084af9088e58d6f699f21e4af2f4a09e160cebdb5fa153c76946e94651cdbec251b5d3be92cc921970d2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
c5b06238aa396eb853eaccd745f01441

SHA1
e814b6e81b3a4362924db3182959ae4322457fcb

SHA256
007b074af374f0d40e46ec69551734a9bce1c6000ca6704a8bc2a516f31db70f

SHA512
89ec598c90e9b66ec25498b97c773f5f0dadcdcbb1842ec4e923361268a67c28e42df5d3903ec4b4b5abc09d3f184273f0a76960ab7b36aa9d6a90e78b21a311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
bf7b6f6438cd4edb4735b92fc47f6a4b

SHA1
b5dfd09d69c29fcf9f52311afeba6fdea0d194fb

SHA256
4e57e33e9511abef8a3ddf3b4ee4ccadcce7b7f1dcdf0e1dc96d05d7b05ab4ec

SHA512
1e79b7792441bddd549e46e56c8fcfd93f9b129cd64078b4f5d0f113415c2a3b642378cfeb0aae8c6c693e442fe6e21c39cdbb3d7d0533df2f8ec876d8b8e30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
e9fedbbc97a7722a8355736dd57a0a55

SHA1
7e225496c0e7e189e97eaa8501af203762405097

SHA256
1fca399679196ef51cf67957826c1ae127cdcb41bd03395f40c4d313280dc147

SHA512
f89150876f5ce787c576c1b7bd802cf8bd7d1817d15767cc1f35171851672cea15a6d9b5950eaff50d1173f252ece12ec42f090949f30402ed314e8b8701cdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
268ec42f03cab05a537f01113548a488

SHA1
bd8ceb97e1cad43f38b069d6cacf723f90c45dca

SHA256
e2845ae330065bb1b50537563ca1373ad21c56afd21ad5e343a4027360a96a55

SHA512
fbcdf0562a5fe063ba05fe0b317f97ca5c7853dc1f47e5894180bcf5f5832b933c04d97b324fd729f460690d8b5327095176cefe9fb45aa8b058aeb717fef0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
ccfb8d713b76eda6b1c76b95918d0374

SHA1
5341594abca38005feab1fca8252b12dbc8d9197

SHA256
d780e6dc81147fd06d69dad892fe80fcce608f396896ea88568dfd5433148fc1

SHA512
c52feb134c285f805d188872045170aa2c96a7dda9e6e9f01540e0aa8416caebde99bc375d84491f92b9f3155b38d04f0a77df17c873d791ab7c8e05f901ba8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fbb24a3112b93ea2563744be58717b39

SHA1
054a3987cd6c5a3c2c0b59e28a8ad4425e252957

SHA256
cc1b44c50d09dc3792b16731f677ef86333b23c297bad2fcb54ff6cac38be5c0

SHA512
25feac8279b5e9cd3129f24826f718e452438a44c86349b253be45a324c1c44c0f9d6d8228e3bb4a1a37fffd770acc9c633ef0e7f5689209021636535f1ff4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
ce899763dc00785590491ac02f8f5a72

SHA1
01ea4142c6c5060b36d9232b505b9038e93103c2

SHA256
41a8e82b1f57a97f8edfe820c92e96bc85d98ed1bc4e0432533729c93a7e10b2

SHA512
4316160ad249c2e14a5a5fe57b9b1af2f2100be8b7166488eebd9f301282a66060fef35380e362e09e06af94dd326412d01e9176c85777c9f2d9bad80baef911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
05149d39b70002b91b290cd318141d12

SHA1
e3e7073e5dea940e1f090ada003b76bdf2cd1c1b

SHA256
586529ec3aaab60f9baaf773af906751fc5d7e2c3951ec141131051379ad4441

SHA512
726289ab492d6380e457fdbd4ac017155e23148d26c2147a45ba90ca13831f9f2cf92d5e31fdd58db55da817126df226cdb1152c0d331a70c88e0507a9bf29f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
29KB

MD5
36c91ed66343e38fa187b872d0883833

SHA1
ee057749a69dd57736ccd198cea40ae5c376173d

SHA256
6e1517753d380fffec87a7f9795f4cb126e16347eab76e3c6912bc202d4ffd0d

SHA512
141f1ebdd10eafdec26c731d4cd352891620678dd0199211ecacc7196b4fb81d2555ee5d3396c95bb17fbdf502c63139eee8d5a55b1835b93f1ea848de603d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
28KB

MD5
79d11b3fc9646e7fb7e4767d7fb2d5c3

SHA1
9f651d4ccd3f5cc67ba4da031ae2217bb065c448

SHA256
5f11e0f1a2ee38ea18e21173d31bbfc9fc1fa4a50b2479aad71801896451ca41

SHA512
3d0eea73a93dae88aee6db2253fab1dec2fe752e92c29db2aa3df39089a061a3531e852139c81e50397c8af39f94b5ec7d5f803e6395a8d4de69643237160880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
30KB

MD5
36de586790810c452a54b7cd65159701

SHA1
ca84505d7bb8ae62b1b5521ff79749be5d4ee58c

SHA256
10423a723305b4e68157aacceb31df171a4b3814d57dda0899121a60daa9d3b2

SHA512
39cf2f2f72257903ecf872f25edc8d7f191e1056826cf1f7c70018a610e872d51e3c9ae8c008cc574c15c1e0b29dd8107c7847a994cdc71bc68b543f748de43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
139bceceb1320c0d15ef1df1dd248dd2

SHA1
f210a2c857ad888f81d8b0388d40f9d4acccbf32

SHA256
8a4b60cf88c46dbe62f491a8634f179c53815c364ae0317bee4dcf7bc7d009a9

SHA512
6ee0031bd7575b18df80262d4a32d60744462b3cb915991e5bab2526fb92365797455e2d0a217bb081830b7fe5ca5f91906554611e8d1a556d54c0e102c14174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
d35f80ed06b3f32202a7cbf9e586c31a

SHA1
9e72d0513110960ab64aa7e75b343e3a938f62e3

SHA256
c6719b1adf274fa856725df23f62df8f648bd5efb5dd210171a82facb7b6314f

SHA512
c3cf7b2d83f90ac55a5a3b2954c0919dbe05df767c101386173a572f7bc45435411d73eb880039d387b29470222371f5233bfb30906855a33a1e9e83a6d882f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8a0a09b3691a14005eda12adda28b320

SHA1
8cf73ed445cd9e5fc03f89e6e080a25d71228f5a

SHA256
a2c8b4b982ccbafdc6d903ca50f61e6ef2a2e83734b38b6888863ce6e2eb4919

SHA512
485dd801ecaa080a7d90f9c308c71a3af4085bfc63cfa421b8edda4ec74e8fb5f4a4ebde08803b37ef82621e8c7228a461bb6e3331228d44fe91f86c60d34376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
791908e6aba0d208d1cfc6e782bb24a7

SHA1
d0cd1c571623088ac6e34365df45c2500794c609

SHA256
4a0e1e06d80c34f02daee30a9bd4c7f8c2f5bccc9f3ed831d5837528f914057f

SHA512
1817defd806a84be7c54d773543f98fa8389cfc03d8b2e744d677d78538130408ea464c234495d3b91c5daf7868502f7a2e5d32357461c1f6af86cb33bf84741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
27KB

