hxxps://uploadhaven[.]com/download/aa42c9608cdd5a37610b6de9bae5b672

Analysis

max time kernel
888s
max time network
902s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2024 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://uploadhaven.com/download/aa42c9608cdd5a37610b6de9bae5b672

Score

8^/10

steam discovery motw persistence phishing privilege_escalation spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: Robotowght@500
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 36 IoCs

pid	Process
4792	EzExtractSetup.exe
3788	EzExtractSetup.exe
4772	EzExtractSetup.exe
6000	EzExtractProApp.exe
5484	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
1324	OperaSetup.exe
3976	setup.exe
5388	setup.exe
4792	setup.exe
768	OperaSetup.exe
2016	setup.exe
3244	setup.exe
2328	setup.exe
3420	OperaSetup.exe
2588	OperaSetup.exe
3376	setup.exe
1948	setup.exe
5924	setup.exe
6192	setup.exe
6256	OperaSetup.exe
6312	setup.exe
6396	OperaSetup.exe
6480	setup.exe
6472	setup.exe
6580	setup.exe
6588	setup.exe
6708	setup.exe
6720	setup.exe
6852	setup.exe
7052	setup.exe
7084	setup.exe
6120	Assistant_114.0.5282.21_Setup.exe_sfx.exe
6560	assistant_installer.exe
6624	assistant_installer.exe

Loads dropped DLL 57 IoCs

pid	Process
4792	EzExtractSetup.exe
4792	EzExtractSetup.exe
3788	EzExtractSetup.exe
3788	EzExtractSetup.exe
4772	EzExtractSetup.exe
4772	EzExtractSetup.exe
4792	EzExtractSetup.exe
4792	EzExtractSetup.exe
3788	EzExtractSetup.exe
3788	EzExtractSetup.exe
4772	EzExtractSetup.exe
4772	EzExtractSetup.exe
4792	EzExtractSetup.exe
4792	EzExtractSetup.exe
4792	EzExtractSetup.exe
4792	EzExtractSetup.exe
5852	regsvr32.exe
5876	regsvr32.exe
5900	regsvr32.exe
4792	EzExtractSetup.exe
6000	EzExtractProApp.exe
5484	EzExtractSetup (1).exe
5484	EzExtractSetup (1).exe
5484	EzExtractSetup (1).exe
5484	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
3976	setup.exe
5388	setup.exe
4792	setup.exe
2016	setup.exe
3244	setup.exe
2328	setup.exe
3376	setup.exe
1948	setup.exe
5924	setup.exe
6192	setup.exe
6312	setup.exe
6480	setup.exe
6472	setup.exe
6580	setup.exe
6588	setup.exe
6708	setup.exe
6720	setup.exe
6852	setup.exe
7052	setup.exe
7084	setup.exe
6560	assistant_installer.exe
6560	assistant_installer.exe
6624	assistant_installer.exe
6624	assistant_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 14 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
608	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand STEAM.
phishing steam

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	64	https://steamunlocked.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f8d0bdaa90a4887	41

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProCoreDll.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe	EzExtractSetup.exe
File created	C:\Program Files (x86)\EzExtractPro\uninstall.exe	EzExtractSetup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 37 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EzExtractSetup (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral1/files/0x0008000000023dbd-904.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	EzExtractProApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	EzExtractProApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	EzExtractProApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	EzExtractProApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\EzExtractPro.Archive\ = "EzExtractPro supported archive"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zipx\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.xz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zip\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.arj\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	EzExtractProApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	EzExtractProApp.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ManualSafeSave = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	EzExtractProApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	EzExtractProApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	EzExtractProApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.lzh	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.x\shellex	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gz	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{DB52FF7D-1784-484F-89BD-0AF7E4513EA0}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.iso	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jar	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xz	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\EzExtractPro.Archive	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.7z\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bgz	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	EzExtractProApp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D983473-BB31-4609-9F85-3A93CE453FC7}\InProcServer32\ = "C:\\Program Files (x86)\\EzExtractPro\\EzExtractProShell.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.uue\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	EzExtractProApp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.zst\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}\ = "EzExtractPro Context Menu Handler"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	EzExtractProApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	EzExtractProApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	EzExtractProApp.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.tar\shellex\ContextMenuHandlers\{3D983473-BB31-4609-9F85-3A93CE453FC7}	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	EzExtractProApp.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 974744.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 467525.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 530786.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 872048.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 730841.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 158599.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
1264	msedge.exe
1264	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
380	msedge.exe
380	msedge.exe
3316	msedge.exe
3316	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
1664	msedge.exe
1664	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6000	EzExtractProApp.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	7096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	7096	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4792	EzExtractSetup.exe
3788	EzExtractSetup.exe
4772	EzExtractSetup.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
6000	EzExtractProApp.exe
5484	EzExtractSetup (1).exe
4200	EzExtractSetup (1).exe
4984	EzExtractSetup (1).exe
3976	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 1328	1264	msedge.exe	84
PID 1264 wrote to memory of 1328	1264	msedge.exe	84
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 2964	1264	msedge.exe	85
PID 1264 wrote to memory of 3940	1264	msedge.exe	86
PID 1264 wrote to memory of 3940	1264	msedge.exe	86
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87
PID 1264 wrote to memory of 1812	1264	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://uploadhaven.com/download/aa42c9608cdd5a37610b6de9bae5b672
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce3ba46f8,0x7ffce3ba4708,0x7ffce3ba4718
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1820 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7796 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4792
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:5852
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5876
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:5900
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
    3⤵
    PID:5916
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3788
- C:\Users\Admin\Downloads\EzExtractSetup.exe
  "C:\Users\Admin\Downloads\EzExtractSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8000 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Users\Admin\Downloads\EzExtractSetup (1).exe
  "C:\Users\Admin\Downloads\EzExtractSetup (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5484
- C:\Users\Admin\Downloads\EzExtractSetup (1).exe
  "C:\Users\Admin\Downloads\EzExtractSetup (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4200
- C:\Users\Admin\Downloads\EzExtractSetup (1).exe
  "C:\Users\Admin\Downloads\EzExtractSetup (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7316 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9532 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10520 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10656 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10836 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11400 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10532 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1324
- - C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x330,0x334,0x338,0x30c,0x33c,0x738f9d44,0x738f9d50,0x738f9d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3976 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241227232952" --session-guid=1b824c06-087d-412e-aad9-74da3cb53482 --server-tracking-blob=NzU0YTRkODUzNDM1MjdkM2U4YjFmZTlmOGNiNWMyMDU2ODhmZWVkZTJlNTVjMGI4MmM5MTQ3NzgzYzNlMmJjYzp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmEifSwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM1MzQyMTg0LjQzMjciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IkNQSV9XSU5fUlRCIiwiY29udGVudCI6Ik1ERl9QQiIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6InNvZnRvbmljIn0sInV1aWQiOiIzNDgwODE1NS1iNzNkLTQxYzktYjM5NC1iODZlMWI2NjcyYzIifQ== --desktopshortcut=1 --wait-for-package --initial-proc-handle=0009000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSC2553530\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x324,0x328,0x32c,0x300,0x33c,0x72a09d44,0x72a09d50,0x72a09d5c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xd217a0,0xd217ac,0xd217b8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:6624
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:768
- - C:\Users\Admin\AppData\Local\Temp\7zS00389170\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS00389170\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\7zS00389170\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS00389170\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x72a09d44,0x72a09d50,0x72a09d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2328
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3420
- - C:\Users\Admin\AppData\Local\Temp\7zSC5D77620\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSC5D77620\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\7zSC5D77620\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSC5D77620\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x72a09d44,0x72a09d50,0x72a09d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6192
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\7zSC1A1F510\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSC1A1F510\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\7zSC1A1F510\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSC1A1F510\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71aa9d44,0x71aa9d50,0x71aa9d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6480
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6256
- - C:\Users\Admin\AppData\Local\Temp\7zS07871250\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS07871250\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\7zS07871250\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS07871250\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71069d44,0x71069d50,0x71069d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6708
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6396
- - C:\Users\Admin\AppData\Local\Temp\7zSCF81B050\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSCF81B050\setup.exe --server-tracking-blob=NDQxN2JhZmZjZGYxY2ViOTAyM2Y3NjZhM2Q1Yjc3OGQwYjczNjk4MTU2NGUyOTNkZjNkNTdjNjI0OWNlYzRmZjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3RoZS1jbG9zaW5nLXNoaWZ0LmVuLnNvZnRvbmljLmNvbS8iLCJpbnN0YWxsZXJfbmFtZSI6Ik9wZXJhU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhIiwicXVlcnkiOiIvb3BlcmEvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1zb2Z0b25pYyZ1dG1fY29udGVudD1NREZfUEImdXRtX21lZGl1bT1hcGImdXRtX2NhbXBhaWduPUNQSV9XSU5fUlRCIiwidGltZXN0YW1wIjoiMTczNTM0MjE4NC40MzI3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX1JUQiIsImNvbnRlbnQiOiJNREZfUEIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiMzQ4MDgxNTUtYjczZC00MWM5LWIzOTQtYjg2ZTFiNjY3MmMyIn0=
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\7zSCF81B050\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCF81B050\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x70629d44,0x70629d50,0x70629d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11832 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11980 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11952 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11736 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11392 /prefetch:1
  2⤵
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12012 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11300 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11508 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9620 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11052 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10524 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10968 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12068 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10252 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10256 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12140 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11392 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12156 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11572 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10820 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:6540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
  2⤵
  PID:7144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11732 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5371513287846388296,13890453880665663653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11404 /prefetch:1
  2⤵
  PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5960
- C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
  "C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:6000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe

Filesize
881KB

MD5
3b67b6026237810356f5aefb373d2b15

SHA1
1a4d565f81195adb9c048f8eb7fa7d77018ee3d1

SHA256
554ef8f1d2b201421a53dbbf897fcbea20dbba9d6e8fa881ad0b52be60c11f5e

SHA512
4e4a7445b1580c2076174c336414d5918a3fc0afbb13d56d29bd1fc18ca114affad1ced06fd52624292012dff2b95a76b19f4e3f9940c2d9a333c290a95d4641

Download Submit
C:\Program Files (x86)\EzExtractPro\EzExtractProShell.dll

Filesize
167KB

MD5
968e162057c49c860813e465bfd3c2fa

SHA1
78e5b2e365a3cd7bd3f7fc4dfd9991568ee2ec8d

SHA256
08ccd848487f570175e3c5b8fa70b04ce30e3afb9f43b4105180e2eb079c85c6

SHA512
5c41164239607fd32393742943e588d461b8a1d276d9e8142929aa7a22b6f5a82a723b2fff0389ed84677cb9ea9cbf1d793a66d27c367b8f7b9909a242f94eec

Download Submit
C:\Program Files (x86)\EzExtractPro\EzExtractProShell32.dll

Filesize
126KB

MD5
24be51bce468016e106b55b19a2cbc80

SHA1
c7e18c81ebe523a1fefd845c9f9e09b881fccd11

SHA256
2d3a1c7e0e6256344648a054bc5526d4804538fef9cc87efab9edb426bf1f4a6

SHA512
697d736f24b8e28db98885ad248048f43d6bf26237dc0e9651d37810d992fb2482cfd23a26d10164a2a30ad326fbbaca9390730ec498972cc91f673b77756859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
199746a0d209eca4de35b7d2b856bad1

SHA1
6376b3f61a33c93e454fcff2cbb12c5300b468f5

SHA256
b02464e53d2b7ed154bae51611f8f934998d352e7b2cb41042dc5249159e8868

SHA512
fb5a39700116f78420bd37f5666de819b370e4c21fb3c97fef0671e92d9d8ec64bc6b25a37984ddbd9627680fa51389f06bf9a21b2725c36011ce95301bd63f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
9753d364019f01824e373008b4780205

