meduza | d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae

Resubmissions

20-12-2024 21:57

241220-1vd23svrbr 8

18-12-2024 19:52

18-12-2024 19:51

18-12-2024 19:31

18-12-2024 19:27

18-12-2024 19:27

Analysis

max time kernel
1183s
max time network
1182s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf
Size

93KB
MD5

fcd1cdfe358c3b7c95e10cf72dbf727f
SHA1

7c5c487471db6b1702085fd880a931a819baa264
SHA256

d95ae7b09fc599fa5ef99c04131117f9b8f9432b3b4aa9cf8492535f8d71ceae
SHA512

30ca7a429aa4b1b3a877c6b8b83e3f957c2cb5a7a06d2ad63e0be5e85ade27f0d3255d8c0c671150013c01546369052882f5db77997f3980148a8b7a3a47caa6
SSDEEP

1536:UHedaEV1N3QjlwBgiZDASIKwJJYut9OLod6/d3Vb4fcXwWx+7oRW8pO+W/O:Kedai/3ywBgirIBL1qd3VbrXp+7ow+D

Score

10^/10

meduza microsoft discovery phishing spyware stealer

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
6
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 5 IoCs

resource	yara_rule
behavioral2/memory/804-1053-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral2/memory/804-1054-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral2/memory/4444-1058-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral2/memory/5904-1062-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral2/memory/2088-1073-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza

Meduza family
meduza
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: e^^QgPA@G^
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	Delta V3.61 b_55245761.exe

Executes dropped EXE 12 IoCs

pid	Process
364	Delta V3.61 b_55245761.exe
460	OperaGX.exe
316	setup.exe
6132	setup.exe
4956	setup.exe
5240	setup.exe
1548	setup.exe
2700	Delta V3.61 b_55245761.exe
1624	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5536	assistant_installer.exe
1956	assistant_installer.exe
2768	ContentI3.exe

Loads dropped DLL 5 IoCs

pid	Process
316	setup.exe
6132	setup.exe
4956	setup.exe
5240	setup.exe
1548	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
211	camo.githubusercontent.com
212	camo.githubusercontent.com

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 1544 set thread context of 804	1544	setup7.0.exe	150
PID 1472 set thread context of 4444	1472	setup7.0.exe	153
PID 6092 set thread context of 5904	6092	setup7.0.exe	155
PID 5672 set thread context of 2088	5672	setup7.0.exe	159

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ContentI3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Delta V3.61 b_55245761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Delta V3.61 b_55245761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Opera GXStable	Delta V3.61 b_55245761.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Delta V3.61 b_55245761.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	Delta V3.61 b_55245761.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 635416.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 1796.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
5716	NOTEPAD.EXE
3908	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
3508	msedge.exe
3508	msedge.exe
2004	identity_helper.exe
2004	identity_helper.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
2384	msedge.exe
2384	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4004	msedge.exe
4004	msedge.exe
5160	msedge.exe
5160	msedge.exe
6104	identity_helper.exe
6104	identity_helper.exe
4308	msedge.exe
4308	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
5172	msedge.exe
5172	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	804	setup7.0.exe
Token: SeImpersonatePrivilege	804	setup7.0.exe
Token: SeDebugPrivilege	4444	setup7.0.exe
Token: SeImpersonatePrivilege	4444	setup7.0.exe
Token: SeDebugPrivilege	5904	setup7.0.exe
Token: SeImpersonatePrivilege	5904	setup7.0.exe
Token: SeDebugPrivilege	2088	setup7.0.exe
Token: SeImpersonatePrivilege	2088	setup7.0.exe
Token: 33	3904	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3904	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5020	AcroRd32.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe
5160	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
5020	AcroRd32.exe
364	Delta V3.61 b_55245761.exe
364	Delta V3.61 b_55245761.exe
364	Delta V3.61 b_55245761.exe
364	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe
2700	Delta V3.61 b_55245761.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 3296	3508	msedge.exe	86
PID 3508 wrote to memory of 3296	3508	msedge.exe	86
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 5100	3508	msedge.exe	87
PID 3508 wrote to memory of 2304	3508	msedge.exe	88
PID 3508 wrote to memory of 2304	3508	msedge.exe	88
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89
PID 3508 wrote to memory of 2412	3508	msedge.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fcd1cdfe358c3b7c95e10cf72dbf727f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5020
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3492
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CC216753D0EBD3DF4195F36D5BF1BAB2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4504
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0D23329FF2B4EDECF58F896AE9AD87D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0D23329FF2B4EDECF58F896AE9AD87D7 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=91DE5F58632E203DD12CA7C1F2BC950C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=91DE5F58632E203DD12CA7C1F2BC950C --renderer-client-id=4 --mojo-platform-channel-handle=2148 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=95C8745A48C97717B303D1F7DB461C75 --mojo-platform-channel-handle=2552 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B47D0A8B2A56B60D98EE379E3B51D60F --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2168
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0DE9D85F412DEE48EE759F0B309ACD7 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1eb46f8,0x7ffab1eb4708,0x7ffab1eb4718
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8068 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7996 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17882875226022745483,12149662765002364150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5992

C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
1⤵
- Suspicious use of SetThreadContext
PID:1544
- C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:804

C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
1⤵
- Suspicious use of SetThreadContext
PID:1472
- C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4444

C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
1⤵
- Suspicious use of SetThreadContext
PID:6092
- C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5904

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Setup5.0\setup7.0\PhysxExt.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5716

C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
"C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5672
- C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  C:\Users\Admin\Downloads\Setup5.0\setup7.0\setup7.0.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1eb46f8,0x7ffab1eb4708,0x7ffab1eb4718
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Users\Admin\Downloads\Delta V3.61 b_55245761.exe
  "C:\Users\Admin\Downloads\Delta V3.61 b_55245761.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:364
- - C:\Users\Admin\AppData\Local\OperaGX.exe
    C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:460
  - - C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe --silent --allusers=0 --server-tracking-blob=NDU2MjY0ZDYyODUyYmJkYTA3MzM4NmM1MjdlZWZmOTExYTBkZWIwZDA3Zjk5MTUwMDBlZGM0MzY5OGY5NzhmYTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zNTc1JnV0bV9pZD1lZGVjOWVhNjM1OWM0OWE1ODA1MzgwNzA2ODkwMjM2MiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzQ1NTI0ODYuMjYzOCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiZWRlYzllYTYzNTljNDlhNTgwNTM4MDcwNjg5MDIzNjIiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJhMDMyODFjOC1hZTJiLTQ4ZmQtOGE5Zi05YjdmNzJhMjdhYTUifQ==
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.89 --initial-client-data=0x32c,0x330,0x334,0x30c,0x338,0x71442d9c,0x71442da8,0x71442db4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=316 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241218200809" --session-guid=2e1f4594-1e7f-49a9-bbed-829628084823 --server-tracking-blob=Yzk4ZTI0OTZhMmY4NTM0MmYyZGQ4ZDg5YjI2M2UyMzgwZWI2YjkyYmZhMjMwYzU4ZGMzNWFlZDBkYTQ4NzE1Njp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zNTc1JnV0bV9pZD1lZGVjOWVhNjM1OWM0OWE1ODA1MzgwNzA2ODkwMjM2MiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczNDU1MjQ4Ni4yNjM4IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJlZGVjOWVhNjM1OWM0OWE1ODA1MzgwNzA2ODkwMjM2MiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImEwMzI4MWM4LWFlMmItNDhmZC04YTlmLTliN2Y3MmEyN2FhNSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1006000000000000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCC192975\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.89 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x704a2d9c,0x704a2da8,0x704a2db4
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0xd44f48,0xd44f58,0xd44f64
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1956
- C:\Users\Admin\Downloads\Delta V3.61 b_55245761.exe
  "C:\Users\Admin\Downloads\Delta V3.61 b_55245761.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
    "C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2768
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
    3⤵
    - System Location Discovery: System Language Discovery
    - Opens file in notepad (likely ransom note)
    PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3884 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14807116410595137981,6489070335461137539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c1a36e6fb6044cc789f383f8a1704401 /t 2412 /p 364
1⤵
PID:3868

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\5d2715ac9f594b40bd246bf33d1473ff /t 5504 /p 2700
1⤵
PID:5456

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\ICSharpCode.AvalonEdit.txt
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
3cb8bce1ab542acd0357525929c1e705

SHA1
647928c9fa6e8d37c3f6e1eeb12ff66aa5f57df6

SHA256
d36ae620977f60e85c145550f0e51de68e225bd8c71fc942dca5b502fa850abb

SHA512
f80dc4a3e70e21887930959e478e77c95237769e4790fc4df091abd80c3e959e4fec3bddecf7532c0a8ccea0a1c03c882a02ea78a82d850b40f25305c3e6ba71

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
79d5e17c709257fb14f11b4682f7c65f

SHA1
6e489806998b207dfdd5f2207badf1eef08ca4da

SHA256
15fc87f01d6610173445d017990c940eb547f37832b177ba63776b3f931d9e2d

SHA512
8e65a2beb08d45f6ac68bed935207cc812f752f8c2d356f6e236b46a9dc2448c4a3a9c364724209d79dee1a24d9e92bc116938b62e2ba0477e3d694d2965c442

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
7aefcbe123900d46bc2849725955b7d5

SHA1
3ba39a1b9966cf9e8207c2cb32c6bdaf024d4351

SHA256
4f52d8b1a17eeaf96bc3a198a59d69197329bff7931c0d13fbfc8667cfd7e3b7

SHA512
59850a50afce8d643455b470835b5d0fb563d8720f99e2df33e3ecf91d78a4d819775e62c275bc90c7655a0b27d4cd7a714b51d4308c286e1a8ab94ff9c6aadc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74d75945aed1c6f3a3ecf9ef23a30acc

SHA1
7d49a615f48589f735b7dc003e83adabe7331fa2

SHA256
91ff472b5efa0b6dea52621534a58a90e7f6de9234c81658f939da89263c1da6

SHA512
98ec24fef768c385fdeb518beb0430510553de5d4e41dda8c7f737e44f9cb072caff867a2f6f4ac0b11303145e2de77e86891ef89ce40544e57c1d8f44b3aee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcbbf4e2fef25fee65008a76505d3087

SHA1
812c0f76f881ece87084ba8089d2af7932a6c119

SHA256
5f89e2800bd39c0b0f7d5472c194c8498beb6021231b94cf26a4bb46ac6e9074

SHA512
f228845a5670f4802fb405a6e0897664027c19ed7d7abac247ab6eccd8d53a91a23d5effe035fc093e497b2aee61f76152025c74343725f7af30ffe9971c403b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
d458599825f1991b12515799ea5c21ef