MD5
d7aff37de2ba70902227caa8da79837d

SHA1
dbed6b32c34d73636b7c5c2b868a20c545b9734c

SHA256
eca94b582b40eee043616d2f14d5e8f05e48ed84da08b9d235e42dcc4edc9258

SHA512
9457fe17248ee52a25dbe379379506691187f62c20e868eb0c1a6a2d0069ab1659e10b37d62ef5182b8a13142ea1e2d11fff06893b068b17301ecf963ede9f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5f68e4.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
bbb7912b5be39b69c9183fe12459f891

SHA1
832d234ade45462384a138c82fbb7f4ef76b046b

SHA256
29139948d1fd8b135d4c3107e15e54d5f17cb6b9e779e8429d4f87cd38bbceee

SHA512
6b7d2a746fe6c344f17c835f087e7b34d451a6fe8e4606b62ef52fc27b79f8fbd8fbbdbdadf5de8d133192cf474ec97467ab1e4c4f417b9c5972c69888d505b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
9b32132add44a5453af2f31fea9008d1

SHA1
b420f69256db76ef405d79754f36133a8ab38d02

SHA256
9fef12ae71640b3f4a88a194cf63c8832297d757d45fd0194236c9468b617042

SHA512
9c11c75202e1408b60a5ad746664caa16930b1969b02e1c1211ace04a2a8ebd497d1d272477be6779c73b4139441539c4dbc970ad78a4af2f8e4b5f9d77020e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
ed2aa7baf8b43a2f911cbd1121c4d794

SHA1
a73765ed5c24f9bd72de303627a0b709d9026e50

SHA256
dd7d5af630ba2d40feead77a1d144d8fcf26a55cac4cb9d2035aa00d215ac754

SHA512
5995d7f25337a0ae511a4ffc02fcdad11d2c59c918fc30a467b392b04a23af40c0bbd26445e494844b447c2e57127be2a8aaee9d49f77ab433ed09f3b8bb9e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
26be27cddef3f141f5ca7993b34b5114

SHA1
7ef0733cd83c91b6285b6d829fdc5a7318903199

SHA256
c13110ae05df348a5af91fea12d573267786800230282bf9ea45299000356e86

SHA512
2eb168c9375ab40b7de834e781bd99fb26d9ecd593cd8a7e57a4d7d732842f541c0e6c8fdb5b0ccce013005cfe3f6d4c4dafc969e062bdaed98e6f0bb5e70df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
96992a400b8469168fe581d27d44f3ab

SHA1
931f88927936fb5d8077791bcd95a10ddd8c4cf9

SHA256
86aa8016ab613abb671463acc2b4ab953241f6bead92f6a37204543f62a56b09

SHA512
db13bef4c34b66d1c113e7da20f3ab14a88dddef3d6a474532ab46138a00b4633bcc2ecb2f01145e6577cdb991da56d3e50c4027f296186eb2f65c9a4182d263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
452d13eec6562b4aa06aa77b82512529

SHA1
71a93407f76fa031ef266e9e52a59a35971175f1

SHA256
180c5f31d767fcda3acf4a0ce1f66a570fc6cb40bd49077b4d83e4427c078212

SHA512
cbc5968ebe278285f6a7c14f0870129fd95d91f081ad6cf2593074effab011dccb7b5b112a88b552174cc699de3f454b906996af2602a735ebd23fa2df2e6581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
84529c4809b622e955d39d837dcf7e75

SHA1
01dcdd2337c9577ddcc7f9183874516696189b21

SHA256
04a1c6ee85439fbfe04ace267c1421dbe5ee2ef2cd1bbe85c66aeadd084998fd

SHA512
aec2de4b8b8b36322477f642bd818eacf21305a7a58e51da5408d9b7a669937c2980fa266e7461688093df15e74603cdff95ca5c37bbd412c94b162f77cf80bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
34438229888e7549f5b6fe531489f940

SHA1
90bd2ac15d3a4d4540b652ccb7e8f244865d8bcc

SHA256
7a21fae1b420cbb8d88da62f7cca09066668671a913c5cd5e6dae1e4c79213b5

SHA512
96cf2f7d76bf2c77adfd3a139a95fa9a567726cd8f353e6fc5e13874b7148a301cf5f9199ad56c00f098cfcb960a3837379ea3ca3f78d8d122f0445757231345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
5c17bf18c60fe098da9855773738a981

SHA1
01f421c8260ecaa1cb720c5f52b4f3c94ce1da0d

SHA256
f548c47c211b98380487f22e95c0ce15e58b4f66313f772f3c4cd4b4bd837795

SHA512
0bb10e4a4fa6e4da349f42a91317e16f0f12bc89b6e52d25b5d12a9a7f1bea01691907a4ef3e353a670891ce205846f8d2107782ff6d6a94b0ec73be9f8ebbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
8fa640c1d353219c7aa798cc3d475815

SHA1
8fb1627836d205fb6b7822920ada2bd4b8cefb22

SHA256
bed8370229e9b7c4c16cd80d45bda9ed981f5b5cee63213d1fc96a49b3d15db7

SHA512
39a3861e26995d9699816f5aadb572f862fef21fe988704e70345e116beab0d38c796d84d2c113f303738674a89e83e05307d12b0ec071c3de5ec63115ae3733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ebfde889d104975af1177aae41d5aca

SHA1
24f51e316a11562a3a16a106b296ca2505aa5ebf

SHA256
b54cd8d606b831172643320d8bb102699d8d667caf4778d52a1d2a09619d5457

SHA512
3da4176a4cfe7988e3a26ced0f47447191cac54de7224e286f7f89c5f389eea49696949a988a5378d08b44a7c848e01e365bdb864b6b13bfa77bd9c5479549f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5b7a0760a0a4e427e7b2e2f8258954d2

SHA1
b36b4262b98c33d1778b3bef7c6a71631d1dec74

SHA256
b2d15a5c370403cfcce60afb4e1f5b448b48ff2e44e0d8eb4ce6c9063c7a47ff

SHA512
2e0b5a3218221dc8d7d539ffd388da5fc3d716bf2b0b9527f81f477c77bdb7d82f0238c8ca7db59285a5a16b8b4653203d6f945ef8c41b91e6d1e3b690796c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e987a919e801b328c5d085e508de4e5e

SHA1
3970823a868a3e4be7fa5b01415f98615eca400e

SHA256
5c5028c3397d20ca8f017d4273a3e8994569018ab271d41961ca204580b89995

SHA512
c0b9d1a864dd3818e5976dec882ebc45e9fb1c4b280c6986add3a06e08c73d3ef0dcd1cfd6611d8091dbf07ff130dd66367335563b46ad23df3dafa07a02529f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
91cd9e4fd6003507449cee4e73eadf09

SHA1
2306477ec8291e8277e14e78ec6c918b1b99b64c

SHA256
f40ef713aa6fd379b1a57a8b0bb5ab03c80414de5c779dbf06200207194b4836

SHA512
20dd47e5d5a004bfd8b725289ed206ee23b26679217574bf7c90c3feedd887eac9679fbc3c21bb70cafb037aafba9c5d1d1ed4a24ee17718f2cb0e388f4c274f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
295c6cfa798b16f77acda52209dbd723