SHA1
b16c2b30567bcbca4d5cd9c8af84ce493ac91fa7

SHA256
9dc21b5a076f25d0fe12088937bd89c1bb2c76ea8c33d5d06c54897b31e3dcef

SHA512
adeb857424ab7c60136044e15bd63e35ae7748011652e772d0c825151dc0efcd1ace71db7a198636e7bb70b04c365341fdba199300cb1533f4a6ca7f56c8c192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
bb5d66dec453feba936ed57afa506fc0

SHA1
e0da1dc3894f2d62132e85a5d255009be2d27a30

SHA256
75350e56e3926b4814c7327b908fcbb35d3c22f88191d699daa5c7e473880f42

SHA512
5778a711a2b03db438731fd50267832e06d40a003aa23fd576de99f840cea3a179abf22cc691198993f6b044c5ea2b8aec3c6cb69c22d6efe3d659cae81da018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1b9b3773-c03e-4477-996c-e96a52b8cc31.tmp

Filesize
11KB

MD5
ac9b62bdac04c257748abb30c17f4186

SHA1
08bebdf8dc267c8f6fa4a5d41a90dd15d187cc52

SHA256
db13571fd381e18d69ed6e9ac0991b8550a517f396a09d3b55c649af540ef94e

SHA512
fcea2b5518bfece80dd08f8beb61b40ba124d874a17e580a63224722fe0ecc0ce042a797fcedcab96d96639d906f667515072f06ccaba2d39ca8557f7abb9f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
210KB

MD5
fef45b2c1a8d5b74ef90e5f5fcf9675b

SHA1
9a09ec333228303c53920d2144cc0c826e6ba680

SHA256
a77d35dbfd33664ba4c9d288a7b995b6fcfb3287f6795cf57e183c86b5f322d5

SHA512
bde2ab7e9b658e7929d5deedbd35aa74927150d5a6298360c60dbfde13950a635946f7b8f3382e96bfe0b91c40ab401ea9d56607cccb6f8d1c243732786b1075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
84KB

MD5
53b1fcf41bc3b9b11921198bbe4382fc

SHA1
78c266e52889f3e13b69361ed8794bff86d1923f

SHA256
8d177dcd71f25c4f9d74125de9cb905d667ce1b333ea11e3cebb5e748f86a5f1

SHA512
88194b80cb3a4be5cab7adbe599b5c398a62bd2b4cd553db840d9f9a509914e3736841070c5e753a90a8327c63dec43c07c29a2b9c0fe93a2794a395e83ae5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
287KB

MD5
889c71b347a0466bb16cb0517ca4b31c

SHA1
31b5c6064c76c2b64707055118dabbb6d81afa41

SHA256
ea8b30024902343fe31d835f07708ca459738ed6ff33d708c05f6c37cf0c23d7

SHA512
729fbe416d565e3ee1917354fdbc03ec265acabc976858d9f807abd21e1a4cf9d545e3687200c2d59ad1fe3b0bd2983fd5687d40bf3e61a4f2ca5a4b56ed283d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
78KB

MD5
6a0c3cf2767044e2f29bd90e10703cf0

SHA1
80b4343eab9577c90291230d15c6f8859df2e177

SHA256
2f18351472fc1d7253d4251b4443277500b0d4f9a77fe9f069888e4fe6da5231

SHA512
193a54322eac1729eedd3c3cc481cd7167eba7986be5408dfa2022ac66c6987926974a29e4968f4d52bf216b91b0f5046698e285d1ca68485f545c04d3ec6f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
102KB

MD5
cfebdc2c699983417675b09bdf020868

SHA1
f3c8f7ff0a9653422cd8743ee197ac9acf995b2c

SHA256
9308db36fde809871d861972fbb7cd38cd3f370a98cac94de9e0b8b90ef7f076

SHA512
0bbf7fee687045ef164ac4725a47e006e5cdf4cd63eef52b4e3d9fb2e92dfa69dd1400fb50f1a5b0a9a6f14249fea099b247b38141fa646ba9a3beac280dce2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
33KB

MD5
68eae8ae528b3cf4965c780505e8274b

SHA1
23eea22c5ced491f0933dbdc428503548ae48636

SHA256
5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa

SHA512
7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
50KB

MD5
b904fcdf1c4c6059fadd6893a7bc7619

SHA1
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc

SHA256
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

SHA512
1d86e3c2e83265db1e9b244b749dce0bf39944302ca01ff3123aa5f1cf2cf562774ba344b9d4b2c65da33126ab0a5d80e37d448a794dce7f9f797f9544938503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
337KB

MD5
cca154aeb52ffc4b29b53765258a9da0

SHA1
b4895b7cfab62910643701b97d561fd652a4045b

SHA256
2a0bdf97b30472839ac451c442ca93683ddaf80befdab5abf46af312a2cf18cf

SHA512
c9778155a70e20d2ad83fa62afbcef20f77ac6cc90a9d01364fac4c86a9c0867187b4fe44130c88cd6c8590cf4690047afb2c86b9a78bbff912afdc310001a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
50KB

MD5
39cd5d89c27574971fb37e9983ec63b1

SHA1
2bf7a03a3b4d58f24b0b7c49408ee95ad90d4888

SHA256
17e07cceff65072a4a59af2bfd52ae3872deafecb10114ea4d85a69d1d2ca59d

SHA512
4d1e6ddbbb16579265be05e64aad7c1187a8b6471b5e1e52d997fe96ee12fc1908eccf495712d5b49fb664c1f9612bc42a4d2bc23ea1b5775634ddbdeade2972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
144fc04495ecb8dc94d13a866ab0f3d3

SHA1
c4e4e25b100b08c5777263a99709ec4b74652ed3

SHA256
9ec1bb323a1726e8c749002492e873a76c31ffdb7be05a3043d9a978a2ec8503

SHA512
add788c2c78d5ab09bfe897a52ce20345d72b5def5881f63af77933858da3ac1b21b673b957b657ed4441450e9f710a0dc5a90f2d5438ed668e8cfbfce83bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
17KB

MD5
663d0d0966d3e0fe61cb9cd631c35c4c

SHA1
d371a2344f891ad2dc585f66eee08f4330634184

SHA256
97577b7db223876f9a048ad8833c7b55726ed464d8e9d34c303c171a6f32d7e2

SHA512
75be36c722dca266a10e3d8003d7b68906e25f369d9009c6778ecf2f3a4074b6c6307e37eafbd5e9cd755c2a850579df765a1d1d7be1caabd17bf0b426a65d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
19KB

MD5
ab7532c8d5e38228215da168e80637af

SHA1
00d5eda03bb3dfe84356d39e2d445d54896c3797

SHA256
20ac4ead3e1e487b273d9a733b36efad29462dbe10644f65ee5a69d8aa971240

SHA512
38d0eb27d49db442b3acc674853becc280979a9d2d34a972cebd61b803e5b8455b4f949ab904079d640911db81706ed23b75f3f36cd3ea5aeb98fd243aecd6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
142KB

MD5
83577e46c53513bee9502419c1a10e3b

SHA1
a99505bfe175c7ce78d0c5e1955df4471e07f90b

SHA256
b3f538657fc97edcbc0d03227241d333d6383b5a9594609892a2b0f8b130e036

SHA512
9bce690bbbb33c57fd43a32d33756567b44934d630c500ef982f8cccb5e005478bdf433cbd5dcec258547ccb82b6e0474b89cda076f719969d3719de9a55617f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
32KB

MD5
46b3529a14f8bff2631753f56ea5e68c

SHA1
98a7d673555c428553d43112aab5588f95e29b03

SHA256
ec237bf6786623c49607069fad75ca92092745020ec0f70db880c4b9dd42d325

SHA512
2294f0a9f5ef10b73d8f58de7a8bd18080575109c92f522e39484e2ae0043c82f51bf3f588cffc4d39663a5a4ea2b66cc47507efd429df8742a27dbcf6abb1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
95KB

MD5
cfe5f6303267de4a4ba1e1e7e186c9f4

SHA1
4569f80a3326d7e8d3a05dcb78d22e8187eaf084

SHA256
4e898c75eeb7c4fc5047dbee7953ba1b7f0ac7ce079e2d449207f0517ff305cf

SHA512
4353f80c8b933c2bbff09a25ba7ffa5854652362dbf400634fb1f3719ab7ed87467d1704aa9851cc9298b43b1cd4d7410ff11fbcd4938ea842e4542fddb476d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
20KB

MD5
323c0dbc3678046d7cc37c8060083f9c

SHA1
a4cbb87d0a0cf4c07fd995c221e88a3a47cea38d

SHA256
e8d36c70489e878b82bc6f790d114d1a32c7b187b1043212a76f8146d9fcb005

SHA512
caa84ca897a4ec335cfaa2107dcbeb56956584a11ba4f4a4b05cb942f95c9676fa7b921f1f01a7ce1de912441216a55247d7926b35480e9ebe0e9ee173b54d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
89KB

MD5
4d83f4c87d681779d93060f55c188ae1

SHA1
0ea48260564f674502cfc010d9abd01339eed62d

SHA256
fe2cada804ef726b03f224b940ffba24143b4e00bdbe4cd9443de3e87f086240

SHA512
303ccf8548966738f803e4f08c59aa31b20de31c82180e25d05bdcf07b583e84d06c9de86ac9c9af12ac1c65bd7dcbecebd22262b9195cd4de48730109425a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
27KB

MD5
bc7321f62fec1792b4b4b06eb70b55ed

SHA1
1ec07a8dea6ba3e7cfbcfa03fd41e4fbcab88d80

SHA256
4568f3217ad7eca8b87555678b82e4fe003aa5df2c4dd7cd27f469961b3bf303

SHA512
6fb01025e6d815f26047d4f2c0eee18a992ed550b73b4d23733b2d00c70827e1407828986c2fe13f2f08a991dc45e555177199c7f226ac5aed5323bf5436fdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
20KB

MD5
014a1b0224fa841a945de432dbd13f49

SHA1
d00dd429de3ae8107d2112fdcdf82570fbcaed2d

SHA256
27cdba1a1d6be78c07d329f54a589d05627f6d1645040adf7fa529d76845e43f

SHA512
fe1a949cf7158b1a8e563c10f46f3c3440671d239abc423b37f24804ffbdc694e1b62581199e9dd8bfd180fd2f7bebd0e8e5ab1b4bff2f999fc5716a21918072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
138KB

MD5
36d9c196b33dc05d8ef7cbe7132c8f1c

SHA1
dbd00f0df91148c3e09885ed8b0dc5a3ce55b6bf

SHA256
51c5b448b6cddcd33989cb78b17f618ca0313e45afcae462baa9fe23900394d3

SHA512
9a7f37de1092cad6d2fbae23a56787d1fdcf96318854ac6afca9f137fa868409a3c34cb84c8cc0ae4cfdaa993d7654c3ceee23a3b6da5496f9be3a6aafe3804d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
84KB

MD5
270246efa701843deec912f5c2bf159d

SHA1
ee04d419b11468651b49b5f5e7175d39a283bc7d

SHA256
e7d59c84a49c4802e81df7e159e552626b8d2b5473b4aa01f1e137720b99f2f5

SHA512
d6e3802f1dbdf12284217bf526a1939af12152218ef6a72cf6b001aa41efa8cf0e8021221000c04fac9d8841f4f73fe4212e1c8b5396d1199c84fef3ca6fe7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
89KB

MD5
63ffdd175bfd5318686f4093e37a2eed

SHA1
b0afce4f20b0df68fed10bf9db1c09eb210038d6

SHA256
688b622798b316644e0def578a36a1ff30457fd9fc1ea5c464f25249978ec8c6

SHA512
42d1478189074b6601ecd0f8c64e97d9a17ba4acd5faf7ccebda59295505fb7ff5da12db17885a75ffd104a3df4bae47a58b93ce3f5db4e2f67a02f70bda5c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
28KB