SHA1
473f5e31b20136c270cb4c53b4ccdc8ea75b1afc

SHA256
095bf74a4d0ea0c8abbb03e1371ed4c85d26e49d7218796934b784a08138e90c

SHA512
dccc6fe06a766f706441638487424e5d11648b2fa549dfd0f2282d5d2dfa554a2e4190de01397402c49c4e394676afb8a3a3def150ea066fbe8b86d3a7bd7e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
22KB

MD5
2b41d3512250b9521aba871a5707cf23

SHA1
2bf8a039e31b6a549d10482f58d9ae7823ee012d

SHA256
a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

SHA512
9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
40KB

MD5
b786554392ab690a37b2fc6c5af02b05

SHA1
e7347fa27240868174f080d1c5ab177feca6bd84

SHA256
ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

SHA512
b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
35KB

MD5
bcddce72e89d14010a2246ef1771fbaa

SHA1
7da33bcff5a929ed54a98c82a13aa6137e11124f

SHA256
1dfe5319b74457c58fc84904e2b6b7feeb4cdac5c301218b78db6bd45f83581b

SHA512
3c8b5d663c44ee042a21437714e12d352b827f2de319884aaf7156a68aa4378cca8d780214c28a76f0ce966d79a2b8ff03f37e0b0b9ebefb8d57bc9fe93e1fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
52KB

MD5
feffb155e7938927bd782834ea399252

SHA1
b0f1dd6f1c67f41368ff2917f4e0eee9ea98bb35

SHA256
f5040030c35db75ec42f437ab68b3db826c202cf2d6df7b8621567d1de400179

SHA512
827b0a8ff4d6746eb759ecc08519f33ede8709e28a1412d925e99f83bd212f2c4307dd632093fe3192c36cc5f6eb91837b11f385295391b8a242e41a7b2dd45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
21KB

MD5
bdb44d498ebff196c9b89546565791d4

SHA1
b8db08f303efd46d0bb94289d2ae4e0f97dee07c

SHA256
a545f8661b6d68eba2f819a1a7a9a1d97751e44ad77f3701abba11ba08be43de

SHA512
3b67d824b74aed0785cf0ace91b20807258c38c309cb915a67707117df166dc136ea40a69535cfdb38bcc91312f66d714a2ce7cc4615aaccc6ed210db2b2ee02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0143edd150d6fe42_0

Filesize
1KB

MD5
8b29423dd3eab8354af002422f0ed092

SHA1
697b16beb9ae44ee228f6fb3e244f828bf87498a

SHA256
701763d3f2e7b24ec0a978cbfdfef1f50206c1a1bf90e1b28442e086f710339d

SHA512
09feb25f4df7214bb259786794ca6d4e75da22048cbe70bb581a8dc2e15507f3f1f78929948b29c4f42e722f3979974640b1ab7c366c3c3e364e4376dace5413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
b166656a54c46e696bd1a65a1a6efbe4

SHA1
06aa9cc35221c203ffdcc2e621b4aa8ad6d38f45

SHA256
6cde43eea4c306077838e0a0f86b145db60e2def9be7df321fe853b0455fbdb3

SHA512
dd64a9d45efda77b2caafcbc2b8610f154c0d4fae8b5fd2f9b48f87e3a1e5a816bed73ab2ef5e62d775b74480c16c102ae2adae7401b3b6f29e152fcbc64cb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
6a7f434804c323e6dd906c402a282b40

SHA1
ca8aa9e701db4d26851e41f5e785dd7706ff84c1

SHA256
51e37f0332f6c2786457bdce9ea09dddfa5863e2e947187a360736d075645842

SHA512
9b7eb3b212ab276ed19c7284be5c7b11d57c34c93d4d138cbcd7f390f24a4c5bc62b1b796d29a20b7715d76c46a0d7dfa968f811d3a99053bb0b71b3d321ea8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
0c6dfc03f1d5fb5d8c5b4bd3ba443c1d

SHA1
ba6782b5a886cea6f3754db0b655aff46b418170

SHA256
35ae22bcea1473376a794b04bc317c1adaa551b0d324c003358a1c5db189ec13

SHA512
c64c3a8600a74a21c3a9ff5c852c00dbd17d448e06b76b02ce0e08233e411532547cf53001b544592838e870540bfde5f9c93625980c7bf51e0f396c7d6b59bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
00496ee7efb78e033b295ad2a4406401

SHA1
e114908da356d79dfa28dc5b81dbe9c661acfdd5

SHA256
a9c2c92017c3eb61e89aef798df91e6bb1da0518039431e341ae3446369e28bc

SHA512
1db8475385c670147f837fa31075bb9a8ab3f976a8846e59d4d41e47d4c81172c08055c7c7596c876cd041fe3cf706b836373c0ba09692b6676a3ae08ea43fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
013eac38a3229db449a0b74d4d9e1494

SHA1
235f3ae36f5889fc3f459777c50e9e42918db26e

SHA256
29ec55eca48e07fe10898ea7a010f2c5f089f5dd6ca4c4e255848b53b1372785

SHA512
1704003de76d7b30c0782a672070633510b60ebecf5649cba220134b6eeba0967e8488116053d4609ef1a06c7b32a59c64960bf9460401ea9ee63b53e1ab1be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\163cfbbbd670a71e_0

Filesize
4KB

MD5
275bfd7d385f25cb3b13403e813679fc

SHA1
ce046daed23c7480da1c82f6bef041f9665bcfb6

SHA256
e88fa2a0c1f54f8495e779bfa9be32dc9f5022f0f7efbdfeec9164ef9cc71f07

SHA512
2758d465b2fa5351beb2fbff206e8625e72bf1c8c5e76119373196240197d3217d565edfe00150cd54e2d2154965824ac137bfe2c5deae2b8b26ccb5b31ebf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
27cdffe9cf7f98c4c4b5f6ca25219e32

SHA1
13c2c5045e88ab6e3d15f8f76f663632b706080b

SHA256
4b85e60f2fabf3f0d6a2e130d6d1e44b598db091294fafda4f3c8535f131c6e5

SHA512
3d40c35837f17331e7bde2896fb14470b9e125a1d8e266937be1a7bdcc3cd6d2f62f2dbe6d7e4eb62428993e101bd10b9342cf0b20e6cf290a95fb69f20b4c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
8a52b5b161ad3934b839979ca68c2200

SHA1
9e6b728c2161fdd22921ac6f1347c336fecf4bac

SHA256
58c59ebec44206474aba9c9ef544e7c4774f704e7b48cba619d47af09a26000d

SHA512
9f78ed7f9bde57ef56b85d0473908d0cb8ec0ca17e5026bc4fa66d11cf4de2553f6f5135b6ff76f9816cdd835b214e544af6d86bbba53f52cb680fa9ddbf0a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
a30496853918f13edc2a0687bb3266a6

SHA1
dfc12336b38408c9c49e2f42bfc3cbb7f7c4ba98

SHA256
6f87a9b5c4a69c734a156389bef4457e6fc39bfbdfc0ee1c08eef166dabbdc01

SHA512
1d25725387039e420ff02a94c8ee15febdc3778d6641c6792321db2a37cfb17978c9639bf022c139ae8436110d0d08d8b811d363b76d107f56a8b2dc26723f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\378757bddf4d4f48_0

Filesize
22KB

MD5
fd3d905ee478bb19d2d96b6b472f319f

SHA1
4abbbe76998e2f5f3836c557070a009e6760977e

SHA256
27b80c268c190fd3024ceca9abb434b1cf63f9ecea58f0c31d7e5f43aaee998b

SHA512
0e5fd860143522f0d66fc75fc79f01b7cdddb7b1295a98c01fd05e8eba951ba6f6cb5ae8b2bb115571a6e3025e32c4709159801edd3556ba53a4f78886cef89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
8f194254fc953bb9518ae448746b5efe

SHA1
3a47908844930b45a42572f28e188e9e158e9dc0

SHA256
c7e88aab2f5ed5683a067681d18f0d6dd90f5cffe491a63a026654570aa59c6d

SHA512
9660390117b86dbb6abdc2ea49583307b83a331ce482835f5443edb8cd8989dc20796c3868f024fdafa73d2b60c3f405e5992a69d198e2c1d0f7ae7e685edfbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
d603ca89b70e0c9dac5e6f9d4b887816

SHA1
c50f0e14493f5396a8882e2f8b9760bc18e0a5d7

SHA256
21ca13bb61160a21fb260f6fecc8a3592e17f60d342fff71e27436816922e140

SHA512
310d2e455f3f40b0bcade63e1e9bc165205da83712e15fcbf0b120e591b4dc0bc7664e2202f32f5804b31c85d31a5cb55222ffe5335cc31efc05f42ba7276be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
601a77c3496e87656ce32c39d97664dd

SHA1
f33e0d380aa03c25dc4b0e882503a1ec4cd4412c

SHA256
bc32969698b041a390985f883032b9c1dd70e313d58a91a9a830fc91e2660ba7

SHA512
11fa633ca9651f2bd11fc3efd41d33a3775a0edf06753af1acbd25ad4b55c8152eca5b16fb3bef5649b2f0844736f26a567406b7eb80e66e8ff71f39f0d6db33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
3efb39f8b9e60e543030566bdb53dee7

SHA1
40bb84d7991e0c2cf2161af0097ee88732ae9ddc

SHA256
e28f4ec1d712ff82290f6bd8a1bf311958af3a214b4724283a30be2a3a094e13

SHA512
89e002ac4496f3359d5db892c0672997f8d642a877a2803987402b3aec81c5ac7b766f3822e1986435a72aff4220f3bc124fb90b14105d3fe96eaed159c23f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
493548b076408b9823aa95d2a941c497

SHA1
b93c2ebaa2b8074ef00c809b42b0225b929793c7

SHA256
9eff14de5460f20bc8c6711edd7d7dd847513ec053e3d0e3f82e9e5479cbcb0d

SHA512
529ed26ba44aaec1bd2786848a6bd222948d5f373cac99c87b33e20ffe867c31beadef5b78966c7c26886d2927c68a5197db00e98f90407ec57f9bec4ab829cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
94322644c4c7008ec89cbcbe83421252

SHA1
4da642ca49a6194c2381a6947c4e128f865a7a20

SHA256
7fb995aa9772830dec641af624e95412398e02183d4d2574ee44eb496437606a

SHA512
4db71966191edcc2f9b5098672b25fd98496a429d44733a4c216fc8a423479ca31d9e441171808891f2e46c846209f3d7170eb1fad15b87eb1881f53d9277743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
cc8e3763a41681733da44ac539294d20