SHA1
0240c0deb1a1f4622c080cce2721feb47594b8db

SHA256
b9c071d9c3ec9f26d0fa93baffe3961f5003f382775da34ddfcb9d812e078aff

SHA512
ed878bc15479b13dffc28601e659639e7acd05d112c20b968cddd00c7b5f0dc6d3abf3c9876064da356a80c6def528e950d5f429601ea436130ba6eaecf6b9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
ce7f64cfc13f8f08ad9c5c5798adf229

SHA1
f51f4cf40edaed60ff64774ad92f77a4d2217bdc

SHA256
0a3ac4daaf02d37ab3554aee534726eba28dec4468588be7481da13b0e471eb0

SHA512
4abb57d340ff5fd3af979403bdc16e6019349ab6e7e20893a97821fae584a0a1979551b2022373d7e3951202df1ed65c75dd39fc877f994c61dad298ae7911cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81e4932926b196ab8bcc01bc0c32ca0b

SHA1
a11288d5aa16618e1989c5d483e7b808338c5541

SHA256
f12f6d540b5bcafd4d3b321260dcf0bd6c3ac4be9e4e32ed99bbbb5f2c2d5f23

SHA512
1c4cad4253a786ea009817d8a8791570cd379068e02a0ab59c38a308b74b119a489e76f200773ef176b1e25fc2d894a6168a3eaf01c31f7a5abcc8d0e3a96f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
698806fac128409bc2a3a09044f108c5

SHA1
10be40ba9775eb6f97d465e64e1e0bb31fdf34fe

SHA256
ec3f752782ca28ce2413e94bc92eedc1e41518a4c495f0f568520b1e6c2ee5f7

SHA512
ea465c13c632567b37635d69c66ec54e3481200045fbfbaa75eac519799a3dd84bbd047aa53c852d154cbf0eafb038d1fc450be372d26aaab77383db40694c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c676cbc684b8f502a883ed44e6319355

SHA1
8b109925c20d5d1e34c6c071f52a5e77c0e99453

SHA256
bb0bb185e46d52144179d3d891674fbf00a2b05eec1f3f422f88c9ac2ab23a12

SHA512
708025c808696e4101f78281745dd73992ab47dab52dac4cf4e4f7114b0e35ecbc504b86ada5253d9d70d051620a7b222a890697228a5ec2c76058dc1baaded5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0fb7ef80f5cd850cff1554b48e8aa569

SHA1
aabc76d3b305aa007691b90bf8bd64a35f1fad64

SHA256
3e29ac9d48fa6c7781e185113ff944e2fc375c338221af5e660d5202e9557ac6

SHA512
04f838f439b14e268d822c4ec3fce220f9101e2b4840de5f0dbaa8bc69ce0bf4afd4273d47d2a40258436021a0bac5a06225a2b1894954d430f1c2c2dadbf432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ed4da3f6771f4a6cb06d0fb106b79a5

SHA1
f3cdd270f640aa3a0c91b5d10449c67c9b5aa1a5

SHA256
a2e2ed620b62213c287c6516cccdb771a85d308e9a2db5e446428205bd80efdc

SHA512
f67dcecb6b60db4b5990dea596c4a8b156bdf8e72b61c2b0de9c1143e73a0930a73de66ce30c8c4dd1ede92de31d3020ec26ee6e768d31bcb33ceb4fc4eb6d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c780e91b457b9157c5cada59c070325e

SHA1
fcd0e75b10ede76d31878cd9fd6e93ab729efebe

SHA256
53dc02ad1e5d4607b3d461ab5166c093b0794bcbbeb781fee5a82503d82fe295

SHA512
e566d7008ca70623adb66bace2e1146b1fd17e6168beb27adf145ec87b508cdbe864ba134a17882011618c20a600302d4eef4a36e73858d2fe9f1032b42c8adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d0676124e675bae84533b8032a9b98d

SHA1
497928f1ea85b8b6597ca0212ea57e053f4f0e24

SHA256
46d8e5071b5cb3a070b09454c8674ec22ef7f8e6ca925e64c2e758b268986dc4

SHA512
05864269eba0ef1c6200bdffbf93f1c32ea13bf786a2ff237b1c7eb53ea9d16d0771231b01f9d453db2d2aa5dee35ad8924416b005ee0695562299e5f7af698d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e16efd953b19582443b28cb58f4544d98f58526\2c001769-428e-41a0-b2ad-64bb24b80349\index-dir\the-real-index

Filesize
360B

MD5
cd875b15cc0806c881bb8118c053ca40

SHA1
fdadd547e1a6f951fbbb2e3a18120606758241c4

SHA256
4f1d4ae1a52976fb57e23707c43f425abbb503fc20d91db58f112c03f6bf4b92

SHA512
b4336fde226429ad5135e41f943081eddd1694b17c2266b44d7f18c6baae3cb5be6648b6eef246c511bf0292bdd578c56cbaf91bc9a4a977b9390c9b4d67c2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e16efd953b19582443b28cb58f4544d98f58526\2c001769-428e-41a0-b2ad-64bb24b80349\index-dir\the-real-index~RFe62a94a.TMP

Filesize
48B

MD5
6443f27a8f331027e5a131aa50a457a4

SHA1
ddee31d760d99c7af0d62394905c7984f54ee18a

SHA256
7cdca7c303aa66cc284d0db8b3dc33924a0000351d880309de0b056910f7792f

SHA512
c0d3f1c288506190435b9fd64e40865bac64b8b7164fb58a5bb0c4b0b5e85af080249d9c24891bb6fcc59f5669ae3d2c3df0628e07cff33b8a935c068a7600cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e16efd953b19582443b28cb58f4544d98f58526\index.txt

Filesize
177B

MD5
1592b1992f474479c2b4c345cbe12448

SHA1
08f91a39ac17e183521e4615c3c7306585942b15

SHA256
35376bec9a82ef9b08fbac2e45a74fa0beefe26e275043c2d571106562632be5

SHA512
5a0eb7dbc2e725814868ceb938f74bc5caf57d0c68077cb19a4e57d8f008187819eece8b51a4b1579bd3ea6fb91c55f3f34691a89fc5168bfcff6e1a8c14d758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e16efd953b19582443b28cb58f4544d98f58526\index.txt

Filesize
184B

MD5
6816b051a87025e3231c5588560d66d0

SHA1
152b44b50082899c642b1fb8a65a5642ffe31958

SHA256
c783eaeefbe2322ee3f1237949038989c53bfccaed9a9e70763f416f30c22931

SHA512
f8ac39f2c61d81a4a62f20486a8a0748c1f1de99b0cfbd6fba5de70200d237a08feb8f7c8f34a221681ad78175348c794a18d392a057ebb67efc122f952b639b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\9e16efd953b19582443b28cb58f4544d98f58526\index.txt

Filesize
125B

MD5
4d0635d13f3b42d77ece42cce156a456

SHA1
34f8d5d5e04ee3a6f024fa7ddebd664f37ae7f6b

SHA256
2afba89dcdea7d48f4fdf1e14036352d9b27359fbfab71f35ee63d7ed88d06e4

SHA512
c094421102fb6a1ac26dde21739858f4a92f841f238dba07a29f99f4f05614e7ec5c89de894e0d765aa1e96dc0d39e3d9b7cc5af54a93648ece140cbc02a5e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\653e56b4b6556a9e_0