MD5
a762fb5a64dec4556d980f51ff3060c9

SHA1
6ac0b291cbbd8819e9a922c9c5228f76ad029983

SHA256
cfbdf62609fb4493b45b6b7a9a13c5357ab5e7447c606d9fd707dbca46359a54

SHA512
23169bb323a788ccdb915dac2a8d8c58b018c40941f2c7b10a3814a68b42ad3694d07d23e2eef31d77a7c16da355c98d796b94f82b8f352aa4825ec0c3e08b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
45KB

MD5
5f339ff8127ea962b8aa3a95709b6ad1

SHA1
340631518650a5f3beef366ee93ea20ceb5da39e

SHA256
b3ff14cf44c5c690b256a05bd28f7f5b193f1b03ae6a6d512dc267ebaa505260

SHA512
65e21ff5cb91fc5221bab0f952d6be06726ed9fc98d5d560b2d1e1bf2d25c3de44b1509a1962e925ab543dbb2d42eeaa7e572f9501d8e35d980e769f30b4d3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
124KB

MD5
ec02c8242f77e897b5d4f639beb3f9f9

SHA1
2098bf13c72ce6a0313be2ef3a050393936cb15c

SHA256
02dce4b8bb11d8301d8200b799d2df9f80be69102b2152fff153874243e97bf2

SHA512
5421e75b6c697f480491bfcd6bd8b04c977bd809864dee9aaac8063eab2dafa4caf94ecfb3e065945ba8258f78f6334e733988dbdbf78407a770545f6af93b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
20KB

MD5
49c61a9c31b4b8a59171e13070683cad

SHA1
4d91c18941913b2ca260b877f924a44543826923

SHA256
998967f4697b28aabf6997d03df5a913f6f255a3b3a407c37f60278c4c523795

SHA512
c7fe90181791222331be6075c0d66188fd5f15f3ad2db31065b9bc1acc3c013fc97b9bcef1e9195176ee3aff97d36395da923aa40368fb3498b036e55aa5e878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
60KB

MD5
64fa5954c534d47c162e7855f8ca8f5d

SHA1
4b01f58fd07b72e3af80779144f0d3990632e62a

SHA256
5956b153c63469f778b53280ccd35624c33625f69e95cf01c25d4f1a4d1ea349

SHA512
e7def3552526a152db7b19858e7ca5795b31bae277ae541f5dc0a4f967e185b8dfd5de46c6b2b67823e0b2751794e27a8af6fcd222a89e2f0d56384dba71f9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
92KB

MD5
f2d452d80bb344b739b1ffb73afa98a2

SHA1
81ad64550003a3610c2d57858061cd1d7e978c4d

SHA256
5efaaa9d9e444be6fd322633bd3b21c695078360ba4698ed6113b4b5f4773ff6

SHA512
aac86b9ebd4b0ccd9ebcda8b745a88aedd0c5bacfc718a258ae79b28db5c2d51108074621cdca2a9e33a027fcc1ae886dfe11df6f25578435854958680672a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
62KB

MD5
35fe37e08d59a3191e5937bbf348e528

SHA1
64555d7ba585935ad7031b1dcd85e32d665c5e19

SHA256
e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615

SHA512
ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
31KB

MD5
00bd4556d9672009a7cce0eb5605fd1d

SHA1
e6aa062aa34cd745dbaa2b0fb851511a5ea734dc

SHA256
11e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621

SHA512
34f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
23KB

MD5
0edafe18f2df08db5d7038aae6979427

SHA1
acc98424bb7eddcc2764b97a69e3cce0a2540a00

SHA256
080746c9d13b0870f69f0b677d61f0f8ca59d2bdc6cd7d33f2f4a200765b799f

SHA512
3213baff1ad47d8f87a5683cd3a5327b0f3bdc027d1c8f570f4a8869eea2cb7a4b75a8158e4b4ca56d260683d2d503b509aa162fb22d727991e8e7b433c0d5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
52KB

MD5
6c3e676bddee2c31e9acf760575b0fa0

SHA1
928fa7b11c321d7fe48d3895cb118747d7bebe68

SHA256
7d87b38bb953521044f7ec3b2573d68983f5a035170dc3debe9b80e70e61b6fc

SHA512
48bebe21e3250658314bc9348a63317f2b85a4b7cbf2dbbb29bc95d656a305c1c01a8c59d82df00dcc51993a07409bad6dea7b1a17b1464cd46a0f44a1e0cacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
52KB

MD5
32efbda152798dddde4e5b2096f9fd2b

SHA1
9c22cd94117302b6ae712580468070a4a5773fc2

SHA256
1cd19903ae8f9cd7a4391989248a05f068e8870e3f7a3e8c28c609e5afa51e84

SHA512
98c925afe53a723eb0b35f4beb4656173e6c38339fcd1e1ab5b099f292f6b079cb5c83357d89952968bd1793d8aed833f6ad2978f891142ee714a66f1ffc0139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
31KB

MD5
d2df6bc998ab0eeec303d09b6eff6e74

SHA1
77cc7b7973073804896b0623112c272237170135

SHA256
b9fd7baafe8fd0126021b66b8cd55652dbba65c10b55a01d846c9501d9f3c6ad

SHA512
e4dd88761b8d6e99b464f8b90c2070af950b873839c62a7b35b59fe0f8736cb25aaf1829e23eff6d11e6f3cdaba6069a748b4371625fa10c53ae7076b1ff0f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
106KB

MD5
c4e5e1cd61e8be4e1243c1944293763e

SHA1
4f57afcf5e15e177e05824180a91b30360b9bb29

SHA256
063329a986919b40da3b4403816892eb024c743760a6619969c83ef114ae31fd

SHA512
d20862773643fd7fb6c7f429bb74b9cfd8d55a71932746cd3fd1a2f3a4eef3cb98ab5287d58554c4375b32b753282ea7948e96967a926ed218805be82a0af060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

Filesize
144KB

MD5
26849b8c8e3a158e0b466588ca6ae1aa

SHA1
b04aa2db59d146c00c310c352a097ceb217022ab

SHA256
1fd414c5f15aa23ed9c34632c54a9c7987312b1d440ead9e0d17f969767d12c6

SHA512
fd51f273da5c0f850508a4264446e76c0d4b46ddc349b57034da25cb5ae2e7da1f09455c112886c298899966d2275250fc7ebb6475706504adf3ef07593d6582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5

Filesize
79KB

MD5
fdef68c8c6b1e2f3059850ef9711f86a

SHA1
6d1c272871be682e50df0e7eacffa48c2e67ce12

SHA256
65641b546b05e97f0abef7f1b75a5cd7ca242437853176f8d2a23834291f20cb

SHA512
26a3e9b4973508ec134ff7fc4e4f1c99f8f6e64378a0cffb71490257cbc183c8b4da546815b0957d65fa6d989cae63be2bd2ed947e31a7d41482310cda3f038b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
96KB

MD5
895e13400be1bfc18b4f7aa9a48ede6f

SHA1
7b1827e27aa327a787a8dec2edb7150c05056447

SHA256
065a2f3a4f62406d18bb56d68f74a922c6b9f58a76d2eba1c26f791ab58b43c9

SHA512
b530fa7e306fd3f9e4ddd3909d5e83bb3cf3d21c30dff9cd2df8e95113ca911a3371165ed740d6a98931704ac8d000a214d75a292d0c8b7c813087b47aa272a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000de

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df

Filesize
20KB

MD5
d5b4fe6b31eb54d446487fff71dbdc7b

SHA1
7985621bd2ed1717893c0f5442a635abca3f5dfc

SHA256
d50b67e549ab68246540996a849afc58c4ea2af41d4f5945fd2fe2d50c1d926b

SHA512
906ac4aef9d3f6cff0447377d38a009d4783bb1053df91d4bfda670f93968bf776737bef32bbb295fa90590e1921882781c566afb2be71e8f3f2f815961fe6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02fd9f83fde58b18_0

Filesize
252B

MD5
d7f275c219b7a033a6bc22dbc2d65a53

SHA1
a514f8f4d57545b310b956b2c91c00348065ea3b

SHA256
832311583d86ee2450a6b349af36682e98183502675ef37d4064cf16fbdd3974

SHA512
257e2c698a034a9cd55c68b957f8d291579776b10e5c7f680052e3d25285e74d993b891232c3adc48494f584869535c267e5def28b4d0ddfc53e055bad25ff61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c96eb3ce3f98a32_0

Filesize
66KB

MD5
2d6baa1a45a7cc723753db9eb52f759a

SHA1
d296374eaf4f34ff040a119d830b893da7777ea9

SHA256
26c5ce8fd9a5f8e932c5cb92111078a78137e31624826fc2ee7eff7c5cacf197

SHA512
04212a0ca8036a144206199d58dc58a611247a25620a28b7facebf39b3e80efdadb5a337c8f41145f4f3fa49a3abf6496168156983ffea44164f80fc622254c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10e7f09a1dadfa79_0

Filesize
252B

MD5
1edc87d58f5d42ab3ecda47aa37d458c

SHA1
febc84525d264fc9b11d64d17740461789532e36

SHA256
fd2666e558455fc206b3e35287819d01c9496e7c35fd82851ce74f16eb78d197

SHA512
86d584e6040ed42664ebcbbad08104cea37f25b238c2c0c64127f53ef84d45282f6bb35ebcf85a9007abc686f45ae94320870f569033a54c619ad8251745b24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1404367fb9ea0c6d_0

Filesize
301KB

MD5
de1b46d3f49bdbab1fd121e527b5c134

SHA1
5b716387de364a6ae12c81f22143c411dbe811ef

SHA256
81bbf05d5d133e3c407e9bed78b224f2f729958d631aa81e8814d5ff2a71b756

SHA512
f684ba5e2656fecafd4f2dc3a2b2c1f07e24dd977f27e1ec05ff92d422d20ebd44f07f02a3453ae2d61317c4139c68575c329770b504b0c11ab55986aea5d634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19d9e9b87edb2b65_0

Filesize
306B

MD5
ae8dc997add1fe2da9d0ec2e04ed3643

SHA1
066d6c7a407125d164bd7767d502e92609417aaf

SHA256
c6162ef78adc7212e6f4d81355067910b520e49cfe4bfb3d5e4f19baabfd8fbe

SHA512
e134c4ba17b883b0fdf189958ace5100e7c9453aa1a1481260c4f2573ba2166f179ffad56000b62fca545be2486683720287ce9d27364f648ccfa8cf56b18d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\213e86c1da315ddc_0

Filesize
32KB

MD5
71e6a461399e84935afbc16b14fb22d5

SHA1
505f84236e7df28212b55cdd5a5d30f32919dd6a

SHA256
118e578fe0ca8d726beb4cad8ed60864aac69747361f22d36e3b2aa244aa40d8

SHA512
92e35695d7376b9d5a700106e0793b1e80e74205f948a421371ce565f0ab756d87f75eb1fe989d2592ee27f4cf0b46d756758032c4e3de314437bbf53402d8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24029b20a1b39be0_0

Filesize
263B

MD5
74e993b3543469fcc2a9a4f2f8eb2dea

SHA1
1523448306c5604ec023af303ba688cbf8c8a83a

SHA256
334faeeefd09072568ccb6c861b11b646336fa4eb58686fae7c781cc2b04c5a5

SHA512
8ce3ac109488acea9dcc996c630ef45b7d12e17140e7502836144aa8488218e1f8edca4f64fa37695f53aab7fbb5a50fa198a67d93344fc73c77e05562638a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28841d810a6df431_0

Filesize
194KB

MD5
ba73bf3ea2b45e8234da7ce35712169f

SHA1
3d6bed3e12f75ff05f313931731447dbe941b8f9

SHA256
64ddb7498cf08ecc5d28e49448d6cb46deeec270eee23edd7741c5775c6046b4

SHA512
bc8c04b67bf3ed4d5e1bf1db88f99927ac37904ea56c9628e6a878986a48a50696c7d92443019f3c8aa5260222f372b21cfd3ecb69eab838890003cd95ac820a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3366cc9bb43c369d_0