SHA1
ba70341b1cc8d6e99bec395dc0de38202ae9a785

SHA256
794add80f32b67ffdd816513bf9578db875ac86a9a996f8c9cb34ebf3966b715

SHA512
4a074bb8730241f52c2ef16ff8e99184de22bae70ef60d6b18b4b9b1c3a445059ca309b9b66cef137d6a8887eeab556c4f41c8da767b63732c51f04dd4f52dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
54ca1d82a59789c278ec8c4f45b9fe96

SHA1
37d6ea6e65dabc651f049204bdb260038bad732e

SHA256
af01ae752a1b9807871880e910e3f7f249aa8c73ac9c2d2e3bb98c1da8298866

SHA512
f707747143d40dc442be299dfa26c2157b862145fe5cbbcd7c9e50fec33ac0a79f18e27aabb4f0beceb7aa538126a2ea3d77c0db812554542ea3186858aef4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

Filesize
11KB

MD5
e4ec539e0c5c5283f71533041ec18d03

SHA1
b64f5a7c4e09e7a936e1cb6e2b4ef54d964f0370

SHA256
87b7550a452630481fb546a7d9f579b5af414e003eef58c07a6403aab08a4590

SHA512
557b7456f13e5528fa90aa58480c5918bd990526823833822380f06ffb80f59327c3f4195941d1dec4d6af2b481304760f0512c7646df0206fef0f47503c794a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
d220c53db42eda1ac557303acb4b2d33

SHA1
1af1dae4bd0d174aa0d565359333125963fe0186

SHA256
39be1034190aa40b4e34cd401d7e1c250d1936b95991369b9086473561912991

SHA512
16c7d7a9b4e8ea6da21b85f8c858bea5e098409fae879e4d94b4346958846deedc9765df6c07d84b3ea773032097b7bf728c0d7380514c68a30b92dc5187d41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624c9bd517fc9c91_0

Filesize
1KB

MD5
22888514628b1f0e936c13981fb7301c

SHA1
6d92975e3d7fba5d8ea257950a7375b45c09ce11

SHA256
b1e5609391682175b57c20cbf7048146d5e3739c59a925def9cede55fe7b3e5d

SHA512
a1f203538f93c6abcfa26794a1772978bb5702f00bd7979ef3ec82b5ac00e32ea3200c7f1fbdbc26b5502b66f9995ab50290924f02f9c2a49ea7a35a03975a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
f749481a1b22101ab7dcbeb72d4ba551

SHA1
72a2653264ea2ccff36dc12b671d6d9a3c1cae4f

SHA256
78a069ae40be189d9957f94afad6d43084bd9f30e4a22adae0875dce91222a66

SHA512
5c4365a2d35dd8e2389658aadbcb24d12644ea1ae993501e8adb70fc5c2ca4ba5b43aab8ab3c562f64c80bc961de1e7bca13630a466b058600915084df470ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
e015cf4bea49f30a7fa29759117e0f48

SHA1
feae662e0b1c7436409fc9bcf24830646f95e10f

SHA256
14bbd17cf989e3a254b490ed0777a331d795146b83afac3dd0f3ce0ed578f1bf

SHA512
77a913611ea5d81c102faf975c60cca37a4f4ffc6e69efbb99b27ac894aed19134229e1113d3d14f3d3bb799727f30a34ef1428d6c9627a9cc8b77f264f4d708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
9ce7c40962d513fbef9094e4f2227f12

SHA1
15f9b452a49b438624887d2c0f4750f3de176d82

SHA256
d1930f3af1b07a337b5789dbaedbee3c76aeaa542309753cbde67bbfd34efd07

SHA512
1816f26cf9a1062116fc7503f2fecfda47a1760af2c5e2caef019ab33a700207561784cc55134d777feaf9aeb2cbf228483017d0118704f9e3901630d60e1643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
89950dca303a9b63e08c9899d9bf8fb7

SHA1
bcddd93eb8d6e08d028bcbe877aba6bfb14e24be

SHA256
26415602069044363d81d294ace9be09b6eec44e6e0e1c75210fa8b4734e7ccf

SHA512
87059e1bdd8660f5eee6512db1d8a5efd9b169e73281016d4cec7f5cd689e03885c81aa13651608f6544eb481aa768f4e45eafe2a0cca8152108d9b85f64ba92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
7eb376cc0292974c2dc3506c69676012

SHA1
b1057d5cf388aee9c71c6aa55bf9735c3310c087

SHA256
2e526d773c9fff0651e5b35fc46b6bd5c2e492dd43d624a2158dbea655581885

SHA512
9913cdc6e26aea37314f1732b5558c7f07903f1e877e3f62b82946cc242c44753147ce93902198e94595b083ba938aa9d845e0802cc9bd5c1b455697e250c0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
25fc7ef5ba4ca1c39568dc8f67a999c6

SHA1
cb91ad4a495b9e044abe42f5b4e580c07deaf800

SHA256
5974fb43094ee2a8293fb41c0cef6aa3776725f0719e66156c80fb045fd07eeb

SHA512
9a00f02d3b460bd8095a063dcc1f034e7ac8f429097102756c4f920ecaa194fd5be91e801ade7f5786620e5b8aca606d6d7949424b46312718aa75010037cc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7506d245938c8e3b_0

Filesize
75KB

MD5
0eeae7fedb9da1d026ae3213276f586d

SHA1
c8f05f74175689a2ad0040385019386c1dd95179

SHA256
8017d9338b789b9cba3976bee639aea1e829ff2e9cc0005fa5766d542a5494d4

SHA512
a53b89775e4cd757d7906849a4026eddbc2ecf8cd62d414961a435b9ce6448480a326e4a5a8b4097d64af8c4dc396756972892023323b234ed99650fd571c038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
77f49698ecf492359327dd279e6e732c

SHA1
41e3ef36b3bd1c9a1fdead1ab3cf9674a4186217

SHA256
8650bbe0a4fe06dc6654750cba336051eddf57b13e89f588684b8361b70acc3f

SHA512
afc3d65be3c5ac233d89c06d00c07e9e89f52f4c1b8a7a3ded892955efe08437605f5474e98da92c29847473162dd5ffe4265a65a3858989c70bf5a4e5e40c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
fe6c740a93b816169cddce46a35382c5

SHA1
0110f36e8f5a7eefd1e325fc0069ba3ed74a0ba2

SHA256
6180f93a4dde2a7839854d2f7053a2acdf6b61c4f913d1a2b3756e5be1bbb88d

SHA512
66bc603306409fb8ef126ff5bb041c7e1f42019cdaea83e1b19b27469a5e093857b74e814f93480f537fd45f326d74f04b146a8606261762fe443ab2424c6b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
c22af2ec1088e20164fdd8615ad561e7

SHA1
1dde77313319475134b903d77e330ae302f32557

SHA256
3dcc096bd0289294d55d65f37268d978f94f04f85b0bfcb8f1b894f71eab7c14

SHA512
3f065f67c9501f0b017b8b72e9a9cd35098d6c7bef5ad34c3cf9173bff611ebb3490fbb43977441125b8b24a21735fa5deaad53ced8d1dd1332413dbe4ec19f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
7KB

MD5
58cacc58d2f66be6c03e58b9397d7b9f

SHA1
8f62c02e76f471d35b0316fde85b1bfffba2d26c

SHA256
27f2bff105b6d96213d2bb1e0861db2e94c2f40598acc59ed3db4e3096824fb9

SHA512
b3bd9adb300519cd6fe4504713bf34478811d3f956584c64f8d6205468675d06e93525a6262c1353546ffafb3b021d2ac7400d412ead067485ce86fee673b27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
b713a9cf4e89606241c394828c9450d2

SHA1
361f088204b16cfbbf2b321d789d8f0d879668f1

SHA256
7daa12c8d4e58cb8ab9c8cc9e8da37836618e20db38fff0a3fa19de3a829b8bb

SHA512
4304d820d7ed2cedfc7e41edf9194a8bf3e081655558156ca8247f6b8904435b4063172cf7fc4ab556c200ce42e2ad8f28dc5add1d51f1f391111dac5b0e5655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
f9bcfd8e182f9c4184b786648da658fe

SHA1
bbaf058e15e087b76b50e63b62347a5c8cdae7ac

SHA256
aa1a0ab9d0499451d933c7cd9842b262942fbcdbbc76f9efb4c879c18e92d656

SHA512
5202ae11c36460da9b8f6d6b26dbe82209a4d39ed123ab96e2896d8c8585bf90ceafbde90f9683598c9d0cb7093a95c7cd4ad0993b9b1dd4d684440085bf0f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
745b7787446c4710636800349b473204

SHA1
60073e1f63551dc1d07239eb75c250409cac89f6

SHA256
2c6621113bc0c6d72b1b5cf394f0765c2d991736014451c63e5c4dfcbc3a8a70

SHA512
b312a527b4991719d8ca1630919786f79ffbd6a41d4b1a0098f32ef3d45beae3cd6536d8f99d8217e7e1a65dca8e3b3aca73f23da425f15deafd4de96066d929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
2d6d554a18a1cc0894f5dc9038fc919f

SHA1
574c3fb7c858a01d650b60a45bc917145578999f

SHA256
138b1e9ece6ab0be66d58ea55c9ce15aba62ca17811b56685daa3fcb046b0bfb

SHA512
ecb10d725a332c32b2e82b4bd995572afbafde1ab4c07477b848997adce93b6e67d1dfddfea509140b7e29ca650a77e7bb875144034fa287f704813d65f0ce96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
0b910dc5b728a2fb0a36e74fef6fe1f4

SHA1
f310f5058e48ac77da674c76757a117d3084edc2

SHA256
7a0e2e4c2ad348163f20f6bc9b7eb65c2d3ead715485e47cc63a8764f3f51243

SHA512
94545e82e4888d512419b10b922af27f20c42b83405ed54f5d9aedff3e79258fc56f492dcd29e885e346513c2caff9f525d0c714d8f76ea4fdb6fa2e831557f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
f5a8d5515ad11736b60dd14ff761f22e

SHA1
fe4780cf972dc0528c193319bcba26289270c657

SHA256
b879994090d152bdf9e42c9852af809a61ecd740e9bfea20bebd620229400346

SHA512
56c1ffd298cb3c4e0ca7b56d9e844477347889135d55ad66896424c39715578a97dc011bed1f0cbd5a2eed5a2cdff60fdea2048707171a47e9f276d99d256b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae2d9ba42a253ec1_0

Filesize
294B

MD5
655d5f22d00c3ba8c15d7796219c87a7

SHA1
f63b4abf2054578cd4e2664f841a175807ae3d72

SHA256
3fd866c187714bb57ad6c3b6546ea1711e0971bb0a5ebbb462b0246b7d398707

SHA512
620ff070c0733f250f190c0817fe8ecafc4246969843387e0873453bab2d12bc741a350c70763f21d7382acb82e909736f906b1941d895127fcfd8c243e1a2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
db3019c646298ad9d0df02cb622f12cf