Filesize
22KB

MD5
a9a600c2d899a0b1f0201d6aa2c26471

SHA1
1bde04c87d1868211527e3b9199cb7a7962ba230

SHA256
fbbc7ccbeb3196f236b32b9249997ee64617cee6107a1f8b6d5f61420a38bd4c

SHA512
014be09cd28dfee561f892df822c0c5f86d8e013c1b943f393e61f85204cbbfb0712f72a75a3cd59255ccc994971e3595965a38faa483bf8798c25ad63cdcbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\653e56b4b6556a9e_1

Filesize
46KB

MD5
7c38693762d246808973b6ab5b3b16ef

SHA1
37beb227cf8c1d87a01634bd10a1106725ea4298

SHA256
da1ad7f404eef6cff53e5a2f6cf1e8d6bf43b015e57af31f8fbfa3c269cc8c65

SHA512
0cff51a2cd93fa8e9325e83d02136ff6b45eed09d731514a53f3172229b5d4c862c0e3fc76f310fe5171e6e8b1a22d051f327d55636fed4f34e3a6ecf74d85cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
1d8e0c314d3d13c8476cabca54a507b8

SHA1
2e94f96ec23ce1f130bfafb1bba24a888925244e

SHA256
851809b8e50b4d27ba4bdabffdbb77c9b59cb7f5a7e0d720ee0c3b9355cb20a5

SHA512
2d3984f608abdf8bcca65c4b35d742dc203f02076b510a6c430591786240b7ec6382eb50a44ce355fe0740fe7ec416c7801c90bbafec870b2337cf9c15599b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
336B

MD5
b6f588b26e88fe17499b50cfc2123764

SHA1
77ffe937612985a382680d0bd89fb931099f625c

SHA256
227ff30fea46d33208d47fc75b5b23c6e9726eb63436b9624383413c5d787e27

SHA512
a9ab11839715c6323e2e3ac93309c0f39e05f3a60ba24dd78cb7aa9318ea2cf3e5e18b19a17f637bc253d647431eff6bf39fc49397fc690281b0f67002f91a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
384B

MD5
ce78f4afdd9f8621345c44a9cbc6ba34

SHA1
1adb4ace4d77132b6b58e950e68d3581b29f54fb

SHA256
c3d628aeef5e722e6e36384ed3e6f54c220400a2233d75ac9eb324918cb77642

SHA512
2e61b011f81732c5814013fd1ff692a3c2febe4421b71a55ba5682f6fcea2488fbf75ec4b424bad71d43c8321c249d2f31188532f3e8a233b1a574b5b547e9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
355dae6defde50123a801648a24d7464

SHA1
5616dc81354502b4ede7afcb546408a19d8f0a75

SHA256
285eabe5a25073d91a209400050b4842e6c928959c1144a4dc565c2511167ea2

SHA512
c5990d2848837cea047f93002a8722c1a43dacfe61b7b021844ed848b0d7e27420020cac9d724f3a396a3c69e7bc9205a7c374b3d14d73dea15b03e0e338306e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
3b130dc9dcf8109284982336e3e508a0

SHA1
6677c44dabc2fcd2e33090d6ccadd7600ebd6f4a

SHA256
94ca5cad8b4b32d7834c0c77b09622539211120b3faa38666255adeff7349dcb

SHA512
0bab99da476fcfeb2bc8be8af85939ee22568db42666f26424e58fe5feaf85763fc126852fd55d445309c9cc55d06e08c58238688b747ae2214bdfd43909a2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f4d3e.TMP

Filesize
48B

MD5
2e3686fa4acb9525f7541ce8dbe58f52

SHA1
216e791b62be6bd61417fe9d6672b61af66f7616

SHA256
752d27f588ce35e08b4fc45f3e9904a708672792d7941a7681c5f6a21542e1d9

SHA512
34082709e94932c31053b39467506e6e5c841cfe2ca2cb2a58989443357970c2b271071eb8ae3fd7516e32c6d9827d9284b83522f21666be4365acccd243e50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
590a6b2fce215af31eb820fccbfe3037

SHA1
6b8513a0c0f1b4b4bc3ab4acb94d070986e0f618

SHA256
84c53078b6a4cb01b70832c59ba095bf1d94cdeef6cfc74bbda4d7f7912829f1

SHA512
3347b9ef609773125668503d953d95fda410e19844c2cdcc5822bc2083287d27ec9151856e1b9b739550bcb9a770582ad9b141de726420fcd3af9aef8e6c72ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
2de46591df2122c86c794f2312af1fcd

SHA1
ada19ce42021e0bc2c37e2e00d5bbfd22a2b4f0f

SHA256
eba3b79ed852cf9d49c31ddc91a079534e2526a23052307a62be7e243febdc87

SHA512
0865e23a4720a94886c75452ee55c542f2dbdc58b1751e9cd505d9338a576e6d7515b52d08afe372e6ba6ddad0ac80c0aa054b225780418cc0b776cde94badbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
b47130baa94904b19f986cedc77bed43

SHA1
7c757bfdf801edced3b5fbb216bb206ad183860c

SHA256
2d9172ad606171d53e80f142bce38b5712895f9db902b2be685e3ba0ff3275c0

SHA512
30fecbc0404e47d280cc2f827493f73ec4e91474d654fb19d644c4f9eff53536604ef57009f0cd8c44837f72a0ef0a32445def99c7c2d08e6c811510146f6251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
aef7380f96e1da0fa03344b1caa07b08

SHA1
1558eb7c7e19fa34f25042f711b59242516dc613

SHA256
f324a5342d0dff7834f02c89ae3fd116cc4f45298dee853ec65fd879b816ce58

SHA512
a0b53e4987e2e9e68d9b9ffa426fd716025f8c4310f858b07aa0d2bcc01d794e04907bedcdba4765c4af3435d7d3e4b8b59f3ef7a44dbcb893f8c42e7e0db938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
8ba628c8411459e79f5778b907833299

SHA1
d6be1c9c895ebb5784cfce9fafe33b68bf347135

SHA256
16fb549e4f344d395faa4cf8cb9ac9d1c2e346f2d8396a69ed6372cc155b42c9

SHA512
e6ddd136f7dd3b521fe45c7346b6526401e29309f4ffeade34d292c9d8badbc081aa74ba1633482a28ce701bff649c8cfd1a66af35073a471ed8d0c822e61286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
ea765b5127e32137ed6cfee55535b2fe

SHA1
9686c2c014b6ba284ae94817061f8784498cad74

SHA256
ad07df63e6d3c482194ea04992c6d98e49dd0ea3eef9d00b8187e65750a5c8e8

SHA512
9e6f77f06cf1c827c30352b8b420db94e8cdceb2718580d43fd130f6c4a314f794a5bb2977aca47e4825315f18254ce25ba8058b1686d8b10c7cd1603b1953d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
9ad322f42b5b129a7622ff06831a485c

SHA1
e0cf7db09a637b69727b742ce823558c92f26656

SHA256
4ac1f5c7655ab7f75cc50ba16a230e8e30a9c21ada3498350caad53e989cba29

SHA512
275a76bb7abe9832027b38e4b9ab725607c36fbf996693090b8bec7c92d2fbd81235097b3274307feb8aed2f2a143edc96dc14a9dcde81afe2ceb3e720558719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
a0721a419b6d173d8dfe3f458b89216d

