asyncrat | hxxps://www[.]obj-sys[.]com/xbv27xDL/xbinder[.]php

Analysis

max time kernel
700s
max time network
697s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-01-2025 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.obj-sys.com/xbv27xDL/xbinder.php

Score

10^/10

asyncrat gurcu default collection discovery persistence phishing privilege_escalation rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

51.89.44.68:8848

Mutex

etb3t1tr5n

Attributes

delay
1
install
true
install_file
svchost.exe
install_folder
%Temp%

aes.plain

Extracted

Family

gurcu

https://api.telegram.org/bot7674843264:AAGzWOldtG3GqsZObUVSOc6rpPUp0jvoUtc/getM

https://api.telegram.org/bot7674843264:AAGzWOldtG3GqsZObUVSOc6rpPUp0jvoUtc/sendMessage?chat_id=-1002262935377

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Gurcu family
gurcu
Gurcu, WhiteSnake
Gurcu aka WhiteSnake is a malware stealer written in C#.
stealer gurcu

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x0008000000046cac-5623.dat	family_asyncrat

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Control Panel\International\Geo\Nation	XBinderOutput.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Control Panel\International\Geo\Nation	1.exe

Executes dropped EXE 10 IoCs

pid	Process
5204	xbv270x64evl.exe
5396	xbv270x64evl.tmp
5308	xbeditor.exe
5644	XBinderOutput.exe
6048	1.exe
2940	BootstrapperV2.08.exe
5672	svchost.exe
5624	svchost.exe
5052	svchost.exe
5704	svchost.exe

Loads dropped DLL 8 IoCs

pid	Process
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe
5308	xbeditor.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	1.exe
Key opened	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	1.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
267	discord.com
263	raw.githubusercontent.com
264	raw.githubusercontent.com
265	discord.com
266	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
279	icanhazip.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1471211-cbb4-441e-8d99-4b6097240644.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250101174751.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xbv270x64evl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xbv270x64evl.tmp