SHA1
2dd6f1d216034e60fda0d90e488b564bc7f692db

SHA256
0825283370dd7d038f16608e239337c9ce85b11abc8b01892e4b9ed49ac48114

SHA512
03daa09c5b8530ab4667f9137452fdf7dc6e42de511037d4154081db57ec13db9c0eabd4aa95971d423f84cca54415f972651b9311eae549c97b164bee5e2aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3228445a377295d_0

Filesize
198KB

MD5
a4c7544f3a198428da56976281201440

SHA1
ff5da0641aeafa4d11462915b3b942df5c480c84

SHA256
66a5ec90a810c55d0324c25cf8999d1e06aa4426598570c762b87f30d95fadbb

SHA512
cfd6cd5da75808d893c946de161c0dd786433f3bc1813f879ed061c3935806059dcb5469857a5687ed34dee34e8b5b68dd03fe57b1d1f3f99a832915fed4c1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
7d9480cd5bfa89e8bb92a4248f02dcf3

SHA1
6b676f4176b2a9a696812a47709e022bec2d667a

SHA256
e0a1cf88f4093119e009d6fa93d4d311a0bcf1ec8f13d8fa6f3b2c65c838abbb

SHA512
20926649a3589623f4f4e91a8ebf7515339356634092a321c7dad82758b5fe425c1e2285f67e7b565ba00001754d3594fd917f0ffdd3466021a5da1c353fd59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bbfea718d84779c3_0

Filesize
14KB

MD5
efb2a402d30236c7da5b1cd2a48b8c1f

SHA1
f826539c2e6a89c8c0f1dc65955f3df850391811

SHA256
0755e2178bf2eecd43005f7e23d5453d19b1ca01d94c5dd67251489fa679398a

SHA512
dadac03064709e428383fd6e0f0850ca7980b230ab98a6df20c49cf700013c309b76c2c17470ddf35d73aa6f41776fe0b9c7c5d5bb66b533d6b6aa1a080869ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
9cddacd18064dabc7b6c4c7fb2fb9a58

SHA1
d6d545109eb86b00d8026302c4bb4a46fdb708d8

SHA256
2f64b56dbd937d8b25c5bb0932e8f125bf42c4c2c25ccd3ee8bc33f317ab89c6

SHA512
bee09fe42e5f93610ae32da0ae69261e10a65dbf2671a80ffce54017944c6879d81f9978cd5e4361b39ccbf2a8fac01dd43fbb1cdecd14db35a8e2bbbb7e33ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0222c35b4c7ea53_0

Filesize
175KB

MD5
e230f70980a4348b95447f03e4747069

SHA1
050a031f728c3dae26ec1efe1b262431cb2931c7

SHA256
2e6ed5c38b9704be61cba94eaad2aca931f03f1bec406378c1deca797ff87beb

SHA512
ef7b9ecbb76162f269753862ce3536a3db02dfcacce8513658aa1e76668a7d510a1b96b2480bdbfc5e8574af5b1da97f6f5ef2122f3866549569cf04688c8f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
94faf9358627f8f68db44091fdbbf41d

SHA1
41bf0241eb440a802a1ab4a13a879a3b2a10a309

SHA256
16d90a3833d7fa93f715579fbd12ddf81d6ab160738cb0e6dad2b4b43e3f7704

SHA512
84c4dced11794e26a86c29c7ded02217f93f98e7efd3c5ce86212cee4252d77c1291e13eb7f33afa5df8a8b424ba52cefc4144053830bc9fac458e3e6f1c0143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
205474ce1317acdc9f1d93d4a3f31260

SHA1
a413480ef2af852e659ac70ec07cdc2626fd3447

SHA256
cdeb57c56926acdfde6a39aa41dcc017681328885b9266d759be3b9092fa79c2

SHA512
1375ada26518a4b3f802649338834cfc6fe0489fe84a252fee3545046598974b08c08f70b4ddabd720855a4ae563e67d8e3cadc4d940df0bd6c3c2fc22932df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
fce48561759df3c740c9f7424b6daad5

SHA1
d3f6c350f9592197fff1aacd971af48451e56548

SHA256
2a284fe8b05c7491c682caf6190bd47231a4d8dbc818102fd99245bfa2a08d56

SHA512
6f5a2d98528d372b67c88e5803e6fdf8056969051a4c473c3ce2689e06853de12f712c5a43ca98d2a742b6dd2ab935d7e4e52b843e0dc32a44a614d7e8f08602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
875b4d2557fc352fd139da7c4a819725

SHA1
eaa76ca87eeab9675459db7301d2d4171aae597b

SHA256
8b2f0cf600d7f21a681fef54ba42f11193ac522df3b43aefb44227c645d37218

SHA512
8a4c3cf80a4badf286e61e7f354bcb81e58a6c98266915939b4977a22b7214b0acfb6b8744f15c1ffc69a87032c6b5748cd0b53e32eba6b4736ecca289338ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

Filesize
2KB

MD5
939c8cda485af58d028ef88b6935d952

SHA1
8ea2cb98b4a767a809d812c7364ff5caeec84b09

SHA256
41225ba37cecc0eb142ac683373c4b46dc0b57cb5b3bca1c261e8c436aa1c85c

SHA512
44d4d26b505db3c960fe956f87d6c0a55067de8d58769e8328986fb2ee0e668cb590d0820126ee9dc24c27e57a3fc9b948469120fa94bdffb55a5b05727f6c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
253797d94ff35ef277c740717e22d5b9

SHA1
cf478a171faa0ab2f23d262d22043c546710c6a8

SHA256
bd3dfcc6cff7dd8c51c76c806150e388ce430dcc11258790c3e85d882596026d

SHA512
6aa24194228fe82e8c9a852933881bc4ae5212be9d52465b6795ba7ef6d5b6a25027ed0c0e9b39fcacdc5e68e9e68e569f96c5ac200645c5591fcf5be83fcc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
1ec454e9d34503dc0fdffcbc1a0e79e9

SHA1
0b8b3e7288e115e387b2df319ee74681a21d5218

SHA256
28fba6ec17bddc5fce78d5058774dd41255762bbabb33dd54e3ff02df89d2a62

SHA512
6881687c66f734203768486a19397477a831395546f4c9e256a6aa79bbb127b64d5fba9618c4186b5527f151316945a51bfe8891cebca658f37eba7f33f95698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
23f487577e783cd5e8f7845985c72c6b

SHA1
ba57273bcdeb2bef128bce24e919abbd129a7e9d

SHA256
bb1ffd2d985c88df08a2cc974a01a06ddb9dab57c8fe04c66f2f710678dac361

SHA512
fa637247f9282693e819e5235caeba319e7210dbaf441463cd3d74fb4e59d0ab8be014c867c3e91b737dc49e79557496f39cc71ee3830d9b5e8416474e45fe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
d73cac15d47326ac5f635e3c6edcc6b5

SHA1
3ee9a2886b47b8fd03af07a751e9a890c19cf013

SHA256
eaf28109b824fe61026a0e56f670d2f2b49d70cbfc43bf2edf5d5747831e69cd

SHA512
2a8b60f2ac81bd266ec8463ed2f98244353b0edbc5d0699365d3189f5de65908b290a82231ebf2fd0805031ae86ed9b23942edadedd0d68e28bb3a6dad3341b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

Filesize
2KB

MD5
a6acb0330192cba56c0d7acac1f459e6

SHA1
d1b4db49f77c518b45993e7f41e313c07c7aa0de

SHA256
d8605a8128ece5ce726c9af5df3188cbeefb4b6ce1226293541f3c29c970db75

SHA512
55ebe2b46a2129ba85950d2ffcbd837318b846061ac418afef934ad8d2180ab9497faa6051e62ebd8d38b9b3c028f113d4b2279e22fb698563071eb22d111c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
47KB

MD5
e655af2a3b1c9beec7406e12d8f3d646

SHA1
5ddc1feb6ee858609f8ae8ea8ac37255d4341997

SHA256
98d57a61dff22da1c640e79d3eba157a91b4c12c360145d48185f5b024c3166b

SHA512
36ced65c0f3b4c8c8d08c9b63cecd2d4ae3df6c1bbbf9766d6b56da5c78b8374500cd1ad422e0cb61610b5e3ef215298bd9ff17135366f97e8edd2a977f59c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f24804ba65b8c644_0

Filesize
289KB

MD5
0de93c6dc5a71ebdd77ee655b2a08f29

SHA1
ad7c6b91c8bf0f4c9df61020d7d5e7e2f951024f

SHA256
958a200541315daff83ae2f4c63c5655a8bac9d08fa39e35f91a55878573a4a3

SHA512
179b77688739571210bc2747bb883373b6146c99136419a7fa5bc3202c94a6e6fb0eb5b0e2eabaf1c4908a0cec37c00130e160dd4cdcd07a99c07f023dccc075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2bbe91ee05d4b26_0

Filesize
14KB

MD5
086a18889592d19dcb95fb94de5f5674

SHA1
b5ad7842ec9981e2674dfa61c4713aba007aacca

SHA256
87c52f676395bf95a212622dcc2388d428f5b5170faeaf6ee3ade296ff7f3df9

SHA512
255fd0f4f5c41ef8d78f4ca9e18aeabe21f7404926c44e749b54e1f5266a051857353294d3996dfc6b94ad19db73332149b9d3b53c5dfbbd4e789861669f0dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
fd0a018f36c868d012bf122ca2d7a8c2

SHA1
ae2878510165b5b4a0d48e62d86c0e84b6cac316

SHA256
a73b9c843731369414a6acbf4a893c409064973541d1c0eb168e9bc32fb5f0ad

SHA512
721a134a50d8810e36ce31ce0f58e0a2d4a1676629f51ccfae762c7037891a36df28e2fd1951703259586b4b003a919c79beb5453352283812c0f5bc9d6bb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
ec574072f1eb49aa42ee5123ed9ec33e

SHA1
bf569558b53707a94bbf84de3e021c05f82e9598

SHA256
4bd5fd141b2e16d0a9fa588282027f1ca1441795e5f4898c56f96750df449d7a

SHA512
87c50e0bf0d247bcd7193dee1061bbdb2213e44a7f6803600cb8e59bbbd6382849453bfcf2236a9ba8eb9073e19d3add2795b48692ca18779e559f650ca46e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
1927c54ca9256c3eb01794d8e76eff84

SHA1
aad20c245f6241c74b70082de32be5be3b9a25fb

SHA256
a37ff751b885d2871bf2ca105da2f7a13fdf45767e828540c64af3f6037af8aa

SHA512
c37b12aac21d100200497946e2949d7248b2aa8dbbdccd54c37da54fa740f8774a9fc5e084283c1090ee4e9052e015d5b1cdfba56b470f1fd3af1810915ec84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
269de6aa2f8da8dcde77c18a11420686