SHA1
89aa719183ccd65a4e667eae785ec60771aeaf67

SHA256
73ccccecd79d51a71afdac2ce611f2e121ebc25f9b16a4f376cd27c2bc760041

SHA512
df27097598a530bf9d32a6ee9c84898a94afbab44626eb0001a3052ca55c27d5491bfae7cc9f155167507a066573c84bd8dfdc439ea7873858d2df36b1939d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
085bd3d2e7767479601e4deba4f63c11

SHA1
2a37053a122b07ecd0eca92ec1cce4a0b21bcd32

SHA256
1839b491ea7f700b6b483c4c3af226995a6607b1f06de36715eb6ca99dea21c5

SHA512
25039b665acae0a03ee81bf1e8c8455eec2446d0444701d8abdf31a0c4dd6b17b89e77d930446c90d3938c8492def9e675386da40ec3927f3e3eb0cf2f045bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
143f9288968403f986ca0dc928ee1bad

SHA1
df51f05687dd6353b734dbf7c7b248283aabe806

SHA256
af7566ca1938eb087941314da53b5af2cbd34a56e6f4bed875b7ff93ffd00d80

SHA512
a422d521d3a0051c41789c562d1568d074951d3de131eb5aa8e2da399a51aadeb2dfff94129635a409e683a93d93cd01144e80134022f2155e5bec0969532892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3d3a031a8f5f801c94968a11ed900062

SHA1
8923c816e94b9e505d2d236dde5ea01d5b54bd32

SHA256
514f5f14773d3263549e3b0efefbe2f949632046476437103fb67424334ec20e

SHA512
8d2a5b1dde5cdb5a4042ac75f536fd33a895208f18bd97a7c6d19304ecc5f814bfed60389a3d44fc50dfd766706e5b830cef4b9e850fc9c7705db37bb3427144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8f7c918ec5f3e6aeb571d35995c2a03d

SHA1
d094e9ff648e9a6ecd411d54f68d914c62a59a4c

SHA256
962556563a23043260adc9dfc0592f240c81443f0d66d37ac2099df5d27ffa37

SHA512
8818ec15e61679a033841f02abf62a9eabdef45d074d1f328dc730986486bafe14e65835a806ad3dfccdfff3cb13bf9fbe4de5ce3495f078c17bd1706b134391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
0d41b25b2127f04c88f7f88620f0a518

SHA1
1f36dec461f335906571388f0da780c13ed973b2

SHA256
2e10712607f0827da5235d62659a958d3b2692ae76d9107f95032e0f0aa50da4

SHA512
f3033b54040af0504b47e75f7c7b0a9fe1173d73c49dc331fdcbed505d3c129b856bc9fc84f29ad1877272c7ca5b7c35030deb94742cfad8ebdc5a841c6537f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc0141e3b6453f7e4103ffb6a57254cb

SHA1
72f021f68404ae78a7cd81aae3131a2463d24a1a

SHA256
921a9fc03c636f9c91281e194a58ce996cc75b3f23bf50fcc32b43e70fd8f3e6

SHA512
1a56c89633762e4c1172f6caf846b6ffe0bbf591a08054436baaf790c67f4af942f59e7115e653a147d869248b97f673c39ba048c8ad3b6a771c38b5e2f85b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
35aba7d9532978bb1303187fc2e7af4d

SHA1
26bf860e34f0f9f76548d01f86684dcbdac3c759

SHA256
a003e1c28300b52f253370dc4706d1c0bc7ac1f6d0ffd2baae97658c862d33e3

SHA512
bfb8dc736f07ec6774f3c3842b4d2ae9d59929439ddd212da155650bb7f1cdd359e27135a6bf00299334d721a79876cbeeff5bbdd32a997c3c7759c547c0a2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d837f27fb1faff656c96d2ed7a94d4fe

SHA1
573c96920a2fa0e6fd9b1f6a0822f86ee950e2e3

SHA256
0611b350d08943555b961aa7294da227f26d6ffdf866659ff834e386cfafc443

SHA512
1dd0e274e9b196e7315c63f2c6548b7096cdfdf75f602e7d43d9fa32c47eced75b37f1a051fab680020f6285fb86d5c664bcfe4f5bce47aa57f368c6acb8e90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
67b7244e18f803ff03cd3a521e9f7c2f

SHA1
ac3431059ce24a49cade3b7ee4d650c8472ee32e

SHA256
02acf6cb1a1ed773d7b99ce76d9cf0fe9d86e155621a95a88b606eba3ab17dca

SHA512
1f22b3fc0965deb971c1e120b556fce4934d41ba3a6deca460223a08ceaef554f4219fb68f6d81355eea9d6337b1efa9c4339f5a8f7f7c895188a00334f49e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8a1727c1db6314b73794ca14fff504f5

SHA1
420e2ea98b7f2310cd440fa4f9cd9f0f679b4a01

SHA256
fd6ebafb624700494bb7f17cd97bb11de432e6116ec06ada2e73178fd7b3373b

SHA512
fffcabdbf3779301957e070b4b628b410bc9d875fa41202a597135f773fdc86547e7660947a915cf13da096b2e14433c3ace473193f831684dbf37401e263c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c978197921186968a9b0499ff002aef4

SHA1
1fc8c5d0b348e3e49663ba90217234b383465267

SHA256
b4d7a9763ae00da2d1a952f98e44eeb02895ab49664783bf020d255235238011

SHA512
0f08c1cd3e4cb70339c6fb6f565592bfed48b80217c34fc70f05ead0b322664219b4f5fb305f26c22968e8e69c292074218846c448cd87a0ff2e6b531d201622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed709d28c205e17c68a0640ba763a6c4

SHA1
dc0f6a8e377ef878563beda47cdd5f81f33b97f4

SHA256
918bb4cbc964be2ef4f99da44e8f4f30f3faa813ecbe59fd7a25e37a722cf760

SHA512
821c54b690e336dda4b93825c319de69ce2453fd22b4e0442f42f4f7fd85b23aab63bd986e4eab116df0d6c0f025de8513ed21e7a2d68c096869886d89fbcc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0ad5617932d865c3604036bed44af03

SHA1
2590a3729f2e93e934aadf2e2ceeb941719253ea

SHA256
07e89959cc909473ab4cadd5dda8f48703995df77a2a3c0e3acf0d1823481c0d

SHA512
69aabd6c82f58c8865bea2f808623c5d2fc74dc4f27613011aa391699c0b627438ced9ecb4b9ce1082709a8eab98a36b4d8fa2d57a4fd04e94f67e1d3cdf94e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf3502cc67ad88a34fe40fa8ee9121ab

SHA1
4045b7688253fbf3443ae966b050b432f2343af2

SHA256
838c630f870a99d02e9f5f2a9a9e4f238acd60e6b8a5ab29c9515d3afb8da5cd

SHA512
2b751b3afcd0e29abc4dfa70504dfb75702009d7986243cbdc69f41eb27c3a820fc8062adee0ee8595f35fcd92ef8081dd2243dec87fceec2760acead798bbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
ce09c8f94971e3592fd0c3ece20dd9ed

SHA1
785c0d4dcd30525676aaa30e792cb7d72d38bf70

SHA256
a1165cbff7dd435945717397985852a24efd7185a435cc9ea8d62a2845961a3b

SHA512
c169148b7db9a1a03e08e41bbbbec7b27c697a33aa540cebce46af3ec07ed1f8df9fc0b64cd0ddefa61cf53d6493e7bdbd2a5863c51376d544921970c7fafa0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
793cf6905ede5e0aa58523e5be0ab596