Filesize
252B

MD5
05ec316dd5da7be2782c253b8f44da37

SHA1
a9cd3863c2026ed8736cdc4a6367199d4da1bf20

SHA256
af6549aa8746bddf88de87661f99b4e380ea1e717ed4de34335f46fbbec74693

SHA512
10d4b2f653fb4f2af438a2817d9408552f86ce721c77d83b8ff8d04a59c68de33615633c5483c6280eb11679adf525f9e5332a263b2bdd1f5d0d7c3acdc28017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
04f21edf94ac59bf7db25817c98fa143

SHA1
625a88a1b47d5e6e346715108109cb67ff27378a

SHA256
ab4a82967d7bb570fb4b7de607c221589548e7b01ab1e7d5f10d827e22523dac

SHA512
43a57efa9da4b6f8d094b1fff1ebfb0f6c0228b95c693ff97caf3235789808c149ede3a8ef8b0725257ea234099561118430d9108b64b43c0ec4a103602226a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43ba0af7679523eb_0

Filesize
525KB

MD5
27c628bb21528ff737e32af06347017c

SHA1
f75563920a4509a18f0c8a2d37e0087b5a44c861

SHA256
a022ebaf9e763b8a3189c5f515016c51276eb82b626752c3447850723868332e

SHA512
f0f51efb8a296148b4468460ba3a9c586566afd47bbf7424a1ec8b672583da754f1daf6e0e07bb29b19f357aa95d893c3f6d7583748bb18d42f6ac96b3a3d85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
26KB

MD5
2d563a11b14d2a681ef78eb06ed72c2a

SHA1
5ab33ddde935d4ed888f256910feae87b7ac8f95

SHA256
ad500fd7a7838b3a6be1974660dd4e24fa0ee0323b8ff4b90393f3023a8979f5

SHA512
f16ff48df5baa05c31ca36421059a14b01504817bb9ec284b17b3f76bb56584f9cbefcaeab3b26afe48f9d1f3934352fb008675682cb8dc46bacf1352f064e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59d709dd2360e6e4_0

Filesize
387KB

MD5
bcdc7de6ea3b31f2c4fa7323a0ab12c9

SHA1
0aa911b9dc2eb000e4e246b962e78de0928bfffb

SHA256
40466e002a5f2c86265ca94dc1158aaa6b42d50f7f6293b44aee87004994c2f3

SHA512
6b3fb18736682d41271b385ce476da13be38ec85b972d2c91cd145a78ea7f0fb7773eaee1a8b247bdc607a5b2d2043e682aa87b72c036bc7240246b08f72f8b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5cecf8a223083b5d_0

Filesize
306B

MD5
3022132fc3e6a168852c8f84bdb5e513

SHA1
c66f7d966094cf4f46c2fb9b99231438fe5627e2

SHA256
5aee4c0666a9d2ae252d555951d0de2d985ec318810dd8d8bb2c6a5fa719c74d

SHA512
042ce70dfbf209dd17d4182a850f51caf10fcd3b5c894c9189cae23a4ffb591b6a2e78aad0e21263b035fafd615cd84081b924a53625cc5c4b955ccb01456564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7789cca9f74c8cc4_0

Filesize
96KB

MD5
a8daafcfed1a8332eef16bdef895bbd4

SHA1
7708906c8b8b970182aa324315c6ddda06dd6f2a

SHA256
026f2fb2233a7b2cc9b1d4386b59943caac4975842ebe42aa1fc3a65741b973b

SHA512
8b1a2fd7dc66eed5d1d9de202ea00d99f53e012b12959a14b6b6ae8b104fa95a1a5bc788aa1c41dad98b6fb58aab3d1c88e3f622fca94d4912d6b2992464de28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7dd85b8ebc66725f_0

Filesize
306KB

MD5
ade89193b273ca7f27ae5094aa07db41

SHA1
c0eb15bf87584145895fc733444e76dfb7f437f5

SHA256
df1e3a468359ef2e295f63dd2fd81c3c857ecb0f11d1c7c0a4fc7536ff0c7df8

SHA512
d0eb7379f105b5729c7853a428319fec36b6985fce61f95df53b21961a611962903dfcddbc1825162d9ea02a13dd7a19817f21f5ba38e2c7aff747c9e4efdbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8780cc0ba0c77308_0

Filesize
2KB

MD5
0719ad68b8f65f8efa5c054d41805094

SHA1
a2e54511ff6130d16047fd59f6facff94fb47d9a

SHA256
f814ba28b99609bda77bfa01b8f6064be4f325638c20213e6c3fa78c3aee6b21

SHA512
9b93d84db0161f2e23bf6f479f6aa6b70bfcc1850739772dc19979298cd2c210a32436ba55fc8ece1942d68663bbdc5ec923833813bc04a595aee38829b0dee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a693e1c4699eaa4_0

Filesize
42KB

MD5
b2c83dbe8b42dde5541781fb70f789cb

SHA1
2882665685a783831f3ff0dcba6ca291c8239540

SHA256
1bedf858b3bc427bfa5f6809f7480c53bba3768a35e8c39fbdbe0c4cf9a4131a

SHA512
4d3ff91413ba22b075d9fdaae135c49e5052528ced1bb73c13637d74eb40311d41ba0cae37390878f0732951aeeeb464c7744874fd3b324d837bb2f4e6cfbbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99dd5dd6f1f1263c_0

Filesize
693KB

MD5
16d0d98c8678fb8adcfcc47c61c5a57f

SHA1
20deb083b37fffbe2a2705a0b1d8b9724701b720

SHA256
54ad1a710212777355afded28cfb6f5332b7b8e606fc877b108a5a0517b51335

SHA512
2bd7667bf61e16d64e9aa4309fb642995e5747599e16aa6451922ffdcb799f224de24c41c20866d5570b7a98ad9420a555ac2d48f98812c675851ba19b90885e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ad63ef88e273cfa_0

Filesize
139KB

MD5
cafb2ba28106ce0d37f8eda041985cb9

SHA1
d71b2fad65b34b2e7a464520d9ac8ae81cddea15

SHA256
29d04d08a6e27c7548b7d0a0d8a7464ea9f55f36de721fe4ce467ca299222997

SHA512
6396491268920dbe29aeee3367f8029a31a2f769fe2618caa1f94fb6c5dc29020f1f0437f0690c6d246ca9cc1cc341add9d79fc321af74092beb038467ae9cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e04f19de8f5d184_0

Filesize
260B

MD5
49619e69d6ecf0045ed438350342db60

SHA1
1f24d85fde80f1911a15612d79b72630b8e8346f

SHA256
1938f56860598da9e8e1192006c8283955813c770219cb41acbefb08ac015a51

SHA512
8c147b65538368ad13ed24760186eab4eda6e2dce09fb013863f20f956b5eca2e397b8b03e94f43b1dccf68a4496a8ed124c4e6b0ebb1026212ed83ba17b3fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a01bb86fbd58d61f_0

Filesize
249B

MD5
f405ac793fe665de33e3336e2892444a

SHA1
d4bdc36e4ce6dee934cbd97ccc7cebc69cb0044c

SHA256
ed7593630ae0bcdb8c76e11ff1411caf07721ac9b144055cb797f5a6055b1ca0

SHA512
fb8f09720ab929df6bc53a1d89b19e55cb0f6513793979f7888c393170eda29f456b6f991178427e3139724bc2e1fa35fb77c9e1595da7c94870ca64361548fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2b84e9192dbebe3_0

Filesize
296B

MD5
ceb8b161f0e045910625c3dca00b878d

SHA1
e8437d3111731badd17b4ae6450b26974043e743

SHA256
6e0d9e3f4478198b15203cedc80ea9043bbe827c01198b6ed8593989313db281

SHA512
2961c2d2ed84eb7ec50fab833dfd2aa9519254dd841b62618ba31be524333b76d2604847e030b1b49dadda93c3abc3f80c94da0ef357e459fdb285d90d6f22b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b449ef93c135cfe9_0

Filesize
486KB

MD5
6eebfce417ecdf997c925e9dba6217a0

SHA1
8df7c4c8565df571474e48b5de9258e7dd6e3dba

SHA256
2b6ca7f064967f7895b04febb7b415df9fa031cacc6d637dc965332e5f3943d1

SHA512
7c8d938be305aca72cf6ca644484c8afc6da3eb0398d70c179bb7a2ee6d5ec47cb3739c95c4626192ddfe1b8acc6f9a9e7da93fba861a9ea8885eaaab0d15af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b8fb7f17faf71513_0

Filesize
251B

MD5
72f572c32a2f57cdcc4aedfd7517d114

SHA1
af3acef8c515c274302ead35044fb36b6e95c689

SHA256
7a8258c4aeac5fa63dc630b3cc5f3d1f387f36a36f1f7d64dc68e8e42c7333e7

SHA512
0a83038fd2cc2588ef6c957fed7681394f2f5f50da5b4b59730ccbc9b7800dd906deefbba2eb91137b2676eb87fdaf09c829a21d1e16a98f5cd8d55dd5892b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bbe1f6f95c9b01ba_0

Filesize
428KB

MD5
dc0bf5384e19947c3577dcbdaf22822e

SHA1
ecbe6f561e9111badfc3db80523546f90e3839e5

SHA256
3bab4bf9cebe9dff1e66677f269a1067f35c4332200543016cb1fc7471d8ab77

SHA512
a7bc170d8f634803172f441c4a661896edf33ab04a05aabb217e01767161bd4f9e566ec2315855707708558f56d7386816149d68cbbba3e585b9e326ffbabf40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc0276656709e65b_0

Filesize
259B

MD5
b614cb43eb6912f36de36e9bb822e810

SHA1
9b498dfaf27a3f01ef46a7fc2f4481265070c261

SHA256
367838955dd25be5bef1503e8530bd44806656feb95ada164df89326fca68484

SHA512
14826d9be15e3b34afb6b530d69f2f2c5660d004314d78b588688f87aed31247f82123b038e3e4849361c74229cea2bbbc2950aec62ca198e73679fe5ad7fcc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd6b414df7ecb6ef_0

Filesize
60KB

MD5
15e234164925e84cafe1d9a2cbef1b87

SHA1
69268212bb3c1ac3db9aa990d59d4a673fa828f0

SHA256
57ac014bc78dbd3ee36a1069e892aab7316943b90c6db87b628a3ca601521c50

SHA512
d11b0d9e405bf131aaea8f5926c4486bb0dfc1b49946ffe5f54520cede51f82461ef2c94eb2ec52be66c135492e1f45e68f2aaa9c2784b02d74290d10656e0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44449928b6297bc_0

Filesize
270B

MD5
fbca4719e9b30dd52c5ec80d5ae79ff1

SHA1
addcc05420ebbdc147d92d4dfabe9f18c2b6691d

SHA256
3dadbf0d4f5b5416bba23bb62fe256c8b52487c882e7eaa679f4c4cc56765977

SHA512
6cc33a4ec81dc411787556918597e7e065c0eab50e38bcb040c6a4231d51529427f518ba5f92302ee11206bf81f2018e205b6caa85e3d1c76d5b0c9b820d2b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca4f0ef84f707e8e_0

Filesize
847KB

MD5
9297bdd29bb0820b0b340ba178e2aa68

SHA1
d8db1109d8e7d74b3075e9108438a29f81489689

SHA256
889e274ea4dcb33a4b1ef22ef1d9c0f1e5b46a420a3c8f8c48d1e5c04723bed1

SHA512
d620fd86a1528c0f98044e14fbd56d54faa57f191821021a7050678828949cf2eb3afb998d7e544b50e61228084417b255d38c7ba3f16c1e4419e9b1fce13f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc46e71b434a3511_0

Filesize
21KB

MD5
c8ec09d46ff7d201ba3495fdddc796f7

SHA1
cfeb2f4191f5d0874b028c20a619a1be6290f5e8

SHA256
987cac38cf3b48b2725adc7fdce2df0b3ac3895c83d7a68974cac87a76ae6553

SHA512
5f6cedceace7d05e9e2f41ec19b9e27a42dd928e604c21675884a3e8e39e3d086912fb4e46a3bb48fcb07d89164810352c92f3883e9b70b5b204b84726ee2de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d41e9e51acbe2d68_0