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
2252	cmd.exe
2520	netsh.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	1.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
5824	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5904	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	XBinder v2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "6"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	XBinder v2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	XBinder v2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3226857575-536881564-1522996248-1000\{7C3C9069-0D5C-4523-9396-4A4D74F1D017}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004d17a73fdd4bdb01b23174b8e54bdb01954dd77d765cdb0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "9"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings	XBinder v2.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	XBinder v2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	XBinder v2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	XBinder v2.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 944611.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 462239.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5308	xbeditor.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
868	msedge.exe
868	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
5156	msedge.exe
5156	msedge.exe
5396	xbv270x64evl.tmp
5396	xbv270x64evl.tmp
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5700	msedge.exe
5700	msedge.exe
5540	msedge.exe
5540	msedge.exe
5936	msedge.exe
5936	msedge.exe
5692	msedge.exe
5692	msedge.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
6048	1.exe
5672	msedge.exe
5672	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5308	xbeditor.exe
5620	XBinder v2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	6048	1.exe
Token: SeIncreaseQuotaPrivilege	5672	svchost.exe
Token: SeSecurityPrivilege	5672	svchost.exe
Token: SeTakeOwnershipPrivilege	5672	svchost.exe
Token: SeLoadDriverPrivilege	5672	svchost.exe
Token: SeSystemProfilePrivilege	5672	svchost.exe
Token: SeSystemtimePrivilege	5672	svchost.exe
Token: SeProfSingleProcessPrivilege	5672	svchost.exe
Token: SeIncBasePriorityPrivilege	5672	svchost.exe
Token: SeCreatePagefilePrivilege	5672	svchost.exe
Token: SeBackupPrivilege	5672	svchost.exe
Token: SeRestorePrivilege	5672	svchost.exe
Token: SeShutdownPrivilege	5672	svchost.exe
Token: SeDebugPrivilege	5672	svchost.exe
Token: SeSystemEnvironmentPrivilege	5672	svchost.exe
Token: SeRemoteShutdownPrivilege	5672	svchost.exe
Token: SeUndockPrivilege	5672	svchost.exe
Token: SeManageVolumePrivilege	5672	svchost.exe
Token: 33	5672	svchost.exe
Token: 34	5672	svchost.exe
Token: 35	5672	svchost.exe
Token: 36	5672	svchost.exe
Token: SeIncreaseQuotaPrivilege	5624	svchost.exe
Token: SeSecurityPrivilege	5624	svchost.exe
Token: SeTakeOwnershipPrivilege	5624	svchost.exe
Token: SeLoadDriverPrivilege	5624	svchost.exe
Token: SeSystemProfilePrivilege	5624	svchost.exe
Token: SeSystemtimePrivilege	5624	svchost.exe
Token: SeProfSingleProcessPrivilege	5624	svchost.exe
Token: SeIncBasePriorityPrivilege	5624	svchost.exe
Token: SeCreatePagefilePrivilege	5624	svchost.exe
Token: SeBackupPrivilege	5624	svchost.exe
Token: SeRestorePrivilege	5624	svchost.exe
Token: SeShutdownPrivilege	5624	svchost.exe
Token: SeDebugPrivilege	5624	svchost.exe
Token: SeSystemEnvironmentPrivilege	5624	svchost.exe
Token: SeRemoteShutdownPrivilege	5624	svchost.exe
Token: SeUndockPrivilege	5624	svchost.exe
Token: SeManageVolumePrivilege	5624	svchost.exe
Token: 33	5624	svchost.exe
Token: 34	5624	svchost.exe
Token: 35	5624	svchost.exe
Token: 36	5624	svchost.exe
Token: SeSecurityPrivilege	2552	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5052	svchost.exe
Token: SeSecurityPrivilege	5052	svchost.exe
Token: SeTakeOwnershipPrivilege	5052	svchost.exe
Token: SeLoadDriverPrivilege	5052	svchost.exe
Token: SeSystemProfilePrivilege	5052	svchost.exe
Token: SeSystemtimePrivilege	5052	svchost.exe
Token: SeProfSingleProcessPrivilege	5052	svchost.exe
Token: SeIncBasePriorityPrivilege	5052	svchost.exe
Token: SeCreatePagefilePrivilege	5052	svchost.exe
Token: SeBackupPrivilege	5052	svchost.exe
Token: SeRestorePrivilege	5052	svchost.exe
Token: SeShutdownPrivilege	5052	svchost.exe
Token: SeDebugPrivilege	5052	svchost.exe
Token: SeSystemEnvironmentPrivilege	5052	svchost.exe
Token: SeRemoteShutdownPrivilege	5052	svchost.exe
Token: SeUndockPrivilege	5052	svchost.exe
Token: SeManageVolumePrivilege	5052	svchost.exe
Token: 33	5052	svchost.exe
Token: 34	5052	svchost.exe
Token: 35	5052	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
5308	xbeditor.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5620	XBinder v2.exe
5672	msedge.exe
6024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1712	868	msedge.exe	81
PID 868 wrote to memory of 1712	868	msedge.exe	81
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 2468	868	msedge.exe	82
PID 868 wrote to memory of 3164	868	msedge.exe	83
PID 868 wrote to memory of 3164	868	msedge.exe	83
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84
PID 868 wrote to memory of 344	868	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	1.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	1.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.obj-sys.com/xbv27xDL/xbinder.php
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffadacb46f8,0x7ffadacb4708,0x7ffadacb4718
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff629855460,0x7ff629855470,0x7ff629855480
    3⤵
    PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5156
- C:\Users\Admin\Downloads\xbv270x64evl.exe
  "C:\Users\Admin\Downloads\xbv270x64evl.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\is-RQAUJ.tmp\xbv270x64evl.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-RQAUJ.tmp\xbv270x64evl.tmp" /SL5="$5021A,30148813,57856,C:\Users\Admin\Downloads\xbv270x64evl.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\xbv270\README.html
      4⤵
      PID:1184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffadacb46f8,0x7ffadacb4708,0x7ffadacb4718
        5⤵
        
        PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7808 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8020 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2096,7447849405669313715,14938145930818873931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8324 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\xbv270\bin\xbeditor.exe
"C:\xbv270\bin\xbeditor.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1392