SHA1
02689ee5024122bc9746ef76cd0e87d2ab945e4b

SHA256
3cf640d70f506c06878ed8ccde9f18afab46f0690158f7ba36f5c951f23add56

SHA512
f7983759be96d94c547ed414169b409b6e7f8d42bfa9eecaca91fb1c2448cf99268b1f37ea77ddab8c8426212a5c89b01edbf7c294883bd0472b7abbf55c5eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
beb5ae0a8589916fda506e37380b23ab

SHA1
b7f523b6eeb42d678ee2444c3ec59157103de67f

SHA256
fdf6a46459091f2f36799c0ff4d9d1f29f2c9f0115682d908ef74c101bef4dbe

SHA512
c526f236f9aac8ef510ef4fd4249d2ca9ba48eb686cd9c1661c2a2ff7343521254e10101dd23809800b4bdee44666789da3d847cbd9018879e213c2fc9c89509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
dc3578012afd0263e2bb2ee82c82e24e

SHA1
734cd6bf6699087d5dbf3615ef7749b56c48d48a

SHA256
ac3b7a12e7ee57ce90f85ae761c39ec860ad60dac0ebe9b1f634e02024325259

SHA512
fc54c6779b005e17d41bf28836b6acf936efaa3bc6f3a78c109777fa510c1a006736467f6d102b48b4d87f7fc1dd3b613b49a388ec1a8ae0f531b01712edc161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5eb94b.TMP

Filesize
875B

MD5
ff1f0c4e87a96594e0f23ab4af18afe1

SHA1
562ab240b21fd504aa577380b308ac1b74d08027

SHA256
3df64fd0b913110361e3bff853a36fdb75f3052de95263dc617797f5d5ed326e

SHA512
8069f5b22021f17ee2f93d462758adf9313861c665e4442700f5be1abf15fc317eede9cb0b0ef4bf6e312870b312f2402fdb0ce1f315f5b4abd6ce6e3cce2358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4dc49ce-f29e-405f-ba42-a424e9dfcbaa.tmp

Filesize
8KB

MD5
f93b95b9387339f14eb6fb3868b6ad16

SHA1
f9bb8d9a7fb0e98cc6631e25622205ea3cc62031

SHA256
834036df765d605a1b8eeb458bd4091194c0b75f3fed4b7d883b7d8d3011a860

SHA512
771760944cb455642f8ef02bb4ca913300d57766c7c7b436ff9f8f1268e450389759e487e671996cfb2d152367466460d4ae747a22241704f5b56bb6036e2567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6c37f0d-6cad-4133-9a2d-6eb5508180f3.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
000edee2d28fad65b5f5b79c0f989326

SHA1
9095353547324f1f8cfcfb5ea7f90760274ee55e

SHA256
3f177da80e5635621447282585a14ef9366b04a2ce737a5b66b533207e5d7f3e

SHA512
eced1275fa3c7b67a5b441c3a53aae47183258f8ec32b98e85cd3027369f467ba1e424bd8a7a44016ae3b22d85694e9a5cfa98c6aff4da892609e1b33ca41486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
06503d86a112a6e84f9cf9015d74874a

SHA1
3a0ccf32d5240e261a1cc5005d0ba274b245b432

SHA256
327fb3293754de8b7a3da2ab217dc0f2dc5b9e28caa56ff7d3339849b3e37e7a

SHA512
cc8846f47baa80935f57e0c98b01b7f704b27c510dd1ffdc5ef0bd1806041d34f003d422eb11a793b27972404d2ea4511072398f9eeb0d2eea9655e4e90acd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14c80dcf38ad34e669a3d4fa47afb4e2

SHA1
c7c468ef88585e93dfe7a196ebcd963dd5ba1351

SHA256
48a2a277ecd5c055f4d1f8855562390ac4f74eaa7292f7b89d968f6f19dba575

SHA512
583c15f6c0be62e7f95e8bfc34a5c50c3eed1a624d748465ca644f6f8d131336fc85d7a950982c08b3ecb00ec08d6fa428c7cd34649f64e1ce5801c484fb9daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a248b1fc5632bd807340c7916a28b5d6

SHA1
7428b88f891bb73ad7c93a78fe8b2981debfd97b

SHA256
503c22fd7e079ee1b80736e937b02a558b97f62e8709d7af1f7ced65c814c5dd

SHA512
3b5e53b419f71ffc64e20b678b4915f40a85e61683fce8c92a2c824b324e815a81f824d53c12b9722dd7fcfdb5a89e207fbd60a0d098833af294dc9135e18d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f75eb0541d4e294db01c4fd2dee512c1

SHA1
767b60eaee128b3f3ebff46c9f13df2fc22e37d5

SHA256
bab295eb616dca4e817a68af65f45fec797604d7ba9bf6777b3b35749145c3b2

SHA512
246e9e7be8c650bba1ccc76120b919dbe2e22554d696a2c4841cbc31f147a246df7b9a99b848ef1917ce1e38706b9309fd629899bdd68f6200fb0e17bd3c9324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1af8ff5491977dc2f895a6d19fae3eee

SHA1
360ad572eeef630f02d083615d6520c28e5ba5a6

SHA256
c45022e39799f169c7a176e237e64dbe0d6628751211507b3e9e8365bc660ce5

SHA512
e799bfbfca5f959b7693df274a68a8f093285b32b488ab3158ef07895eb40f9cb45ca3aa845d2289529d9dbcf9433aed349baa5ce9a1a4cba3c36b4abcfb2c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd4e6d89b6b7d07ffee78078d8b9de61

SHA1
330b3b4bc99393d5cf730099ef81b342dabf0474

SHA256
763f8d30622f3ed09ad54776436a3314788a7ac1760be1ac4e76e9c8b63bdcfa

SHA512
d5563121fa1599deb3a13c53831a2509433f6d28bdbf38e6dad88b0ca647fa2918d30f469ca73880ca0651f09b7a39769f7e00514172f10b5541d0f413a33def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1a8360538b436b44ee7113c1b8fc0c7

SHA1
b0371de280591872b16e54245c5499d6863dc0dc

SHA256
95d6a8c70edc4331a4627614c3b0876bfada55b7f555ebd6c2b49efcaef98955

SHA512
8ba6d54ebd2fc8afa84a65aa5ebe9c50d2da3ba221eedae0ebaf8113a63249eae0af55fa01bfad236586f0a473ae7ac812cf1f2548a33b67db2d4dd374bc8dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21facef1b331d2a63532cb8ece165a7f

SHA1
e9a1159c40b2c6457c352c47a34678a7b7c6dcd3

SHA256
947522ad1c127bf2224b278cf028c63b9788cae0ad8b397d476187d888521e7e

SHA512
87e611f7235387dff6bb238f6691f4e13ce1763f9cafc0aab32987694b4af0e46413cc6c217816a23e45b187632c417bc2df591325c894937ddd23394ec8306a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
52398b01941e1df4973fda6d83c331e7

SHA1
0dfd6255e8a84fd5d911de172633e3a7d7c78364

SHA256
9f11a6e43b7ba5f5c608d899122a8c5c454df6f8636832c9e8f5bc4f018ec149

SHA512
3da39c142833f26871bccb5c1ec98603ff7a358408f2a77c412fa5b2e070f6fd1a51fd8301c21f357203b6f97c9b53f4ba097be961611fcb6e673073ec1c2537