SHA1
4366141364d8255e0505ed3d2a667eee30667065

SHA256
74fe0cc7054ab4afd82984bf0447e03b0d39b0636581cf24814733540cdc986d

SHA512
a4fe7926df947e046c8e9239861eb8d8e9d77278cfe3003326585dd8b0a6f80b1f08f2e14f38bd47a80046fba56beb77bfcf98576334e01f7f410ed111396b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
0de656deef652c6effd80434d32def54

SHA1
b5d4d4251dc8f898dfbfe5cc98304c7fe76b3234

SHA256
424db7992d4828eae699f624592c7118bb2da5cfd54359de911c3082f30e424a

SHA512
c9464b789cd5ef41ad35a35c35b8633c6ca6acec12705e82ac05f75cbb64a781168e7be6e33c3a348ec164cee4231d69021eec97181ec820bf867fd2b627d4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
302e35ecf7da909617bb2b61efd2ce20

SHA1
b874f7dfe635906781c3fc7a76c629dfb7c5f1f7

SHA256
75407faaa1ae67e1988e6f5f8989c5ce08aa5188bb363cab733ffe0b9000b8f1

SHA512
8cb7e1d85ae5eda01720f448601b4344186f8288f0ed367dff25ad02d5635e0db5423c434c6fbf0f9ef3a8e3724b66b6d088aed976c845691ae7eb5083be3516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
5be82deb3a342edea3f6a746554fa96b

SHA1
c8c80fc265078ffa3940959b4643f099fee24561

SHA256
39650e32cc3cd32cbac4bd009df53ab150f0846c003df3c162103a7c1014f5d1

SHA512
641818f911511357d2611d11dbea486571ed7626e857bcf3ab41cf1004d111a98a914b298e1832def0b7ca9dfa1596c79b7eb0425970750d40138ba795438d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
3a7d4c4c33a6e2d5cb14c72886b5987f

SHA1
8b41a67d37ccb377d02b91427bd444daaeeaedf9

SHA256
0542afea8852ddac34b92380242152c61744af653fb15f5b44d372009d11731d

SHA512
df7d29d5e7703c60056c30ba22cbb961b6d40071c3f6f9c39f91e8b3c9906ec56813b7d88b4ec0260b2064509e9ae2c9cded2c74da7627f20192a740d27534e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
d55c90734ead81c2827fdc9192c42855

SHA1
90d8099b9090b195a35218a27482f249bceb8f68

SHA256
ab73e2727d18adeb71a9a46e7efe72c5df95c7bcf9cb99ba0a3cb3bc90b6f380

SHA512
b8d00c4805434023bef1c038eab64aaaa0f217fe12145f9a13f5497f1e89a9db93cece0d1fcd3e17792b6021a82f397c95e3f164b3c13c6bf56e381d024ba470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
fa7f62f53e912fe2948288e83d25d54d

SHA1
f465f000c8cbcc88b2dd8e161dc8f70275950b29

SHA256
85339215d8897ef9dde71f8376489cd3b8330c59da3394a4a576b17593edfc34

SHA512
4a87a343ca42aad79221e6fc10842dcee34b88c06aa502f5987fc2fbe15b97895acf818e952736657239fba404382f79a18fb0a461e9a2ec899716ea14130f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
9fc59d25b48ff2355101464037ccf82b

SHA1
432d92818cb07860e5ccb74aa71f4e4a1efd20a3

SHA256
0a7810d863457e71f0b345a7fe30e605e5c807cf7c6d154fe64dc8ff7cd35ca0

SHA512
7b4dacade91b7f69c17282db0f20c0ffd72d69ef6a8bf0ec0c76e20eb10870ae902781c2953e1313afc4e2617bc51458b327fe3ca9fda211d9956f68e5a7e807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.xbox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c66350ff621cef63e9c726cb2b3429e1

SHA1
a41eee64467984c97d26db51106be961fc8b0d28

SHA256
af1979de48ac6ea05b442c16049f977ece547e7e3ec51dad80cd79ac5164f752

SHA512
1491454e0fd805a230a038b3cb2a21d4f421fb2a633205eeaff83feab922632f7736c6e50dc76e5498a55ff60eea9b4de7a6b141bae00ded1bb9efecadea18e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ca39c58c097cafbce9359bd898bb5ede

SHA1
15966892993322c31d022fe2ffa873ff1cda98df

SHA256
9d312839a1f7b78bf92db4d0b0be72497c5892094c92773c72a84591f3bdbab7

SHA512
2edc5f9a496fe09da81d8ac9bde13f15e89d3df5eac30ba21fd901b36ef5c5ed342b229639235870d7d3d5885130e0910910fde1af211a1d360bcf9aca7e8615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
03cab81427932cf134106832779061d0

SHA1
1ffa780eb83102636e0781549d8b801f7a3bad5d

SHA256
f01f9e31dd83f463f78c97aaadfacd162993a6d2e0c2db8c44587561c3f5c6ae

SHA512
1252431e012d3827cf7948223ed99c2a7c3d182f1336c43e5ffcde01a695a2ec9e8faef18aa66ffe157781baf106f48f1d4f70de0245e8265b3776244b22b875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
572ad9075acfebfee0f68b8d75d973ee

SHA1
83dc35b5dce8cb7c62bfc33e5ff3e1e71a99997d

SHA256
31d302f5fadb930bf70d352ba85412317b6d8407344c3ddd343174f5f4184f47

SHA512
61c3dfafbb29e0c0471429a1498db380abaccbe53013fac4a76b4328d23386ed865f75d0d1965c32328e6bf62b2a51f9b8f16ae84e58c78f7618ebd1fa62a4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
aefceb218b51c211ba04d0d3f4f28e1d

SHA1
7422715257c8c45700caee66524a75426e077dad

SHA256
8f928dff8e0adb5c05038c52428c74794ed40b2731137166d36019fe7688b5b3

SHA512
afe4021ea028523124e41bcb2cf4c8af8ea18d69d4f4c85dc4f575e665170b3ece90d3153fccd5b1d4dca86f1da89f6702691bc6ee1431c95d243e767efefa37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4d2782fd10e8b76a20afc98f9fe93488

SHA1
bef27df43e5a4880f37e0e185817e1757dd607ae

SHA256
c7de0dba37dc85f4c01c59331e1c91dc722c65dcbe9042a068eb8eda99285821

SHA512
bc57c61f18db9008e267f8675a8e27c333df4667e07f34a9b9218966f1ebee19d623ca32582d43af47dceb4213bf15edd8ac291c329c048680eb8385c4bf149a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
56632a258047649207a08d923bfac329

SHA1
bf5024cb9b2cde7ab97098fe7da02472cde851d2

SHA256
b9aa5ada5bd94bb75c6c4d425988dd69b3535452a4f35161af749ecf7713611c

SHA512
d7b604732ecdf8f4d79bdb18ab0d881acbfb447a9282347d65be54655c458fa4e2cec1d08ebce7d3c67ab1e747dd5dfa73fb539d3d44e817c896bfbfd8e8918a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5ab1798ae2e080334873f62675b55a4

SHA1
281b769fe2ecd29a40946ee5a36a9ec5c8407c01

SHA256
ecdd2bdedc1c194801e066cab897678ff14ff8b46c7ee547b7f405a1d5eb0d11

SHA512
27d4feb6e9f8d800338513fe35fb8cc35f0198ebde04673e7833d3cd4169011aedd4f8413e42dd3f04cbc10bfc05db0ad1928310962cade7e857e21a8fb42435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
260b00bf74bd1415f203468a6ea109bf

SHA1
6e1e9dceabc57b2398057f9a78e4216e8ccdf6a2

SHA256
8c13e4fb2cdd16366669ca6b0b08e571f0d908002ab70128627d52b6e2568090

SHA512
8151ff8fdec3f27087a6f7f2a227f41e1ad3cd34f2d24223831135e4ed1456f4979eb5177b5f9884568fdc3ebf8bae91632304fb349ee97b870226c333f4ac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
25af9191a0a67a6d49571c0b0d71e98b

SHA1
2d2d9ceeb45d6f5b84a2b1b3ff40a5d7709fe105

SHA256
1eba35dbc8b9d36e296667d252a1a88de091438bc7eff037f9bf29915ef21292

SHA512
a2a39d58205fa102e687a6968540ab51a4c9191eeba8f1cac28f098e2430b345c009eec63329f390751cc7ca2da7d8086c1fa11e08dc7684091349f35990df1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d4f32f1ac75daada13ae4eccbcdc8aa1

SHA1
5c7b9723e7e671a3cc0ef3b6b084b75948157bf9

SHA256
26016b135b4b64136125d527e870a95d0727ddace101d0c7113bc5e237076483

SHA512
1310de8a5f2c95f61c12ef064ae3a2bedd252f5fc6e76cff19bb82763cac3ea91fd7dcabc83388ce7f9e36b9db2aaa87aa505b574b27dc63365e5be1ab5e85ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0324f1e9d585317a9d973a10a4c8861a

SHA1
44104318a6b654386a556f814e64004c215710ed

SHA256
f9e3ac51c1ceab24588124ee84165ddfd8ee358e5871f84336fada4bcb424588

SHA512
3815a35c2e3db3f1d688e55739dad9fd90be7964488f0625251130849ec02376ad110bb49936d8def9112328e3007c75f8bd5224823e0cf5681066b7c4f36a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6cff625066a68859ca5b81ba4d270dfb

SHA1
145c3aedebc802c2838290cc3bb3aa214911659c

SHA256
cc275f866cdc3b0d2d21114161213162e7dc726c05ed34adc5617709586eb4c3

SHA512
7b0626697e030366098c3a2589a541bcd284a575e4e561af918341f05818716adb62c21867fced12cc430b22b129c3a784773adfeecb57dd4b8b43520f1c5b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fe6306efa5b630558b150b1e4c59ecbb

SHA1
136b95c95b71f20d019110d2ac697eb07ea9c356

SHA256
54c7e3fff282419f9d9cf517c5bd255fb8808d0e647d762276c6f16e8b79449d

SHA512
39f35695b9f60b3a8debc9771e6ea5736b7663ac14106fb1ded422b9a0f1b655298594fa868b80d024b096aa5c42827dcf3e1f4df7651e9af10223840ce4ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f720400255089d1ab1c879f50f0be51