Filesize
13KB

MD5
d4c9a475ec0bea8b38ee19f651da42bf

SHA1
b5f6e76c3cee36b3fd948d19f0345bb841c84b31

SHA256
da3df3ec813e4316542dfd40f61b861d765789bbb1a677648513acc25fd701e9

SHA512
3f3ff70d3f673d095de6061506a81e87d1b023add834550eb7496f50b96b541df9384dd0a9efa50f7ea9506e1d946789798aaa1edb30dbae21d5902adc0c1965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daddbb0f2a40a259_0

Filesize
64KB

MD5
4c789b2e84d0d82050bd045b76cda6b9

SHA1
6faa5af93c0cd482ee669e030a59d14844276214

SHA256
6b75ab4a765fcea5962da5a1968d9dc01d5997e2ee782ce261edd736cf59dfd1

SHA512
c28e3cba86381a6da7f04a7c576bf645c4745faf84760ce040456f1726eb33eba0877f21930bbc7e850d32b4e5d3e949bf11109d84a30e7968e003c8a467b496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db534a1f31132f93_0

Filesize
55KB

MD5
3da59d5a8a16bb44665c1a1aeb980f93

SHA1
7d5e171871d87ff60490e68c932e2db2f8ba6983

SHA256
6f3c436cdb958fef596d15f4f2861228aa8b63218b4e47e50140e48f3d5b5846

SHA512
493fa5762dc30b583b0fa44391c174e06edd73cda5aa3775349dd89b8ef3b16c9409a4f8091da88b33339533a3fed7c5135c46682636ea8763daea69e7c84b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e201db4afc7e2e56_0

Filesize
307B

MD5
a721ea211710627c43d227a3d9c8b8d8

SHA1
328e87d5eeb4ade262aeb934f35bac1db68a35ec

SHA256
4bb1ce9ccc286389155a2130c934b42ac7f299a12e907dfc1c60583b8c6e6d58

SHA512
1f3c9390b3f8f6ed4cc35cdb0362db5b0cf07eba168c7e9a3f51332acdb54b9cd091733dd75c2041010c43d7cd75a0c546be7793dfd1b652eb3d0b59e6e2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3aba9a5918cc82f_0

Filesize
72KB

MD5
7ffe2bb5ec08cd66094b3034e13ac2e9

SHA1
bf66e8eeeede551bc43ffb0b39020b267c6c890b

SHA256
149df61fda401aef48dc2d79be9ca8d8cd9756a5e59c73399d8a7b8de8b2cf54

SHA512
438a8f5982b444c93ae99ea5c921aa705a05e4d139130c902018b11213f98c2eede3dc09862c1ef807b080a5948709e404d1f83ac46e36f671d1e7e9fe5b6f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e45a122e038cc6f5_0

Filesize
342KB

MD5
d1ba7e9726268a22126e30648529f360

SHA1
d9c67989a554626d220f97e643f7e430b7a5ba9b

SHA256
8c0a8f92e30675879f237196f2e2a7fd82f01ae1ccad3cac16d0203e1fac150f

SHA512
8c7fee0492e475c0e3c2deb895de998a99a864f2871748ed2c358531f85faf08a2a07961db2bb266cbac1d3726d630f38b4a53fb50a08bd1c650be9147b8fe49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb9aa4691e62ba3e_0

Filesize
269B

MD5
8f6680dc4e56e2cccea4eed62fbc5598

SHA1
b6618165db3648cef1d082a104782bd0e1f79ab5

SHA256
3153e9c2dc62bcc4bbd2f4e9ec7d1f5f8c01039798839903c7e7200362e7f84e

SHA512
c819b2bb332ae55cfd0ff4a25655b22dcf2765e57c0a35f7e986cf05313c582c1447e286f91a93b8415c3d3172221afc84b4221a140404b797f7c5a92f2882ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f276ce699fffaf7d_0

Filesize
76KB

MD5
0026e240dafb18d54c46dfe402a75595

SHA1
9dbb83105215aaae0ddfa0d6ca695a1674c025a7

SHA256
7392d89d1399ceee8447fc223fe16c06963d10e904ec9f6de202227f261c5e6e

SHA512
b5da53a0515ef08945ae9398e3b2e6e9cbcadb5bd89cbf8735800144725cb4f955ae46834dfda3bdcea24e98a5f68ac3e66ff7f00099b98903b3a898d9b8314b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

Filesize
289B

MD5
1f49dba4f37d6b5c4045064a83245d01

SHA1
38de5bee19788ea007106c2343992c24b913dace

SHA256
54ad3486e4191678660fd1d78747a0f4fff41ebe8bb71005a1db9040ebef1266

SHA512
3c1dd4e27964ff5be491af644474c973d80ba362067a72b01b60307b33e9274b0ad95b3a292c4547b60b175fe995ea8edac3ad85eb8f36e5ba9b2b92ab3b9554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f6bfc940de013d21_0

Filesize
337B

MD5
318f60f710010b2cc547e7e67296b900

SHA1
b3639b7f70da18194a3d1411db6b0721629b98e2

SHA256
c5be4d262d29c652f79c0daeaebae6c440eca216c403ee7936c80c4cf6d74376

SHA512
8c5b6fd49af56032341b9f831d0465a815db65f5fe42853685a32e166b7277713c99689e57caef3c933584001cd2be46536ee41578e187b733e45bb9ce06b16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe886276345a7e4e_0

Filesize
260KB

MD5
050340538e6a61f47b68860658fb5c34

SHA1
12a34d7eb7ce5623d2591e998a1515e9e69c50aa

SHA256
ba9d4e39f1521ee8572d274effe53ae29e86e11e5cfaf558f4a8914be8637f92

SHA512
3962a95dea5b661192373ed771d0b17e508528e9ca1b24724badb691d99985173c6314e6b6c99c42e09046bc36625819e7c4643c6a75c45494b1e760b7c22b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b5f51941a9f402b7d40f21640720712b

SHA1
0179fa8d9b275593d17e92c11a48dc50a0c80538

SHA256
15ae79ce8ab7691607a7fc659fea0bb29e9bc2d2b04b9901c885f3ffa25da490

SHA512
bd8581e9f84e9c868d91ba794f0dc28016316514682e35423fb80e5fabc1d9b8faa6cc237a540dff63c96c268a02d12d649d92694a84254e79a415d1618f1f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
362104e9ff848f3bf1fe59f5016c5340

SHA1
9bce13a3c4379ba16e808606d9c668bcba82ab11

SHA256
5be58ce9f6f44ac7d94a0cd57c8a2333a490572611b773c887ee1f8fdabc18b0

SHA512
8053d1d60ea77525b0ca65fd94e1fc0b98f47f6e11c4444529801a12fa583a23828b6bfdc4494250892756449547f40f06e04aba73656ef5aa47787d5660dc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
53a62b88023b7c766e2e41fec2eaf04d

SHA1
ac815623a030589739dc3374ba419c8048e6ed6b

SHA256
9c5cc1e6bc7f7567b65a85059768b87b47cb8f91c8627d53a901a0bca6f89d83

SHA512
72bb4aebc46ad230eb90366a43d19d50b192ced60676255e35b879c75ab9eaa7c7585fd59b7ce7e6223ad41974e224062c78d9fd0fc26447a87dc8986d0ad06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4d676639fc13b18b26742b33cdae7641

SHA1
36c3b6f22fefe8ceb9865bfeb04cc31ef75cef16

SHA256
9e358b78dcab6905c539f938e4e5e9d959149d5abe4dca450657d1a74923b565

SHA512
43ae9470404543ede4f7930c3f13cff322d9b6d307ec2bdc5408489ef0aaebb4e34972c32af5c9aa18bfd109f53040584975a8f49349aa4deb55d2b3beb19f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
52a4433e4abc0ed037ea40abeb4bea25

SHA1
8caffd0850cb1cefd807ef527242a413a01cb986

SHA256
436bb205ed18a4a8fa8667122dbfdd2ffc7a34d947c3bbf7a968a9cf125a8ed3

SHA512
1cd59dccd0dce10db76a0f01adeafd0b2597986eeecf8a3fb022274344bd501ea2956ff6473e1abeaa9a09ad85965217bc47764d81ad8bde5c6b701df483a87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
367ab8e275a7d101af7a8db1f907f0ff

SHA1
aece5f490cfbc05e022a842893af81366150dd63

SHA256
ed5e250dfe7c77838cac13b6bb15c7cb10f1397f6d2d84ff6dce1c140608771f

SHA512
9f0869e0a2aedadef45adb9d08ce9c8423fd97afa7bf45b80626ff9155bdba7e048b30c771b3d31754de629001f6806a955b58b00cecdf10aa287bf443321a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1e4f60a49aa65dd7ca308600eac2bed5

SHA1
3ad42e45242bdce895956abcec10a73fa4cad333

SHA256
fcf38a60f80d6080006e41ec95f6802fbb23a845fa660a631781bcaf9e724d15

SHA512
cbfdb09e7c06c7ca7102d0a973826b60d071bbe517a1d8a64388e27aa2b6f8f5e0a9dbe772492bec5ed691344cde599e99fdc5b7617f46e679816ff25c1586fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
91bb711ab86f572d24e6621e5e2d0335

SHA1
5d136498168d1eec331a497843b19045fb486f14

SHA256
75e430b16c06c490587618eb204e4f7104bdacc0502ef124ceb4aac6e5e3e82e

SHA512
843f55aa91baeb5918970ac1ec24e31b07bdf439c1271ba74c39ab124e6d3d6409c4be5368288934d6bdbc34a77bc44d9546baeeb67f214b6208ba4648f23e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
de4c4d7d3b48c063abfe07d702b3a97c

SHA1
8b3d2f9645cad6b0661abdaaf5354a9dd1236a04

SHA256
d503d6cb23c3e2950e55c27f8bbc95f439301e74d18547920c0355b287021a4f

SHA512
c6f64031a33155d176123caf24eadc6db5a3734d10d966a872ec9db84453728b22da67710d5aa1b2a88d4335a518d6294bd387b0fc07885ccb9f826d7caf580f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4d91102ab5fb047137e9dd38be6397c7

SHA1
a672c09ac93a9d3fcda6adef73a30ed613b323a3

SHA256
27b7a1e6fa67cf4e1beb619e3f71d237f403516ff9b75df1c0c46fc445e4302b

SHA512
2c2b412b05952268a15a6a6a80cab520121624b83f83d3971df6905aed46a9fa2b93fc46d8681ef92a93b5714e9ed2860c2dcc00857d429f493a5fe27a8213ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
445c95aad2667ef2ff90516f5a7a1eba

SHA1
c9bd9820d81500269598637b8755a2fc7db9b861

SHA256
db87e3fd5910843c1a7ec5305233fc8e548696ce604df404ddd007806f2dcb07

SHA512
8194dd88aaa9c1cb39feaeb45127ecd0f273bbc79876842080ec40e09b324c364d0349c3e36bec9cf945021dca816275933144eebda825cab9f107957d0e96e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b8f8d79f1004618b93c962b62713dd21

SHA1
45c1cd80df65b6bcd06f12c167354c1cc5241d5f

SHA256
5242f9935df615fd62d9239cadaae054554e6508e34d25baffd699b6f87e7cae

SHA512
c49097cd43006874b30b8292354f924f64e014da06e7b10163d7b210bb717468e45eb31e60c10e5a7f8237ab6c13cd0836d14ca2f921e17f84df7cfc0f6857d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7d8e461b34ba9833644682a1f90a2686

SHA1
f18202898452dc4388a8ac5068e74eef585cbc0c

SHA256
494329b96cce26b070bd759ade382d8b04e04a7d1759124cb76549a24fc194ac

SHA512
8ead205d5c4ce83a19cedba65c17383f5823a8bdd1a97182df917d8d8547a309a9bfe393587eb5afbe03ae63f5b9693383c3a520fb31617f07fc64039983e21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8c533a81bf366e4325829c8acd77c480