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ica3d50u.xli.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\evony_httprequest.txt

Filesize
168B

MD5
1ec3010c4770d4fa10aff203ca6f8271

SHA1
49fc161939de99a9a8aa276fb9a8a1a99ce384b2

SHA256
a7ab486eadf8005489f91fb56c4a1ca9d8c89a4317da8cbd63d91ea416f3af35

SHA512
259e750a236fb397b22fa63f3e96ca5683de5a5f863ad613d7110b5c015eafec176123a0a0f7fa3e8b6e219cf0e00d85d1be6326b413fd3a1cb84490df6ef6dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\evony_httprequest.txt

Filesize
440B

MD5
665861922a52398325eb6a8b2785ca33

SHA1
a673fc0def3a60c41a0289e0473d06602a5c5355

SHA256
ce83306a34caa0cb4b5e18def54677e7c744b82116a17dfb3ff592b82960d25f

SHA512
c16d5c4c344bd65b5df31164439cf12ab03fe36539011959401cb997be575e4aece997e4adf51db845531d5a6a1d6fcb449560cd27435d68e91f27ab408c69c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\InstallOptions.dll

Filesize
14KB

MD5
5d195f1ac9869c208f6c02a5bde6f9c1

SHA1
a8ec993a12708572ca8ca3d1fcbdc25230bdaf10

SHA256
78012f560bb917218435f4b3ef2e3491bab15647e11ccb90bc117731181134c4

SHA512
1f6a2e909e3a7188f24758715cdc7c9d8c17450a67c37cc74487924b00d5402c125ff8ec27b42038e20b560016f086b05133bf2bd04e670a1c46fa38c1b20672

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\StartMenu.dll

Filesize
7KB

MD5
c365c5ff6418efae5fe288bd0419fa5c

SHA1
62cecd954ef5645eeeeae44b05a29fc4a5fd5355

SHA256
88cebbf8bad719d06709e9e29c39d1abe3325ae26f8d65c101e50df3afdd9057

SHA512
06dfc1c25eccef1a1a43afa8cf965e08bef75a531c94a09dc9aaaa01d3eff8d91acd85bb9621fec8af48957d5b89bbb711326f99a45216517a4c6b35ed893564

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\UserInfo.dll

Filesize
4KB

MD5
7836f464ae0102452e94a363b491b759

SHA1
59909a48448b99e2eb9cd336d81d60764da59f31

SHA256
11adf8916947b5a20a071b494fa034cf62769dcc6293a1340b29a5bb29ac8e87

SHA512
5ed63eefa1b3b3caad4cb762ccb8419c05bcad3da3a7415235cda2d2a1f79eb018503ca30a0a92d6b72160327decea9a70c48e0c28de94dd67303d4aea4a02db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\ioSpecial.ini

Filesize
683B

MD5
874591ae60ff8c065a7a6e39cb05bd68

SHA1
ca94473b04f0bea7cc884cc1e0897b906b0439ed

SHA256
549915a3502763be656e8382c84c5ceb0aa9d04a87b4565bec8762b5f28f35ec

SHA512
1e76c5d8ed6c0b295a5ae2a8bc79d71cdd0301fd8646da10230ef5e05f7172aea35ac5639e88e8dfdd01c49dc65f6ce6379c9d689233c1010ebe9444f63e148a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\ioSpecial.ini

Filesize
648B

MD5
d4f18a3dc17713485d14c3ef334ba3a7

SHA1
c5e27ffa7596f6f6fcd8ae791afe96cb17efd21a

SHA256
70e29f6a81c1cee273c8100e8aef807dc6b52a2639d3d2b8aec40469e721735f

SHA512
7802be845d4dd6c9862097e9adbc503fdb0c47d11d7f173d155de88679d9e1e265dcbdb6e3daf64c2b0a5ea4073e6cbad3c0269f7f672796e9ac1c10d23174e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk7D13.tmp\ioSpecial.ini

Filesize
661B

MD5
dc93841445da6714b2759c8bef1f846a

SHA1
76bdce21486c55692ad2db39f3c46f8c87e08016

SHA256
6e7f5bc5a2df6a99e4df6337d7887a9e09e6b6cd1cf4fbb12541914035a9f278

SHA512
5f747a3882ddae4e8fa64e719d4a14ff0dd2bf3ddf8f2df9c66815ab9afe1c772cd5e6f2f2faf394e2fba7600fb2d5f34143e06af0704c0856d3330ada2908bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f0efd5d5ef2a70c99464c40a7499d56a

SHA1
91ba47241fba264f64b56bc3e181b92a839e056e

SHA256
d0bf1cae73754efd26a1da639cc5c06002c1b17124725cff7566b734edb18b81

SHA512
86df3ce18548f55c49a9be672f688f30515010d3004e7a404199f10dcd6f0d40e5ffa78ce01b54289da23b8115c4fb825df07460912999e80a6b86948e9b093a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b2c8ee4d3e0bf72bee548ae52c955794

SHA1
0d570b529e2021c6be3152674a91c9b94b285f54

SHA256
ff018f556ae7b744c1d4e7eeebf249aa3c91434fd5917093bc1e146803a1ae25

SHA512
bca1ec453c23eead6add5845cffb6f811001b9c09102797c92ee4386f31cbe71a5c7d289a3e19d0c683d908c404c2e8d05b991c92bde83ad38e8614e18c92474

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
0a39d436fcd24035974c44cdfbc52ae5

SHA1
d536749dc03ff9ded35f897ef9cdd8110368f2d6

SHA256
6c93794063bf0a9c2f078bd531d63ad16a5a0aedd4f159531cd6bec09ab88520

SHA512
b04cda9700773253d8acd17bda4a0ba675e81b6f91f451901da105fd06e57612c30300e345f5fd6cafc1891cd186dbf03438b7db3ce3f37b1d3a387cf710dff7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
89eb099ec80bb0f290d9a575456d568d

SHA1
0d84e6c68e391354c61ef160b295e93ed30accf6

SHA256
f74835292bf321be7b2c8dbe3ff1f7c6ea0f7c093600c8cc4c63ca89c6963d9e

SHA512
758ccb7620fc16e175546f3fdd8ef60be959bf18b333284e5218b0714f41f6b27a8d0f0d5c547f3a2716269450e052e7001ca9e85b69333245428d98fa14aec7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3943c6a6a58dd0a2d2131efd22ae2db2

SHA1
87be31048a32f5c2b8a590b0ac20ac6b1753e2be

SHA256
5d1111e490bde3e228ee714fb2615f11d4f417a86488ff4da9bf318bb1bf13ed

SHA512
72009d982bea25125cfb983e228fd07f95057ba288508f9ad86be5b7e7fbf0ea1a4577316ab7d6bc05d1be495fbcdb94181eb82ecf997356e85fe69d56034db7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
ac879903960a56cfabe2e853264e6868

SHA1
41c1239a508aa499434a00f6afabb1b3e7c31e99

SHA256
a171296d109cd1da307bfe73b516751023643c84b0f859f8ca108dccd78ed0c1

SHA512
905df577c01466a8896fc173d6d275157f00784419de6c9f6120e0cc13706d440f7bd8996f91c05742877516bb11ab29954cfef10d2caa71c8245389c0f5c988

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
6d451254069887558a714d980859265e