SHA1
e32a1b2092c87fcd3721f4b948bb61ec9d05458c

SHA256
6d9806445bb1b7c4dc12b40ee880db52653414b4832f7bee6a24f250a3fd3c1c

SHA512
036763878d572d3771c64092397d84a433facfde9fd6adfe53105f3ef1e20ed17895a318699f59fb5575c3ba1e069b6444bffdbe192c134f2e47d995df4ef124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d20b905128d9b358e50030adea8171fc

SHA1
61d661ef5dc626beec9014c25e9160c572b75df6

SHA256
e6a1ce2258168923777ca7b0b446e3065db93d24058c3e0975ae70a1dd58282a

SHA512
5a4c6fd41aa3319be78d5f70008c31e15de29ed54e18ea14eb37c43358c0e8466d76d7fd3ebba0f90951e9fbe2536a43943f666ebd3d3e3b8b2b950e0d4b8b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
14b6bb2781c9b16f15b3708ae3fdefc7

SHA1
1a4f8c7bfc990da34a5c957c9882382af6b75024

SHA256
58fb3f71706b83d405dc097f022818660b67a02800407e90cfe7adb2b8bccf37

SHA512
ac0dcde3a12e301931b6376f7e9fed8465aa49202ba56809585b4a596b693674f265f1c2ad580746b12a69d394cc6974ee965c89d1efda6a284c03e6cd45348a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2b7f0749edefa99b245f430654b164b

SHA1
d45bfb1db39e9a39bc4215192ac16949d4e2e1ad

SHA256
85d919a189cf1479adccefc7e80c584ee384ca33ee92e22be06b48ad8da101a2

SHA512
2a2dd16e5b5a5a28a4121655f81b296e3c9396cbf1972181171aae57407f0db3e478b8a8578ec2cb13cfb8de4d5ed74523f171d9b8687852159a8936f50a709e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d7195288f4f8a4fac9df40f7527ab2d4

SHA1
7d24e84da30fbcbc86a9d5c15f07501195fea856

SHA256
966509981606b5b4fea9689cc048c201552027911a3a2edffb345090ab990f24

SHA512
804190ad9f691e6c81931b23fb13ca4376cbfd66b722356a055f3361ee235f0ada986afd04b9719ada6166b26647bfd2da48c50b51c1a086b6d91928c0928077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
80cf474d271ac48bfd308dcf26725deb

SHA1
f9af7f6dc9e74c71a70733e42d176b431c9b6d4a

SHA256
a9ce01c54979e42fe558f850068bbaf4f16adeb5a5410f581c5248c1f051c12c

SHA512
7cc41b42af418621cbfa5fcce28e501a3811ad04318e65776c9da72cbf7965125d3fd5c3920fb04c3478c84fe6cb0a5f1db8a626bed727af4edbf95d2e929bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3f9de16a556d6a326d4a10ee76a2103e

SHA1
e6ddcb5569771b5e47785cdeef98b7bb0e5ef11b

SHA256
bf43854c4bdcdeb183a7ecff07f78fff94a03c6c410c39b7f17dc7cb2a4e3c62

SHA512
9fe02b98f9ba3bcc906e55fe4968e9eaaaa74bec77fba911114ff11e0c6b977765c25c4bb0c2bcdc5f88b76d1e2d7691ed80e22531287e0a6135c26862553cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ad54bb5405ea5a29e8e8a802a2c2263d

SHA1
63861e6e3b52498c22e39fae98249d32c7b11d76

SHA256
bf3fb564f3cc9d8511304e62d9ced01e941dbe57d87bf81d1a470a209341514a

SHA512
33598d43afe46f7ff79e7d3170462f8ef0d8bb3b1c54269bb7be1a99554b2e3909533a45ad9815180fda95dac0dddb49a186c763711027c7dd5bf22397a9bbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ab90d2f9565c9f58e3bec1d19e487a92

SHA1
588e40175cc6009eac455d8851f566b8472a1ec3

SHA256
dab31b1a43561a6c06f094ef33fb3de622dd140f396a8939f912dc020e3b83cc

SHA512
21e18d141ccb1878bc81240ff3b11058b858e9a2612cda6de0cc7dd8910d9f0ffff40fae53f40f1b2929f4cebf13e1db15688eedc93192a5b51c3644f4d225e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
dff0628eec5e2972869c592c825efea7

SHA1
fa9432bd78fd2d6f00250160386c6aac92e8b71d

SHA256
9095e7a582db82a3d92eab6597f18d37bfa6a70a2e7af5839e72323957eab17f

SHA512
a5a6f8a80cb83768c971a3ae4d280bbcf9f89fb1a591a05df9a3535040fc6ca30aecff4cce5753762d959f84ca76b66a499802bd05dd872590c914fa2de33f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4749b79b8c4364a89a96ff5d674a18a3

SHA1
b73deb42ad611daa1b2c7664a3568591877a5586

SHA256
589f43e07c6147d77e90093d3ab056d941634c9841218dbe17c852a50a219b55

SHA512
3db0ebdf84091193409a7f4f6c3101e1a6844f5e374a736af15aa2292576a300e4680f12f340c6b01a52dcf687d77f2db6b9a6db2e99023797f140459d24cc04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
57de955220448e01addb6574a6db8b54

SHA1
5ca9d0e2768dfde0bc0452d091d643cd27f7bf4a

SHA256
945cfac02dc7e0cbc61ee105575486856e0eb5dddbe99136b9ab1b02a16d343e

SHA512
43a843acfaf9657a38ada9f2cd5e61f87adaa32bfc88a70915061f575572ae7418cf252031142d1f9be8721b45ef9cb20e342f295f1353b432f23027c99123bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e215a2f5a474681b82d3253fc84c07f0

SHA1
a97df50ffc54a8467f409e71fce1ec31f1642b3d

SHA256
5ac4ede98cb62641b92db7ecbe56d134a926e5934efedce96049bbbb083b9391

SHA512
f2135a1dc61c4d2e33f73cce3aefe1a086ceb8026569285de05088bc68a2763aeac6da56125cef174a1c2a9dbb3f4870b5507de3fd55a7803ae06673924f7b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a6d8a3e35cf436e473d77502498ff761

SHA1
1c767741a43b9d0bf5f3bc8c454638d00f88604e

SHA256
988a9422d36906868fdb0453ba619a7688068cf5915058eb0119fe132750c827

SHA512
f5233ed36acb4d6ac6af47b1cac4a6dc14d53d13740ff5686dc653cd2bd08d65dd350a212a90f106bd441d7f0102d525dbe8229a0c6949eee535f0c5b49bf3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5e87390656c2d68ae463c793d66be53c

SHA1
085b62154ea5c002b9e3b592a023b9728c532e1b

SHA256
b7783c303ff0592b434f7584f7d80b68b362582e120ae96dc1a0c390b3aee8e1

SHA512
097b7324164765b3f66392c2602ca5ecf5a062cb7b102a2fa7d5a493ab8fdab99a6960260b93726679379a3cc9c3d24a436b260092880ef2247a67f4f96a6a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
496506481ba349d1116419537c70d65e

SHA1
3593dc234a3e0f53975934aeca30ae93c0fbdbda

SHA256
91fbddd336de134ca064d9a3bb03334d4cc3181346e66c5463ae19e19f6c64dc

SHA512
22afc07c01f6c07fc3b71b4dcda6a61ec9e8d9aa0d69213be05040e3879be23a7277a4bf64a71e7c2349f1a96d5730ef65f7bf4eab123462e8149b942d3c6af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b46c0d2d87079f4e8354edcbcf3ffdbb

SHA1
239f125f68b1509ba2dd17b13f897e44da85581e

SHA256
1048e810c2dce70135774c81bd471b7443b5697bcb575f8c9da3cc7a7f9eb7ef

SHA512
3636f007b9a94a0657226a2be751b63443c6795cc07b1c81412cc67f150a89ad6b4e86a8059de41650c0a5ae137e77cd35d062683cafccf2f7878070e0528cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
81433c89e1a90b6b69e09228c2ed24b9

SHA1
845b360ce681c0bd1000ece10a6cc336cec0c5bc

SHA256
7ba5ba9a213e812ab6e33816ecc53f3f638ddbe59e0a1c4cca6d31850737b677

SHA512
ac9f6713fad0e0cc22928571cf9d47b35f1583eaef2e0e628e79b435cc8d694ef61bc6be207b21c83f9a83523e7206daaf2672f87da0ebe85daa10542194278f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5848eb.TMP

Filesize
48B

MD5
31e1a2ecda0d62976e0951a5b52a93e2

SHA1
b88b5066746e3a8dd4541c08adb613da7e6e7722

SHA256
11899aac73072d17194b9ce7c82663ee3e68b4901eafbb5fb31fe99f51454118

SHA512
9324ef6b5cc4f46c7d306fe87d6d7c6f9ec176be7da31b09fda6dff8da29989a826430ed382e563ce8ee7815c34fee66b49bcdb6b35cc1c98545ef92e1394379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cab5cff0e61ced56beabb3fa66061713

SHA1
73db36213fa0f367a28bd89826b9100b61fd2687

SHA256
cef056f44edf2532457d1d90a5960fbca6e548e37a26b26a5391019e5a3958dd

SHA512
b6d7e20f183413bba6d6ca298620e463ea78aac7baefe802820dfbcf9d8bc7855e8ecd9d602e5b565c7dec055291729eec930aa3b36f02563e646b4746f433a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7f90f12a6f574b800d3594c614690fd5

SHA1
bbd79ead8b03201af5b241de5d97c7ba6050190a

SHA256
e600f2ecce39745ddb19827d65c7580eac5f27c0046ec7519665cec83ed4356d

SHA512
386da9dad48923ef8ccf264a16cb8928290c10d298746912fba37b9da26cc92ea0cd9d25483267bb43388552ba627005b47c872f8f55371a295265c23e168391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
556c482d348e5ac97a3d15e1da4004f1

SHA1
051d548d3f3a362be51541880d82ff94b70028db

SHA256
ec874833006f4dbc3fbda99e7728aa64eafc926911351c661faaf1e3b7910965

SHA512
4588f46950f17bea1e6089e9ea4322b2fd4ae1b40f9ffb40df5eb1ecdd3192da9cc48bd82e4bee8ff7317d46bdb21675a8a62097a7a1f5f6b19b2dfe394cfbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aec16bddf3481bfce6b23f428523832b

SHA1
912b86a47aebcc105159520278e8131ede68eeb0

SHA256
2aca47933b570c64c22b690e6bcf6b08174bd87c672e8764502bd010f51f8127

SHA512
27fb4c050922aed2cd11a9c5f83aa10912a99834536dc30b3311847f640706859cf0fdd20626952ade4ff99b3bce6cd89dde89f6c3e298eae180960a0a462e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c19805050303634585b45fe0bdcfaa7d