C:\Users\Admin\Downloads\XbinderV2\XbinderV2\XBinder v2.exe
"C:\Users\Admin\Downloads\XbinderV2\XbinderV2\XBinder v2.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5620
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\0pb4itld\0pb4itld.cmdline"
  2⤵
  PID:3088
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD2FD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc820533B275764E719C751E92A890F7D3.TMP"
    3⤵
    PID:3104

C:\Users\Admin\Downloads\XBinderOutput.exe
"C:\Users\Admin\Downloads\XBinderOutput.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5644
- C:\Users\Admin\AppData\Local\Temp\1.exe
  "C:\Users\Admin\AppData\Local\Temp\1.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:6048
- - C:\Users\Admin\AppData\Roaming\svchost.exe
    "C:\Users\Admin\AppData\Roaming\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5672
- - C:\Users\Admin\AppData\Roaming\svchost.exe
    "C:\Users\Admin\AppData\Roaming\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5624
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:2252
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:4080
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profile
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:2520
  - - C:\Windows\system32\findstr.exe
      findstr All
      4⤵
      PID:5884
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
    3⤵
    PID:1308
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:3712
  - - C:\Windows\system32\netsh.exe
      netsh wlan show networks mode=bssid
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      PID:4532
- - C:\Users\Admin\AppData\Roaming\svchost.exe
    "C:\Users\Admin\AppData\Roaming\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5052
- - C:\Users\Admin\AppData\Roaming\svchost.exe
    "C:\Users\Admin\AppData\Roaming\svchost.exe"
    3⤵
    - Executes dropped EXE
    PID:5704
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\87d5941b-d940-448b-a7c0-639f45c60281.bat"
    3⤵
    PID:752
  - - C:\Windows\system32\chcp.com
      chcp 65001
      4⤵
      PID:5480
  - - C:\Windows\system32\taskkill.exe
      taskkill /F /PID 6048
      4⤵
      Kills process with taskkill
      PID:5904
  - - C:\Windows\system32\timeout.exe
      timeout /T 2 /NOBREAK
      4⤵
      Delays execution with timeout.exe
      PID:5824
- C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.08.exe
  "C:\Users\Admin\AppData\Local\Temp\BootstrapperV2.08.exe"
  2⤵
  - Executes dropped EXE
  PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/8PgspRYAQu
    3⤵
    PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffadacb46f8,0x7ffadacb4708,0x7ffadacb4718
      4⤵
      PID:1412

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\Browsers\Edge\Cookies.txt

Filesize
6KB

MD5
236a4893458dc754d7f85b2617866e6a

SHA1
c4f9b8624c0009ea2861eb1e808b50c09109f5f1

SHA256
1317caafab43c3937b2200948f1c5f4f6f23ba71891dcb1738301063ab6accd9

SHA512
7b6a4d74c2ec11912cb4e2ade8b2c5820d43b1189fca4d3f2c70bad5d85e5da7c1319854fb13a54d7c4aa660b2a5594e490699da2a11ecf00a813a5d2b6f04d3

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
220B

MD5
2ab1fd921b6c195114e506007ba9fe05

SHA1
90033c6ee56461ca959482c9692cf6cfb6c5c6af

SHA256
c79cfdd6d0757eb52fbb021e7f0da1a2a8f1dd81dcd3a4e62239778545a09ecc

SHA512
4f0570d7c7762ecb4dcf3171ae67da3c56aa044419695e5a05f318e550f1a910a616f5691b15abfe831b654718ec97a534914bd172aa7a963609ebd8e1fae0a5

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Apps.txt

Filesize
5KB

MD5
ac4ea0ac3d3dd666d09f3c3d10b6b232

SHA1
198dd4deb6adfd8da8a4270153de07784aba3fb3

SHA256
f758a51e225abad21dc64caca56a136c7bb8084be97dc8a6dc3896d2aed754ba

SHA512
2c9f20ed53ac705c80c5c8c0e6b1e311ad03e379788b556cc59e09ebd8befa4b2e87912e8844c11a342a1da79abc636c37f09c99c8d2740d5b35dd69d8a68572