SHA1
40d03523b82c1b97042188c412d72d995a2e5d44

SHA256
bec936ac8b927f5bd0035739e0062280cc90ba1bf45ec7c0afa846687a4cfe4c

SHA512
d7374938341870fa242054ea8a2321894a5f362568290bb56cf653be1e42b59e0947382fc31d30a584f72bf9f53e11683e96c75c852a3d3af45140656537cfd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
080cdac4f5752e4c911dce3be57c680f

SHA1
c01a24ef936df71a8fb0b3d34cde757ef54df41d

SHA256
7044a5fa17f99f5fdbd3fc19fb6a06518e5654128bfe085696f02b9627f3219e

SHA512
f4e0b1e51e6b62ae9d4f74c48881dfd7dd0461b5598ecd802a130f35fa00a9419dc88b8f60184f0e81ca3853bde72e46c9d09b91c5b405e7a49ab1ecef4b3793

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a7ce0ff0e41473957c0fb6486e436b1f

SHA1
7ddbfa7a1b6e58b55ca0da2119173566b73b862a

SHA256
487bdd955e49a2323d1183cc2ddfe1ed0a3c43464e6634bcb1b5573b9f02a8f2

SHA512
b5c26bea1639d7a3411e82191c4fb0416e946c4eb289d8818f7de5bfee560a7e94cc3ec4f3524d22bce001892cabd3f21ea229ce4333d5a58d86f0bc735736ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 322110.crdownload

Filesize
13.0MB

MD5
4ed21d3a404c6af87873a2d6b33a5a95

SHA1
1212ea8928a64f86155ddc8d96f4aea76a1b957f

SHA256
9f33fd58e0dbbce2866959af13d6a7e9ac4d4e5121644d822b371906800d975d

SHA512
7fbcaeeaad685a0ee3470d646dbcf4feaa13425b6decbc616d675159bb9078f073667fbfb77d3d734d867d49ca3bd79512475b5dfba78c14a4e1632a01933119

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 322110.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.2MB

MD5
4123d2332f1eaac715e0b51d96942df8

SHA1
884338746dba0d71340e1f02d623f5df90bdb17f

SHA256
a673adc1845301d2018fa825213fabe320cef528bc67415191e7ed60e9ec5c79

SHA512
f1081bb966a67a81324f0b22f41dd8f41fc8bf3d6b32143e4b78002114a83445b4eb352fb1935129a0c2703027a21f99deee9f6e453c4aba26d6e41f857e79ed

Download Submit
memory/1740-4970-0x0000000070050000-0x00000000700CA000-memory.dmp

Filesize
488KB

Download
memory/1740-4961-0x0000000070050000-0x00000000700CA000-memory.dmp

Filesize
488KB

Download
memory/1740-4962-0x000000006FFF0000-0x0000000070049000-memory.dmp

Filesize
356KB

Download
memory/1740-4968-0x00000000700D0000-0x000000007014E000-memory.dmp

Filesize
504KB

Download
memory/1740-4959-0x00000000700D0000-0x000000007014E000-memory.dmp

Filesize
504KB

Download
memory/1740-4960-0x0000000070150000-0x00000000706F6000-memory.dmp

Filesize
5.6MB

Download
memory/1740-4768-0x0000000035160000-0x0000000035170000-memory.dmp

Filesize
64KB

Download
memory/1740-4969-0x0000000070150000-0x00000000706F6000-memory.dmp

Filesize
5.6MB

Download
memory/1740-4971-0x000000006FFF0000-0x0000000070049000-memory.dmp

Filesize
356KB

Download
memory/1740-4972-0x0000000070700000-0x00000000720FB000-memory.dmp

Filesize
26.0MB

Download
memory/1740-4963-0x0000000070700000-0x00000000720FB000-memory.dmp

Filesize
26.0MB

Download
memory/2968-7735-0x00007FF6DE740000-0x00007FF6DEF10000-memory.dmp

Filesize
7.8MB

Download
memory/3412-7441-0x00007FF6DE740000-0x00007FF6DEF10000-memory.dmp

Filesize
7.8MB

Download
memory/3548-4534-0x0000000005DD0000-0x0000000006127000-memory.dmp

Filesize
3.3MB

Download
memory/3548-4535-0x000000006EA10000-0x000000006EA5C000-memory.dmp

Filesize
304KB

Download
memory/4292-4648-0x00007FFEA9B80000-0x00007FFEA9BB4000-memory.dmp

Filesize
208KB

Download
memory/4292-4647-0x00007FF7571A0000-0x00007FF757298000-memory.dmp

Filesize
992KB

Download
memory/4292-4649-0x00007FFE93240000-0x00007FFE934F6000-memory.dmp

Filesize
2.7MB

Download
memory/4292-4650-0x000002435E2B0000-0x000002435F360000-memory.dmp

Filesize
16.7MB

Download
memory/5168-4500-0x00000000070C0000-0x00000000070CE000-memory.dmp

Filesize
56KB

Download
memory/5168-4493-0x0000000006CF0000-0x0000000006D0E000-memory.dmp

Filesize
120KB

Download
memory/5168-4466-0x0000000004C30000-0x00000000052FA000-memory.dmp

Filesize
6.8MB

Download
memory/5168-4467-0x0000000004BE0000-0x0000000004C02000-memory.dmp

Filesize
136KB

Download
memory/5168-4469-0x00000000054E0000-0x0000000005546000-memory.dmp

Filesize
408KB

Download
memory/5168-4468-0x0000000005470000-0x00000000054D6000-memory.dmp

Filesize
408KB

Download
memory/5168-4479-0x0000000005550000-0x00000000058A7000-memory.dmp

Filesize
3.3MB

Download
memory/5168-4480-0x0000000005B20000-0x0000000005B3E000-memory.dmp

Filesize
120KB

Download
memory/5168-4481-0x0000000005B60000-0x0000000005BAC000-memory.dmp

Filesize
304KB

Download
memory/5168-4482-0x0000000006D10000-0x0000000006D42000-memory.dmp

Filesize
200KB

Download
memory/5168-4483-0x000000006EA10000-0x000000006EA5C000-memory.dmp

Filesize
304KB

Download
memory/5168-4465-0x0000000002170000-0x00000000021A6000-memory.dmp

Filesize
216KB

Download
memory/5168-4494-0x0000000006D60000-0x0000000006E03000-memory.dmp

Filesize
652KB

Download
memory/5168-4495-0x0000000007530000-0x0000000007BAA000-memory.dmp

Filesize
6.5MB

Download
memory/5168-4496-0x0000000006E80000-0x0000000006E9A000-memory.dmp

Filesize
104KB

Download
memory/5168-4497-0x0000000006EF0000-0x0000000006EFA000-memory.dmp

Filesize
40KB

Download
memory/5168-4498-0x0000000007120000-0x00000000071B6000-memory.dmp

Filesize
600KB

Download
memory/5168-4499-0x0000000007080000-0x0000000007091000-memory.dmp

Filesize
68KB

Download
memory/5168-4501-0x00000000070F0000-0x000000000710A000-memory.dmp

Filesize
104KB

Download
memory/6536-7730-0x00007FF6DE740000-0x00007FF6DEF10000-memory.dmp

Filesize
7.8MB

Download
memory/6780-4513-0x0000000005ED0000-0x0000000006227000-memory.dmp

Filesize
3.3MB

Download
memory/6780-4514-0x000000006EA10000-0x000000006EA5C000-memory.dmp

Filesize
304KB

Download