SHA1
47eba82d39f4d8c546fd213ba6ef71e4e824f17e

SHA256
a13f448c0cb32614c82d753c100d74a16667c9a15aca3a6b87467499d8907f32

SHA512
33d197992391b48e450fe1742184f2e30af31b1a83e7e38b66ee84d34d922efa60a255d1e44ded237118d0df48ee33ce2fcf7057a84cbde2cc7cb298afb1ae5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
528792118c6fc794306d9110279bb664

SHA1
70b7c2e36b195f3f82ecd14064dd7b766c69d505

SHA256
eedf928ca9b37fe03d29bfb3ae26451a98ce5fb42e0b79d1b69eeb38fda496d1

SHA512
4c070cf153a0ac5400399a8d312db01860c8933cf9bd19421231f894b9bc48a92532fe6f65e1505a77f6c1423153e6a8d752cd045adf05018d46dedc27ebbcce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1a317e836bc2a547c42cf946847dbaaa

SHA1
749b826282dc268bae3c3595810cb02a3a41a1e7

SHA256
04fae434895e58aaf26ba0b8ad80b0e4dc9fb6bb6d2ab56c790cdcbffc7b8fb7

SHA512
7498e7eed1cf0572746d619b4ede7aec373978f61f6ab4abafae91eedfd2b562df253164d5520e0dac7b12731fc437a78b5348e1b58460250c21ea4aed1b63da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dec47d3a5aa54c35cb9b48997d16b814

SHA1
1637ea3647e941fe1ab93a7a9fc47ffa5e50723f

SHA256
b74e6295741d1157aef085b278422862c1918fbb1c1e6a572a6559353a837ebe

SHA512
92f5675cc0c9dfe0f76ffdcbd8048aa3fd6287bf2d4c55d49d27ce1a60967d78e2b57bd6df8c4c3f6c9c5c2665d9a2076b8f8ff6c6b7f4d5589e7a834aa44404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2ed3ba2a94ac76e2b1bcc255c22ccc33

SHA1
310b5eec38424bf07918428e2bcb54f20748c74e

SHA256
d8cd922413e71cf7ba016145e6bba101a9a6b616b1dec3379e36a49aabdc2110

SHA512
8b5d901ff01467dddc82d439e4424be53a1c46e386686840bae9dc92b9b0b16a1f60ba200fc7e37e52f2075c157b58fad4446e9f2ea8435bfc21f28d620eec26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b2d44cd65a7ed64680893a4cafe0e68d

SHA1
dc0c2ea4793413bfb2e7311afc6ef06a880facd2

SHA256
85742d1c7dd52965f00c58286115026e4241646ef7aec52264dc8cd5d0389b13

SHA512
104f30d6938b28807fabc0d407481fb2f27a82c3f850610796c8d3d9fd5d155a8094f79e0301f55d1c1b4e44673d190cf669be8e96d466ee109a8bd84f94a004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9eb362aee9bb986f75018416f8e68577

SHA1
ff6ed73d43ca89bb41af9cb5f4b28025130a0539

SHA256
7f390a56d7ca9e9aa6a7692d7c2278a792af912f7c86c737c3ff0c48f60b34ca

SHA512
34a5cd52ab9489f8d344538b536cc399df1c852112e3588e5b3ad2014d1033756875aa6712fe987e5be30bf74882d98d93a38c5aac3ee445b8280851378a3632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cd12ca26650cca62e54c761ebe9fe0f7

SHA1
88e55a2b70b42c8b83f9a6e5af8dd06d1cce8932

SHA256
48cc433bc3577243244bb3175fa5f3484dec3be4127582fe5cbdb67cdae8736c

SHA512
1ae21d0f17f363751a9ea4a9b2a723b17e4501560b7cc279335f70361bad203eeece3748346e5738f27a5bfdd67833ac543f4dbc88797544ba10f246bf09d3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9023014e5df53734447bf26d6c8b05a7

SHA1
4367e6fb74554f876fc8724dd4bb03732ff24a82

SHA256
f1468401e09370a17b6fc8364c1a563606f53eab12f324f9674b2edb71ce0823

SHA512
426469921911fe6cb9f4d3966d02ec2ec4944973cb6472f585699f5ca6f4c92c8f6619720355d8b6984bff6e54ae4a2c2e5309e81faa69b0acab91ce2ad85f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e2b157ac33eb21d54e3ea4485482ec72

SHA1
2c2a78b4ea9e6b284fd4a8892542bac8ffff6505

SHA256
fa6805a6ce1b43919d080942f73cdddc542c504814fc3077d1e3986d4fc22ddc

SHA512
03ab74753b62ebda2314f97c6338a0107389b809126b36ddf606b34313efaef5a68e568313f6a2042f52d57863f0aa85615ab5a6777dcd37837855bd6cc63e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
59dbec2c6fcbf27e368dc0158da33783

SHA1
8755ab3e6d52fd2549ac36ba0b90c0e989030ad1

SHA256
018e294e2ec0e5d0fcb5849f6f59e75051b7b8f416df2141db21d5c9d7f2d7f4

SHA512
5883b7c478a6b58ecb9669d2d8bbd21dff135bb48d83e4464e7e82cde403a93e3bda5ebcdc0e8039530078200cef7d8f4b6d89c46ef1551e16b34db0886d3736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac6b723e08a270efb58a02da21bef9b7

SHA1
6a4e2f1ce8e89a98566d4519451b228b85495766

SHA256
95499587fea370a92edd3dc3a6f484241f64f5ac1c86317d3b15923d13e0f9a6

SHA512
cd9f7c84ed856fea75a1a2ee11db9c433b0443a2ed2c51f1b25165c4a41a99839af715c159d92e34dc54006f38269d5ed53a1bab2766a4321c5056f9635c8f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9871bd9cfa2113e0369a1645b01c963

SHA1
77be6a226f834077a5ee8c49a5179a2231626902

SHA256
841702f1b5a91571aa49595f36a0ef096af243ea522f745bc5823656ca7da442

SHA512
8f463cce2a6b0eda6cf130a0b66da22ee34adec7d6cbde8467f6475890854dee3f8b7f5b8e7c8fead9e8ff7d43253949ffef44ae9d2a141cd7571624dbd472f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c9d8a4e299ee5d79910fa265bce07c24

SHA1
b94d4e34c4c365f4b40349adac5f284d7a70b47b

SHA256
034d39674f49fcf529a64b4ea9580fc7145eec3c7375f833d71250b5be02fa3c

SHA512
8ebe6cd3edad58b9ea3442d7ac1c2e9ae1025195038450e01bdc018e057cbc3910a0464b50e19241c1d231cfdcf9fd5b35c95758123bcda3591c9fb45044ec0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e48555f228a187861725a50b0773471e

SHA1
824d9b5c3fd94d86f3dfd468a9a50bf68d7d8743

SHA256
802e1eaac6bd124c357abc3dfb7ea2d2a6023ebe58f438602aba27b3c5581c11

SHA512
fa84a3ae629d45388c37e9d2b083f378e8d8738892d0a171e28e578e5ed3bd7d84823f1fd3c4579930e4366be9090c46a05a9940e4cc7389ac885aa34983aada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f8cb14e388ae74443e5f274277652927

SHA1
0b3126ad1bbced5f1f5725f5c1db872542bf14a6

SHA256
9728648693b46a9fe8883d057cc5111ce26be26fcef0f86ebf787f4b3ef8bc87

SHA512
9f6cabea67291351f36326252e46c2c33e8ff7b4a00dd1d3d9297abf8397cca4e067b37042a338f6e2cd756a706f2878079c9712ef8b798010f186c86dc674be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9b16421c2ce8fa5859d049f35b6dc24a

SHA1
fc97a2f2e4cefc45fcd39b9ef02a1f8b063924dd

SHA256
70415a0d658d779a399079987fd3fd247812d8d24558d655543b4356dad2367b

SHA512
ec1719f40e58dae68b77b5b226b39b431d0bd53f811dc4df4cb9d55e98c31e5a78c54ea1f738cc8c3b40bd9cc3b4b46a77e96eaa55676398a4f91c0131b9c7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b92.TMP

Filesize
1KB

MD5
350157af60dbf689d0b70a174bea926b

SHA1
e2b3dca1fb3150b781b50fb1e200554e4ae39dab

SHA256
60ce4e5de35f8d114041063513177dac96c3d33ef5d35c900cda54700ce36631

SHA512
a238e43683e3c586356d214865e076f64faf2405353b811dbf5f44d4b2237be851f8649b7ef52631054f23a194907e448dc70afa6d1e6974ac05be70edc1c440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0fe9739a84a326c4c6c6d06840fd851

SHA1
36510bed78d23a988b350abde747df2a12b9077a

SHA256
8b23eefea1763ef8721f5c6e9014122763982edf3d4167cd774bddb7c65cff27

SHA512
3228a5e4c4155d411a8aa699894ace770f3622de9b769a5f7af1a000688457ed360a2df9d148d26880dcaaeca48874343aa767a6dcc67bd95d4a649067e63434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55de18bc00bf68f101676f465cdca04d

SHA1
4c2dfd75e697ceed7c6bfd897558e05cfad68450

SHA256
1fa87b3ee788f9342b596a64d566156479c4a8d8c5161615807c24c69db8e5fe

SHA512
db649ae5d0a8d24e7c27b7844ea38393888f63ce95cc9a05fe945284379d1a3f605216521b9232f85a1c7eb8bd2df430d247cb529ed244211e1b840b7a554dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3c7e55138380b12262d0af1fe1bb6c7

SHA1
68718623a120c006b6d9ff4e7acfea16abf57586

SHA256
d3e0ed3a6183cb40255c3d205b37d49ed3b0af97c7565dae023d38adc24354d3

SHA512
a9953c392014a67eea973b0cafb33bdbb2914777de4e60ff21e672577b4462f967b0f100fcc625135bb00279bec164158fea9e3436ef1bd3c045a4358815a5f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bac2f705b8952de1e4dcdb5baa747a5e

SHA1
7fa1228241c69105bf192d37e8b29b301ecde489

SHA256
234656a56f413a43c2238b6855714c49b10ad6c7c0ae70d3d5c245f724eb3aaf

SHA512
2a48707f43ebd8bda6de2ab8e92aa6becea78aca1237fb36dd522b19c8eb996f39f3309759f48188baf940a535ac9cbd4bd67aaac16a8110088b706734815132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
50ebe0b01fccd0eb9b36a729c482cce7

SHA1
366c02654823ab73b4dab57472e6b4192a9dec5e

SHA256
e543a66391a8ceafd6c05331d78bb1da6f24914d9351e90936d4b835ba8905f8

SHA512
cc6528498a93b78dae7e9cf05fe9f0741592ab972cc35e19b81050561fddee222774a05af90db5a094b83aba242630fcaf9ec15d653d95d3c100820878a7712e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e49a86297ccd497b8b9745420ddbc5e