SHA1
e033f5bb252cdf5f03f826c429e952bf793466dd

SHA256
7b9b8e08a516f94692fd2a024f3c60395524215729f8e747873cbc4922ce2ea3

SHA512
faad58f2f688aa343eb6fdf78d9c82fe7fe701056caf1cb7c87ace9e46a1789578da444f8041b93f5b07c584d88bfed0d7b9a7e8874d18c3bf8f64f389b7b49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
6fe25f677a618a8d3620239e8ed7e992

SHA1
f10bb0683edcbda696a359a7b5bca5d7675d1da8

SHA256
c7a3564393d8a1adf43f4fae1dc8a2d8465e7a81a5697571ab1425bfdff09000

SHA512
9eb17b3ddf41f3d5de775987d399270b74cbec0649719b4bae0d63879bed2c805f61f27dc7bb54348fd9fe22412c4d0ec06fbb7e72308dc8bdcf15df6deb7916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
16ef722bb67e45d1c6509b3824be2980

SHA1
6622346cf493fd6001494dbcbcfd7f181a7421cd

SHA256
360e5b1700ff799d629d921f46b89d94e6b59431bdf3589b90616d6a7b561956

SHA512
c900ce2edc8416d04195e2bb954d4ffe47e85cf5ca3bfa6a8adf913b47ec2171c89933b7cd47b4c664f966786f5551479783cacc688b5d344aef8dc4dfc8deac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c9ae527c1bb7010daf5119c902fc0338

SHA1
7035fe88d6c63a22947e4233867830a3aec27ea3

SHA256
752150c4146fd603e8cd18e566cd25323a9b07fede52fcd8575d0c0a98b95167

SHA512
5f1ebe6b8af3a6de4423e76f1a05c6013bafb3022ca493cb5917778d11184a32f493613cac65c72c3fca433e4eba507da02ea611af69ecc3db34dd7c83356dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
9d4e0d9a6479063a19fab99c615e0867

SHA1
0f4601f0bd2355f2374037efc8d442978efdfc27

SHA256
62bd9bc59eb0d0b284ef79f167de61aa362771de4cf1a142a6c2b9eca0dee6ee

SHA512
1a469176c1b8623d129abf81471a5e1d3a7b64c741bc3f502678d9f22ba93c5b0f63dd217c162193c98edfb166a18cf45d0419024d16734e0e16f1d9ad818592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0db5dcfc8939a35ef677d8e1cf9e39bb

SHA1
bf6a0a4f1041c0c457b34a6942f378d68d2c9f50

SHA256
e65ad9b69e69b8fa257f52ddccfa728ef5cccbd2bc68cd8fea298812b1081967

SHA512
1aa38daeeec30e81f95f047ccc1df2439f18a367e361feec4968536c43edeeb3be34b6040b6aa061dd3f5f76119b4c807db87d3843a82a1720fe13c029b1fc1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4b696ab423142dcba8412fd2b6caa570

SHA1
823a1306740053bffd82356f1bc8417946ded675

SHA256
a811b42e9452635e8396972f2f74f3711338d972f21c4133fdb1e86a0da2caca

SHA512
c8207d290852e3893e314e30e037054ce0d6e2f4f6e8ba82e5e302fc08480a8eaeaafd90dcbc0e93bbdbccbc2ac33b8f3beab4028eb357381d7db14f099607e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
14f7f67cf4a6fa4da0773ae8613783f6

SHA1
03da788b7dfcf6c408b4f0923fbbcd3aa5435504

SHA256
7e0a9527f663aa846b2007dd09d5ab46236be49a185d7c2d46734a49af298083

SHA512
a3660c43f0c2ea53165f9ab040c95ad3219134c0e7c9a3aa79657c3ebc10faa5dd830163278d3333507231027bc7d2d8e5b8117b0cb4211b21d22cbec8fa0ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9341c74a80761db34ce0572054c5df47

SHA1
4ddb8e2e3c48ab5a34d948498c212aa4bfd4434c

SHA256
7cf51ba82ad3723575f82381e5c85b18b0561ab3b8c406e7c437172a4ff9689a

SHA512
6dd852e5450ebaaf8ae5477b0271aef6d410a970e1208c02be44108898525a98ece530f9c54d96e2f50fd2753f3a63d1d6c9a85ed484e8e8a8b89ac58756a007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de58c856702d4b0331b2027ef4c2ef96

SHA1
177a553ed399a4fdea88e017bb2b90e711eda3c6

SHA256
4d31e4bd710d703e60cb4010e00be8918c32526bbca19e1d61b218adcc5f553a

SHA512
bc843c291051e0460fc4a70a33d6aed4e934193ec89de6931c2747b429f9a6541e55388467d7d781626c386ec35ebfadaa59b11bf38584fd75a50674b512cfd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9622d55721f9bae6d77887bb9c160e5a

SHA1
47a58fc3d8b662b2cef18b5692f145ecb8704458

SHA256
50396965b9f644cbec719d83146b26a16562bd7772402d1768c610173d3c4fcf

SHA512
ab4d611cec67ab20c859ec44ba8512c630a604795adbda0161cd369135c98d894513a6b7c0d34608c2baf162351bea1f7a820191ff3754b765e85f8ff6079803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
86997689810e45ff713d59a67b865202

SHA1
9847e1e91c2df15c2fbb4cdcfa73a3deaf8ab4d3

SHA256
c7ee3b8280abb994c1493b241e2c145e9d4575fdaf9094d35e27fad7ddec3537

SHA512
225042b4e8a3b99716a74d4cc33fea9eb4d37dd2ca4378ed6c3bfc3724c2dd0531c25291aea3095c28ac887c2c9188123d4602f7d9de116cd9259289465fb423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
54c2f270b8092f2dce648f108a152498

SHA1
f5266b5fb1c115197a84754757c4b599e7c50089

SHA256
72646683d68df0cbbaf22c1344bdbc0180aacfab46398b1f929559ae1fb474fd

SHA512
f3f5684d1475e3940d2d686d06aaa5f0d98533d531ed4fa093342e67d41ddc768e414f4b72e302725beb02f1447c80740305adecd613de5abdbe02ea915f3362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
3034ddfe2be6080a8c73adc89f928301

SHA1
646da794c6632602f22861fe617df44f43f7dc21

SHA256
2874b6d31d7bc940113c6a479e3bd3b5c56cca2165305a7f9b043650a82914a3

SHA512
4981cdb50ea2a9ad6b6dbf146c29ac67e18eb5a9517a18b21ff9f0610ddfca3d266d8cf4557e792cd1c4e40e0c3f5e29c517df8bbbae6db60edda3b4a52beb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
27fb595434e3a64e3741f64a0c4d929b

SHA1
3b8d2909243fb92f5785d8f402db349fad088d7b

SHA256
4dbe2dd19f69de9b76249e3dc36777097048f238b14cbb2459619a14b9d0cee0

SHA512
b63ff085eb91ca1c7dc16d079e1d0ac2a872ce354a6cb5cfa75d7b0d7c22cff4dc5f881ec0fbe1cc1d90ffc51cd6768b95ef9dac26563628e6fd2b8d4fd743df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
531e691f0cc2fd5ac7a7ff48368c4036

SHA1
97e4b50c4b73a1035372e4ff8f6222c3420673a4

SHA256
75631bd269b873bd1c754906681c559b9ee4620c487e1c85142b0986eb036905

SHA512
475e29be583473fd5faa95fa6d62914af04ba053a2c80d786532e9255c85dd877bbdccc57ba9ce42406de39009a6e9e4453b8372168881a0a470209dfe27cefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
728ba3694cfce742f557a9cf3d88499d

SHA1
ede488022dda7431f1389b2cb2671fe79964e5c8

SHA256
bd393d08723b2c2b77091d87fcd9375d3e614f73b56fe269df1009dae2e4ea5d

SHA512
8616c6268b5a7402907f9ac3971b834f313436867df8951567f99782543e9bf3294f3a79c5097d137d3184f76bb9e43ca285085037f8ba6d7e5c268aeee939a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
50c339ad8e09fb17898f4429b9e0f68b

SHA1
7f7194404ff0f0d171592fe1f77625c3fda5b166

SHA256
61b6964bcb736ea0e568ac01f592ec750fdc2c476d76659ff56408d1fed0e5ab

SHA512
ffdb902ae8895df714db488fa6e4b7a79bd5e31f91bf34f3b417e36647296515c6e726b49c5169cb42878b6e884be0bfaf7dcb5df8460b88808263602d1d62b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
6bfe1737044c18f41ebfe34bfc6034ae

SHA1
09506c2bb613dc9be3c826e6d5a79ed6d9dafe97

SHA256
12cdb7028e011f07e1febb5669d81f26afdd6550c997e43ae2d17861eaa84516

SHA512
6bb59ad5e25aae51f9fc4b1c963076fa0c372734f01a24b0b3dea936261a02fe0fca26ca57ade2a222c0524c25e1888387fa0c7fe40e3fb073917de2d144c32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
b240822e1aa8ae56bd9190ea8bda316f

SHA1
d1aa29480094f6fc7da9a8526cc0963ade0739f7

SHA256
5fadb33d145444a029471e73747e84ee2ade19cb38bd868e56af639e2f4a3d58

SHA512
f23547c67680894d80a6a837ffacb13a242275e64d44135ef9da77cf14c5c13ba6f2edf48737796ace987dc201d3ba65db8b4fe2fdbefb2afb470db21f9e294a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
219f6a3e7df66d08a062aee741e2f2ac

SHA1
43bf176b1a58d16247e327c009c173479c16a56f

SHA256
f4b0bd6d8ead15dd52df804fa10e231642081a66bfe4bedb6de7db05c421a174

SHA512
fa0fdc3b02a69e15649def484c284e5047aa7025717766b2f0ea63687fce28199f3e00550885ded44898538fd9c1971771824f1e942c1f80f97ceeb640ce2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
377ba8e189358aa38bbadddb2e1957bb

SHA1
5887e55b6e94f2aad13ce40329324f3972671d51

SHA256
ae2b8cf57bfc47383a613c2ea2af609ab4a3e960f7494742490ba582e978a407

SHA512
2732586b7a5127a32e0253c2e290bf3d1f11083aeabc453fb8f38ef286c5701332c1b35ca3969421dfe766e8be79af77a1c2d3a69dc5dd61771eb1a8fe5e94d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31ca9fe16507916f1a797d523a037921

SHA1
7e466a2e34faf646e0c1c3ff9962fc9f5157d5a0

SHA256
ca545275bb83a4e2a89d28af55a2ad9e51ae9ca55230ad26e85f585fe15fcacf

SHA512
bbcf7eba10d7b7019c0e4d14433016ad066f6dac2af9dd20d6cd548f864f146f1a34c651d213cf128c2c354fe09d96ccdeed3f95bca42f4771d5b8f0ad1a156b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
c479c72d2e37ee54c33f394dde3dbedc

SHA1
05486490a379b743177ced364612f0e34078494d

SHA256
b3fbb746e4a723955f0140ab393ebfcbdd450e65dd53d75ea0542efba0d4c98e

SHA512
356b41b68d0bbca5ff6369c2522086b981f97168403a7ae171b8388cc491b9ba047aa1377c9a57842cffa89615403fef59fc1f18784d91a44eb0289a2a9b25ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d5622c1d04ee7507ca4e0cdb7a946d7

SHA1
0de542db80fe35d2fb16d48e993efcd71e1d2ed6

SHA256
bb5d0731200fa681cc510b8a5a483297d7a1a224e40a93537593db7d8a7e0781

SHA512
c94583b03b0ba107fbc8be10327fecc8c5d5ccf1a18dbf207367388895caf98fa9bc0edfd32514125bf47cf82b592ff400d306e88f7232e8e789085aed2d5071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
55ba364512f19f42afb4f9617216c933

SHA1
253867e2d98ef2a4cd58cff41d080c1232a954b0

SHA256
92f9090ded1bfd00568e2490f44aa31440c98c7ef12ff9277969705ad54a5023

SHA512
c36f1531cf029d0f03a4ff9777c7188f83b92aaa9fe667ef29c0103fbb2c88c9f88777309cee3bd06ad68d6803890b4505fd650043b2dd6a683d20dd400d211e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
96b0dd082395301ca4ce4352ee561d3e

SHA1
5e6abafc68c2dcefc10762349abbfeb6872d57e3

SHA256
ea060766f67a40a525c9a57b5de82ac28af6f776d5257c961b5649783e62f18b

SHA512
a57cfe0abd967313c36ec7a971715e583fb69df896d7227749d369419c94994e6b94b392479f07ab02878a9fad850fe14175fcaa6eb7f51e8ce543110a1f5b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
6b668800c27345083375ce4a51cb36e3

SHA1
9e6eefa04d2f989d222289e1c30782e6b489a7e4

SHA256
452cdcc3dc69db942beca06aeb38b289c9b54ea7152b8e2459868a9aae9c4e2e

SHA512
d1afb7716ac839200b5a6756b028836545ea2048f7e81b153e05a8bf63077fe77c7d0bade389d3d469d2c96d5dcc30b724e90c7143a5f128779b40826ce08a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd614152aab49b4c1feaec68ebbc211e

SHA1
9f2c5a9baf8362b3f89e190c0f5d613836de625b

SHA256
ee2e86efb8334c384908592080d9c7d2b8b45166665b00050ec8c6cad9ab7c85

SHA512
4f539a36f7748d404a1494dbc10d9255993d4de0333c5cafb3cc499f0007283d90312a7e5e605bd05cc7b3bfe9b4777fff97eeb1aca7f1d348216f06bfb54921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7dc08f099a46cc3262fb7c9cabc65dd2

SHA1
0b1043343f578b17f1169480cf728663d845b301

SHA256
1bf954408c48288bb1cf2e29dec76799aa19e028b6b70f2ceafbffc5d737f909

SHA512
7885885cb0b7cf569a155134a1e3ff9182afa1bc80233a9e05b75105c2f1a10c2bfbf73745e7b762ce2ad17e8e12b8db1ebd614dd7d39ba45a88d7b1728915fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
25KB

MD5
c3ef4b1db95e703612392b0f15bccb83

SHA1
e9f0d34f43c076cec942f7bb845d8ed60ce5cc7d

SHA256
bcd13156dd6c169298b3ff97ca6999959e04f330e858099b7391ff9b4510727f

SHA512
dffd78fd69794cd1a0c357557996c656353525ee482c8f69de2c3eaeeb7cebea30c8f1678fa42174de6e54b259a0d2697cb362317e628db6e27e9f07612906f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
db77901e57553ad6e59ef5a05816c45e

SHA1
bb9c14ccfb99e390212e63657ccb96460622d822

SHA256
189c2928d58bd3759c02f2a676ccf821b25d8ac5db3c6c509ee483610f07cbea

SHA512
16c0f297a858b704817e473c6e5eafb558d1b1c9a65453d0f1734d386e48bf4688a17a8781fc491d9a6df02e94e12b11be40dcc36e25f2160a5cfb729a2a8e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
91c1eaa82ad84f21a7f67ac94eea4d4d

SHA1
a997cd320eafceb797829d04c06375db1289f8b8

SHA256
b4fa5b2ff2ee42eeecc6ca6028d070618437dcc35db8f0294f8bd4eebc2a11da

SHA512
de3d392a4415f173790e442f414a62c85e82cfb0cfee6b147b822ffb840ded34fbd3a90a6b7b43bb2b9b0def3a226fc419e0634cbd19dcbd2b4e3557a18be0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1f68b4e88bdbc97cc25c8709e5c76783

SHA1
19c16cd0894530d6f17c68491c25d695497cf48e

SHA256
28f071e41cbbc5810fabc3b0193dc46bd4a225fe91849bc57912d11f9eda8734

SHA512
c99d14dd525e8580ce34f11972ad16725b0e9b793201b2fbdbd590a464a22af2ee9ba893f6295e4da88f16ebea76d5c0a77820e8fea0527ac985146118f046a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
c553f8e37ff32790db86f4bc8f1736d9

SHA1
907562101921992aeeb7087a8c6691fd34d63ba6

SHA256
c6ff139d7094dac6b45b69a9202713e76f8f568dcdac40737ed70706f9a81816

SHA512
276af4d59b9a54cfd3bad7a0443c9d95ff2effcb4f89c99679ae4fef601f6bb640def2c90e3641e4f0de06d10e7af70328324b67ed3f5591dd14294fcbb1868d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58dee2.TMP

Filesize
48B

MD5
b2fd320cbd37af8211e723fd156d030c

SHA1
42103c8c09cc348bdf8bd14e8040819c4954c871

SHA256
ce75af087c7109f74b975fafa993e12de1e0afa306dba0b3921fe72613f81a1d

SHA512
7196e25a1caa951cbdcd1eb80b99e6f25aefa06aee10f44d4d8be30dfd5adb7713981884a43e0d71f9a3130322a3e555a65adff36d88d476a0eab08c732f7156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce6e8c89625c7e019a32b710b83c1704

SHA1
d29916a36c5eae901fbb9e50a1eec0131ed199bf

SHA256
69ad1be6b52db4deed1fa5854cd41d26960979a40d3c2912f69e0743476da155

SHA512
d75efeff200c4b9eb72a163acc0406d508644ca2f9117a3cf6bc2e70465d6c5631d46048c467c18d6cffafa9988260c5930d64b8bd00d6f46de204c6a29b4e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
52a50914292d1b1e8e932d90e8da5b12

SHA1
cb6da7c83857b9f9f8a4da0c8fb82ed1123d02bf

SHA256
362a4eefafc0f4797b4c0470914094b790883a657454362f9bf9daafc6c58634

SHA512
353e18ba85955811d2ca07f2073965dc5f588a391afc070d22a64f5af38d37a3de77a1ebd4bff86c3d61d7fd4a6f62f5b9908ab6f16a1389ce720ce3e37246e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
dba5ebce7fdfc119adda54d5cb34041a

SHA1
888f747935e45b56d77c06efd27c58abccb23bf8

SHA256
ceb4e8965b7be64b90181d8331c45cc22b1d1a8cdcfa370ddf96317c7a5e8b07

SHA512
f4eb4dc2a5e834383195c0179bf32916035301656a0633aac7698949e6282f9281d7fd7189a9c1e32111b3d74d28113f1e84fdbeb7551a1c9c731c64a43fc66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
498210f6e1ddb6bfa6454b4db20095f7

SHA1
fa2f6636e359ee6fc4c1c337053c3d7326db8ddb

SHA256
629191ea00ffba7044fee9a729e3c22d2edb577610eacd21b13d28a273cd9431

SHA512
340d6900e4d92db5d87e1dcfa6a22efd36857b3b02ea696688a5fa471b2ff2b5afe84c5d1dd1508916d44446dd671314c99cd07c09041d840e75b44f14582423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
34ca6b7f43717fb31c97bf85b8eb982e

SHA1
9def215ceafa896a2c342c575eed10f9141264e3

SHA256
b12b33d13b1c57ac7c0e4bdd0d8a00ef5bea5af29ef5844c3f6ec47f039aa7a0

SHA512
33f2d190f502ee25336b63fdbe32b5bf123df784b6c872014b1b59ccbcb3a4c49a7730e3c112baca5d7b60002b363f57ed2a6509f8be2029133b8cb441c551b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
53043b65faa1d7339308eeccdbf6921b

SHA1
d5915f29e35424de1a86b07b87dbb439abbb3b90

SHA256
4b4fb3acfceca6467a1a6d78b2540ccc8e03e32bcd9b7b4fc3b38242ffe842a5

SHA512
4bb22a4f18c65ed39e996dbcab889427eae82ec3a58e9924f405a74f04cf8227f5d32ec494eb82e5467090be780f4ea7c054cc0417cc5ef39abfd8831e243614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
84cb9064477ba5221ff681e66712951b

SHA1
162a419ec31aca41f13d481b18989533ed6f216c

SHA256
bd7b97f3801dda5aa70f518cf56fe5bb6beac4936a764f2d0f996e9f1f0521e6

SHA512
be77c85cc7411496b342b39b983a92d7af5245b3ebae116bf1e4a98b0f4f3da7210b23771b9ebcd7a34d43fa8d3d1553bc4b33433e1803b20d1f3cc07b17aa09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
086acd3ddd59eace69a5550e6ef718fb

SHA1
b915609d7eb2778ee5f10dc3c82cb0a2f5d5e57e

SHA256
1d082f2eb41ba4311f12b90025f7fb468513bb801b7054d8dacb29dddb3293d8

SHA512
e96c5356ec53bd9fede12cee283b2b32f28dfaf1125d7bb6d98fbacdf644b922214eca79430c61d236eee1a60f25ca70efd421f5fd7ae0fe82773ae070b6850c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ea9218d84af0c65096003704c0f4d509

SHA1
d50b191f11055cce661dd4de1c8b73a2ef1a09f6

SHA256
da045bc4dd4763ba9eebb2237f3ecda8b4218e9f102ca5d892d624f9d8a1e5a8

SHA512
833840a4261809535058dc0fc5fc100af06ad76885cae7bab3959b249a623dec5c08c9b022ee6fe405ee97f10a9a2dcc9b8943bcd5f44c9843e924a007f28005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f408f865376c541e699a119559527705

SHA1
ef87d7465d5a171f9fc91cb4a9521c0761e63513

SHA256
e05a47e96710af7fd7edf4d845c7fc87efd03ae1cc08f02880d10d2a6e0105a4

SHA512
04e3722c45b5386699156afa5dd6c060cf819e6653be1d1cbd33a106aeba459b276565d6eaea78ef8778344d17003037a6b95676f7d4a540a1eda21e8b509893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44bd57c7171b45cd607c7b8814b33ba7

SHA1
fe515bb8165343fadafe21342ea2be9158a398d4

SHA256
f13718267f97535cdce231941456e3f60b6c8bdb26b4b9b12c0c6f274e096019

SHA512
acffc08b897b9826409594d79b81c6914e282c87fcccf7657f885fff75df21a752014eeb4b2a888e8b7940444078ef1befbf0e34fc98f0e114ce5a9b3bb772d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f07d9fd120c06f8acf67f766e6290b4

SHA1
5122baa09bea209bc5198314bde0030f6e4494ef

SHA256
0edb9ad6dd605275c744cf15f4dfb0fb45813f3055ac92e0065409c0a3e02e65

SHA512
ef378771e4bb27769af4f60b63fb1c38e4ebdb158cadf559d4e3097f1282807f218476e3f07b85663df40bf7fc147a081817999665fce4bdaf2fe83f9e8b008f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
44e4e5d71d7935be6723bc12b016b7be

SHA1
68a69e4873ac2429c6701b4e46f0d18e88e7b106

SHA256
304e4a9cb82fcdc1dca318c53f0c6d5ea66cd6037ad1e128ad1b044fedbf3749

SHA512
f027a54fa0d3a8e2d040158df9cc19b43808e8bce79e5942af9697e03759569742eea89efbcb64e998dec1534a4098c0cc72be747c2d0c05533480c895645962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
04977f7c2c783e1924a5b8700a894139

SHA1
f22bed2d9c7f07353a24e78fa3ff02b5c5c6f9c5

SHA256
cf59f3d256ad47f4268b50fd5aba5de73a0cc9e8787677a63201ba1ad16edf4c

SHA512
9f3a6887d61646b6651e75fdd7e1691810d8d60507c118a75b7e9393cc6acd8b3eab7ae6d142ba612deb711ac11eb868b8c0547eb3dc78d13eab0d2cf3ddd2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44ea023b11569ee6e9e629084a962611