SHA1
fc161e93c6bdd31a727adeb40ac43c51354f7db6

SHA256
54b00cf3948ccb440a7e83d6b67728615c0e91c6d9b6da2a965858c9c28b1658

SHA512
3be8fe7ccf25802ac12419e855fe7b82c00014c14b503936b8d90dd8734ca5f34dd57a314e6570e750ccfc59c400e3ac9d2e55a435ef05afa7f6509f702fd430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5daf7c6bea7c4dda149feedafeba54d7

SHA1
bbb2413634d4dbb153d6482967ca9e0633d3163b

SHA256
0d34bb19031e4d65798347a841651090bad52cd3d6a71b4e6bf7f7801872e78b

SHA512
ef0b3f54a5d76cfef86234b7943c35d26d6d9f90c399641ea01f187fb31fa3cab74da8d926ab7e60edbda75eece71e32faedbea251bcb463e6eb4b5cf9346908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a6020aebf4d135eb3bddf4aef78b788

SHA1
5299c7e84f8c7f4ee4eec8f198a323df6d04d74a

SHA256
14a43bbaf0e9b05f32e5f2635e4cd2fbcf7b223babc8db33e0ee34236c8ec027

SHA512
3f0194c4b4d6ce516432a4cd68ed21882f95701d91a985f56ba6440ce9f9fd688f460caf85624f3640da3f48f972cead88cf3109c6308bf99cb460c0bae683af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0bcf1411c34753e330d0167c4218f1d

SHA1
701b5b20e62214f15f8cedad9b4fbd532e9ff248

SHA256
345dcb8a39c089b6c5170674d2a9083ed5e9cfed0c5cc277d4653757cbe88982

SHA512
7149ce93f6fe1362e3a17e24b1f617b24e6eee045981d9d55918db32dc77fe54d6afec8f9979ff27919436b119e6368c17216c68e379689ce92dc08a26d595cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
03e5de5193e7e773e0eaec806e46b06f

SHA1
2b495def12cfb55da55d206065b5c9815256b188

SHA256
5c18ea8f5cc6020a82efd4d2e9316189cf104b8b6996cb9f9afdb8fe723cdd07

SHA512
46acfcac555c0581213f9d0c0b145e7bcc2764330511d7becc202f22831c6ce4ab7465f3bd20e06e886b5aa3584fba3c306476289d3d3d3fb7eb1fc1a90020fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\effe846f-7e21-4a68-bcd5-5569a87718bc.tmp

Filesize
11KB

MD5
b97cdaf4a14ab91f6445683f67c2506b

SHA1
ccf3f974c10bea9f948f2b2a188bac2c03dc2ca9

SHA256
72401dc589adcc7aa73c591e2b97c6db3d4ee83d8c3600cb8df74d7fc57ea468

SHA512
fe49a138809464e99fd4868257cc943108fda5b0f2ed47a742fc06022c3435273ca884e5b01da3863427d9571e4ef65a12eeeecfe73cb98b6f5ea9675fc73d68

Download Submit
C:\Users\Admin\AppData\Local\OperaGX.exe

Filesize
3.8MB

MD5
9294358742cb5719c5197711e0230231

SHA1
91d917f2fc2be9860d114a0acaadea71f688993a

SHA256
577d282334d0a251ae45efe1a303ef74cb56c08b479e1475dda8733b636c9917

SHA512
2c25c750c2ab34388553121baf687895843c89a3184e2d99506969d9b4b1b6353f2c2f29ee0b04017a6b8dcfd296a31af8c231662c9db15566ca96ff76eaafde

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412182008091\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

Filesize
7.3MB

MD5
49e7ebda27b78f0995322e0fa63336b3

SHA1
6e38e971bc7f249e4fd726d25a40a38dcb5acf3b

SHA256
4cb3d4754510e21dbd794a59eb47ff4d811064ccb9c74b02b1d62a96c9f2de7d

SHA512
ac6cfac6ecaa9feb74ee5631aa09649d2db33f6fcdbf4f65a0216f396d8b2e8ff5d1c62b14f6d025f29e37b3eccf87e9b838024e6c82502c956a21f686268b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2412182008092746132.dll

Filesize
6.8MB

MD5
be12a3550124e852e52fa2effa9d48da

SHA1
a026f8a03b22fcfc4b256b28177938645a423f63

SHA256
41d5b126b9d1885a0e4f42b67366cde76ecb7573e93213ad6d6ef398d5787706

SHA512
331320f69449e632de51f1317788f5fe64b647a8493bb13088c26dcfc86969716f06ec9956048cf4fcc817fd499ea153fcc8a26c3757da882c3f6045529d6602

Download Submit
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

Filesize
3.8MB

MD5
bf6eed6cdc17a0130189a33a55ef5209

SHA1
e337f5a0931f69c464f162385f1330b4d27b372f

SHA256
ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168

SHA512
90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MU083T1HA1GAWD8TKKT2.temp

Filesize
10KB

MD5
840e672903871c7f1817c292fd5a571a

SHA1
bb14afe9e93034b62eecdfaef8600267d0f28b6d

SHA256
b6154962165efdf8bfa982f162b89fdd034a8a140a034eae578c8f941de85be4

SHA512
66fbb41ba5383fdce7b4e8a9d471dc7322fe5076483f28107b359b70ae633b3a0aceb2d2079e7e5d0e9959a0bc1866a3d9fc9b116970a0b7b4ede41385697460

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a30c40ad755f0b8bec17636bd6bb760d

SHA1
707a6f42c76c33f76328d3a2bdc88566c1d65beb

SHA256
7074d854fbe26c9bf83477738f99b7687cf8100ae8a69b73c223e476acc5c54f

SHA512
210d1c1df1ec9c826f54e1f1abb23557178e4fca85836f24778fafe3d1aeee833b28dd122d5d89d106fdea23c86961af0d71b6b196c70b61fb3b04a03c6ae303

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
25d92d42abdfa5fddf94b53367a0f423

SHA1
ddd84487a7223971438e6f7cc93bff902fd209c7

SHA256
a89bbc301c611ed3e3d8dcd632d6a83a92231c449a50a7b1f5efa712922a46f4

SHA512
a7fbdc2fa7e84f3da013aefad6ec973b6278133f469534e4211a2a8bf2dc471d857a6fad4eca3cb8105cc6ac7448cb99d6c775c66ce3e2ef92fe158a2397a5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f0286bc89c1f2a668073ae00e50b2c23

SHA1
868c352453669ab519cad728404474361a3e765f

SHA256
e89551a416642b1a25368badc98f59bfe0a52c1ee0ff61f3ed8cac33966c7dae

SHA512
da8909fa286f0e3e7d82c98e0d8900e0f9b9a76b719026f51b622900a11a6c0336ee75da082ff4a51445ddf19ee8a332a88f0e733086f14fa35a0c0fd50081cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
c8a381ac30fc0225a84b753d4cbfe39d

SHA1
e58579a2c16f51366d08e9cdbdb213e50617e7f5

SHA256
29e2426beddf3f2b1872e11fd5caaea3052ac76f4904aed5c965f404ab4f001e

SHA512
fac88a49b068bfa97d98b0054280e1ab900e38e09b4ec8d04dba42daa558e5c0da73d21ed7b394f203bb07f544cafbbb28c5faddde0a84e72da9a7af51f57e29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
16396061521e54d0db57efa31713d103

SHA1
8d5f369d1fa170629cd9399fa66d9bfd5d96466e

SHA256
79709cd6390e444539d45a8bd2ad8bd446bd76d0f0f49326fb793435d9c817d2

SHA512
21d2ecdb756addf8db215cc3fc6110b51481950151bcf79499ce03315c4bd2b7020bf357cd3769f04129fa383af0b9680491a7dc4e626614fe060e8b43b08227

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dbf56b536b839117b3382f73d9f59106

SHA1
1027653f2a26036f7b6d1549e4c2b9fcb5f368a6

SHA256
f78d7d3394a0c619d09c4c75cdf1994f3911134cf2d715c5bc29d978e07e3ae4

SHA512
def69f5fb6d8dd95defeefd283faffde4bb266900f9b741a8e8004c01e939a3c8cd28ab442c2359a05588217a16d23b77981965977923455b57daea1e6bb5292

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
645051ae8d6feff2b975ab560a401377

SHA1
e787f8acc8c16be53bf4d5672c70afd7812c3a65

SHA256
4a7790b5227527a9588d895ae38c6ce9e1d54f0a713fc00e46559bd2e9d7abb2

SHA512
4cd91eaa3441e9f7dfb46d485c755a1e749a113b339d8268b4f3a41be13fe39262cccd7d9ff000c1dbf85be6d5d3b36563816a62e1f18eb6f239330b4d614ff5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
55e6c06722076cd19de1ab881494c08a

SHA1
1d68f57c8d6ae2e39b46c91712fc119774e5f97e

SHA256
512d214ed98be06d052b8981ed08c8156dacb249631890bfc2dffe043238326b

SHA512
a1420f489e27263fd8a5bc913dbaf5ffc9232702dc781595243aa4fcd6c27989d188cc36a60ef1f2bbf6238c97e3b89d00ae0571754dbdf96936e574496f83c1

Download Submit
C:\Users\Admin\Downloads\Delta V3.61 b_55245761.exe

Filesize
5.7MB

MD5
15d1c495ff66bf7cea8a6d14bfdf0a20

SHA1
942814521fa406a225522f208ac67f90dbde0ae7

SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42

SHA512
063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8

Download Submit
C:\Users\Admin\Downloads\Delta V3.61.zip

Filesize
22.2MB

MD5
2692ff99a5f94520b6caa33bbd0cf05e

SHA1
0bf675fad129bc61f7c2763177a4314288cce4cd

SHA256
507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

SHA512
65d9665d29684325ca27a33ec187be8ccb142f98f662f888b944750ffcfcea43c496403331ab00e5e408dc5b1c3d39d7fc2defdecb1133a41dcc5d00c7c0392c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 929351.crdownload

Filesize
2.3MB

MD5
d7d4d1c2aa4cbda1118cd1a9ba8c8092

SHA1
0935cb34d76369f11ec09c1af2f0320699687bec

SHA256
3a82d1297c523205405817a019d3923c8f6c8b4802e4e4676d562b17973b21ea

SHA512
d96d6769afc7af04b80a863895009cd79c8c1f9f68d8631829484611dfce7d4f1c75fc9b54157482975c6968a46e635e533d0cad687ef856ddc81ab3444bb553

Download Submit
memory/804-1053-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/804-1054-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/2088-1073-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/4444-1058-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/5904-1062-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download