SHA1
1af441e373a2694103ee2973db9dbf16929f7418

SHA256
584b28b514f21aa702e831f61351a194f7efcee8ea391c76e283418c7692816d

SHA512
b72d42060504c7db84ccc95b20935f0a7f0fe264bb582ffa6a284a2817fb75bc8412f46354981732d1d93d0bb5ca638e399ff03aa6b4de08d664c51882392d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d0da5ba0e96f520b538af607b65b3dab

SHA1
a974f49aa24398a1316173e8fc3757503814b67a

SHA256
cef58a852cebdb93eb2333241f073e235e4a86baa29589f4187dddb36327cebf

SHA512
4fc4faae38a3efa428fdf6ce2a82c2afd9f90f161e06256c4594c52c11e3d480bfc7f39b93dc019c86b4b57910388e1ebb3da06d1787d9d1df89ca7f7ae0b656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8f8b6b82d354080c488719ac62112d7d

SHA1
0820b95cb96233c04839250e93fb7ece14f2c99f

SHA256
ff3198084dc617571ecfb5844ac45d5bff68e5d8519c85888d27256875aad33b

SHA512
45c993c76740baa936e7adcd92e88ed0ec847a1c20e80616ff86e07e0b10a330788214797ef2afdb26353874d16cfc34f300333438776a2392dd40776f7b2ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e3a071d4324c241905baed0cc5906b57

SHA1
2468e97328987bdcbfdf362baa35035042f9a186

SHA256
7158d4386a1f5c07924f7150bf1eca545762b2a443e171567ccc6fc0db7451b6

SHA512
432283a98946c3953d7c3809f68bb82d4ebd9e215e6256b4787fc0c65f3610a36b32313228809bae02cdaaccae5c79ee570d9e4c9d876937e7aecf364a355bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584c37.TMP

Filesize
538B

MD5
84ac967c0c4b55a72303a1fc1aa41141

SHA1
70b1f2a21934fd43f5f92663ecea45f953d50285

SHA256
bb0175302d3f5fda666d605125667254d2fae9b23b70390ad7eafbfa5cb4ce37

SHA512
06777ddca767d578a3da9880e67de6897f6d6a9f8860859c444a88e52d66beb74e314c7a48cc172c5ede8425ad7bd76aa2213ed78dc82ad597cf8e982260ab95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3abb5b948a58e8c7fd6f4f00f57bb27b

SHA1
38d9a6c49d7b92fb5188c35c5b17794117745304

SHA256
5fb75ebe1ef3ce4f4defb9dd7a82f077b84180a1885692124771b4ed4138783f

SHA512
f3bba9dde76dead428ec4fd3f322935b9177f75955b344a04e9c8a273613d4fc281047fbecdd43e4ec352c2214e3e96445aca6bc53220612fbfad09c0b741c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e79fb1c020f3ffa28c25b9179bd2afc

SHA1
286b2f48f357fcca7ac10bd850d635e781a389f3

SHA256
f9439af1679c4cc7681435e8b7e051951d8aceb10a38c80087a7d94d210056b6

SHA512
5c74b4be5211f61b2df1985c33f85b310ad3899bea8b190091cdd98eb5c63ea0fdfbd781c2f7c292e43d32e88415cbab6658274dc735f5ca7bb00268210a13fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd3f616e53db38155df3b8540ca4b9a3

SHA1
ef13acbb893b482645899af0c664f2d878e20b11

SHA256
3947642ed13519b03ca7cf4564e9d7b7891e2750a3e40218ec520ef198b73b74

SHA512
6582e9ec4a972017b65e87c32b1946154378fb5cced3378cb1f8d30d4222605cfe376b298d7c213be9a77af9d4268fcdd6b23dd292f2318e13244bd2d592c631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1325c99cfabdc82263fa424d53fdf6e

SHA1
b7cd4f9d0f9a05eb8bc360f373c0dc7bdae8852f

SHA256
35a04184e147f9fc374c82e8ce8e16ef7045aaed8247c685f242a0540f165db0

SHA512
816a12b26d1208017fe4b907c9b8ea7474419615877ad8e1e7822afc760822ca0f2a9c5651e7d6c7153c558617ed7cee5a198ad2c25cd459e4ba1158d7d9d387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63653623d07b53061812f2fff74fe3ad

SHA1
564fa3365ad03569c462cd59e57206a029c394ee

SHA256
53f02d624853ac5e139692cdb7b2ebeed8f3eaf9e24e6624adaa563ed79e78de

SHA512
775c6f5353325cb47ba03e1f66bb9671f927f8da939a40ee205c222c4436918041243c29381b09129a948be64cb8b1d6c0fd23db2aa107f2d6577bbb4545b3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e020a5b11db22fc4f226addf05df6ed3

SHA1
b60c4f0788bb24ed91930eaa873549ee2d5a0935

SHA256
e732a6e1c0e35202d677a80317ba08c8dc1821d88131413d646e73a9330d327d

SHA512
72a62e0da1493bac64b9765ec5e393169937f53df88e948dbe683f371428382cd76127628f7ed3074c859052862b50fa3b14b3ef05c17a4827ea3bc7863a0eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32f7bc658733d3f800285d93b73271f9

SHA1
dab38cc62daf9aa9f08c1eedf1d2248d9b4b57f8

SHA256
0a1f03d2d10ec4d5bf17d42d2d03ba00391a83b1dfb8bdf33729b2deefc7147b

SHA512
8a5e5f66044cb9295b186dc6f858916f0d4596b09cab64842b27d3a0680147d796dd5e667e324b55358f08b70b0d00b8936e5c219e5db0eca0078e1fdfcc1510

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202412272329521\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

Filesize
5.5MB

MD5
71ad4fff7c190194c8a544776b54dcc5

SHA1
088b5a1acf87ddd917c1094d09a039e886df1f32

SHA256
37490d7b909307cf474a081d16d87320bfc05cd0d382b4ce0d2aec4459cea9d9

SHA512
fdf302eddba55c899883efe11df17977529dad6dc6d4c73e3811c01f98c9677de25a02c3aafa772dca78ed6d59a8bd062fec521d7ce385458dec02b4c971a557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2412272329522895388.dll

Filesize
5.0MB

MD5
41daedcda16a5341463070dbac45624a

SHA1
8a2f6b3653d92a09a49baece476b53988fbf0c52

SHA256
733701d47b47b544d0b96343b521266702bd8e43edcb7c799c9cbaf07c7e3838

SHA512
7ebf69ed5d16ea1909890e6b714630975bc2cc7e3e4075c903ce6c33901b300ff632b1bbdf61558e4487d6fff3d7db78122a0bfa82e4cd57057685e1d1f7d159

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1843.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1843.tmp\NsisPlugin.dll

Filesize
280KB

MD5
1d0e98e6817a35237509731e1398b47a

SHA1
2690a72941f1641495a1cf51ebf5399987a74e5c

SHA256
23abc9395b36419700f31b507f13a189ec2eeb70c7e1a1fe9406c2b9e0728298

SHA512
5cf919baa11e3cdc3518a351e206a5dc84bb1beaf933194d27fb0a96edbc6b90a58106c45a357e8c7af9de815b4e74cf5e42a22bc91b5fac02bb386a6638d0ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1843.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1843.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1843.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseBC6D.tmp

Filesize
1.7MB

MD5
753d72548a8707f2993df64b822da742

SHA1
d1f03d75fb9c94653e6a11734a623652f3f193c6

SHA256
05b9ef07fb6ce01a28f64ef7eb366e58a309e4949fe3dffbb297dfd83f8f6dd3

SHA512
0f9f9143c8a6a0ae279775c2345f786f01072f0d693481da9b3a1edba0f0595434e6cef0cfeffd64df8498b340f9266ccb1e1fec8384b9f579bfa36d885c25d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
9097d8a942eae50434cf96a2ac9a2717

SHA1
c2e0fc3ffb625191adbbdc8d392a8e1e80e27853

SHA256
495233c71a5885c2025b0b03ff8e6b4ef1cd82bc34aad2a59c9df37fc2ac7dd8

SHA512
d0761c6bcaa695a2d655520ac39e33182d61ceced95cad717c1695cb00eead6f3cbc4dbb3a01bad558be98955be11e2cc1f087925e272e2b105882cd261b16cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
f954ef5b0f1ce52e806f96f95d3b99d2

SHA1
ad55f6efe07e664111a1c398b9304f9069d7b76f

SHA256
a67b6c61dbc78ae3d8ef08c9c591409a558282e63437bd353c9ab3d37ebb4633

SHA512
905a4f4b64143020176d3ab92ef3391fbe9289a585203ae52ea12677e47209d8e2ffe2a87799af10c0b96520bb96770427bac09aacd524abc6c5ada7aa954221

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
9e446cfd3a17f8829971f8fe0a63e2e1

SHA1
d6574650ea5c241cd40e014bd0f229560bd072ff

SHA256
fb522c0512d7fa78259a7a93e4e165f725c63731bf230b87d574ec5cdcb95cd2

SHA512
318569f7fe3574f7ae6274011f0cd827561ee2aa26789c92856697bbc703a70ff5db4fa2eaa006c405661867cb54749946ae58697a4943dbf039a7fde6a6f855

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
67452c2c9714d69fae1cb939b6731008

SHA1
de69b78fca939ec7356659e80112e924b5a558d7

SHA256
2aabda6f60cdf922a37c49402ed3e24c28a6b6759dc9f4720048d9cc6a76d4fd

SHA512
769d3d8cf5d57ea4abdded907a5f9b6bc0c9ebf9a85bd77aa89d76d6e3531bb92c42c1c2ead21a2aa7649b62c04adaaaedb9658beefd412473c74aea94729792

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
636673621e894d143f7842d800bc65a8

SHA1
496792d2a50a054d708ca37ecc1dd003a5359959

SHA256
66bfcdc3f247a99cda772c39eabf1e0d144a2b6151431a7646d606a033e26494

SHA512
9ea0036419c0724903e032cf7470c732e0bfea5c066362960435786736212efd7a424d85e21d8ab9a1b68d4ce78bc6e5c5ee0c6f0b2e0eb3ea7e9052f766932b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
d359dbfd9bebf052dfab9ee1d8ccc818

SHA1
084c8aff8213b989bcd5e40122e368f282d213cf

SHA256
d15e69c84f834cbee7244c88d899adb8ec835a75b201f637dcabc7b5d0998675

SHA512
bd97afd04aae83031ba0786afea4c3a3f5e36b72160394c987ab80409110988ad61e9c662acfb649ecfdc344ea2d49fa90f74d69dfeeb2811d544208c3e26554

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
6276b6087bbb903a314fe32aee9cf61a

SHA1
aa669563da893409d64d528e0f55480ec64aa115

SHA256
d450b75e54337c6f9215d87359da695fbfc2c0677f964c436c1134aae2fafc2e

SHA512
5ff903a3d85d23c9be4ad5e1300c37bdfea297e051d45aeb5637dca16356a417c5ebe0113c1f8da1d35b13f02c996f367b60be8ecb5a4ad6dd0cd94030ae4e0c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 530786.crdownload

Filesize
4.4MB

MD5
7399ebe1e1b9c99f3cb4a2521d424384

SHA1
7a560782421feb72b1e84f162cf0abd0809fda28

SHA256
4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f

SHA512
80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 974744.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
memory/6000-719-0x000000001F4E0000-0x000000001F4E8000-memory.dmp

Filesize
32KB

Download
memory/6000-707-0x000000001AFB0000-0x000000001B0F6000-memory.dmp

Filesize
1.3MB

Download
memory/6000-720-0x000000001B930000-0x000000001B968000-memory.dmp

Filesize
224KB

Download
memory/6000-721-0x000000001B900000-0x000000001B90E000-memory.dmp

Filesize
56KB

Download
memory/6000-706-0x0000000000140000-0x000000000021E000-memory.dmp

Filesize
888KB

Download