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Process.txt

Filesize
1KB

MD5
4f66e8aa606ec9f0234da474323bc6c6

SHA1
64acbdf266a6f89144c54eba3063c8bfd7079589

SHA256
06e876000cbfabd1e518625bdc8d544a11afec8f5dfe80891c4d5e682d94d176

SHA512
86198bee67083ed363b1daee0f2aca95c0fdfb3710832e454eab44fb175d213b685fcf55264c4fff6205e842afb28d520b50ed67e10d93d07db7bdb8303270da

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Process.txt

Filesize
2KB

MD5
6377c0773e5c1327166d6411098562fa

SHA1
8a2c7c8498f7482990c7dc1000e179677923986f

SHA256
e1f944347bdf4597083e728aebe84ff0fc65bf2f79a43f11d6a497b30b65296d

SHA512
df7efb62b483f7944750bbf897162de31f3fde089f08f43a133cc19ca52960cf7c7011d2f827fb8354b7d067f2fa958f07187e2365c0c63a0c8ea119692161e9

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Process.txt

Filesize
2KB

MD5
87a4bc65b08988bf07dbca8121df2949

SHA1
480958d5a87996434d81a83bc4d544980a106bfe

SHA256
00af9423b19590640b240657d3051a654931354277e1043d86a36b607ac50253

SHA512
0b4d2bf1835d4ce2133adfee227242ba6f34e9088efd1f09ba3c49b6c2710008be9e79d95bbae20d7b98a8a0a947473c54c36ade514629fb606e1cf461d29049

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Process.txt

Filesize
3KB

MD5
2241c1585e5f6d98c458d64adbac30ae

SHA1
e2fca3d10f67d815ef4e66b1e0ba4220426d66d6

SHA256
3cd11ea1a0ab919294e8da2ee44c5524d023abc619edb212a1cadfe036438cfa

SHA512
00578a5a41e84debc8e206a4a83802fef66f66b99e1e0f0c88b83d297f1dd0794b6580d46fb13387f1de053824d6d86e4491072d30f7ee1fcb8702f96555fd9b

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\Admin@TECFIYDO_en-US\System\Process.txt

Filesize
4KB

MD5
a13338184ffc88f304a6f63341a9fd9d

SHA1
49fa0cf638c4adf8c63e1a3cef996bce7a793526

SHA256
10dca0b614e14d4b8fae25a59eb76aab696aee8b5fdbf8be665f1ecf44c2b2b2

SHA512
fabd3b25fb86e73f331d1d5c383c0a41198ae6b149329ac886cedc0b54a0013c74365fb3741f4ccd4d07609a708d63dff22c469716e4ab1defaa8ca7f3cf2c5f

Download Submit
C:\Users\Admin\AppData\Local\44a2a1df63a77a42d267fe7dc0578372\msgid.dat

Filesize
2B

MD5
66f041e16a60928b05a7e228a89c3799

SHA1
667be543b02294b7624119adc3a725473df39885

SHA256
6208ef0f7750c111548cf90b6ea1d0d0a66f6bff40dbef07cb45ec436263c7d6

SHA512
8f8541b065653434370e0dd0f930ae0586c66a5235723b22e478daf1bee34865b05e9d5b86b1391c9ef575c2f47a967434e2b3f11a0f78e1133f2a89ce0a6d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef2eecfd8b9d5d9fa22a8b7a58b4300c

SHA1
0f9ccbbe964685ab241d9f87901095e5053e3c5d

SHA256
acd94d5afbd7b6ec927ff94ebb2efc03b924eb93956421472350ce519723b8a5

SHA512
f5a47c06e3da089f496878747540dcdeaca08a2e4867088226324b45c4ad18dd38fc6d16923d9501726a5919f4305a020085c128af6c033f61a259a48a0b7664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
23c881bd9ff24ec1e1c1388e1967d94d

SHA1
cf340b91392671812c5d68f70a32b8b0768f4c75

SHA256
60eb6975421a62b21622524ea781e64e7892294e65056ad6ca7766e1362b7156

SHA512
5694ab40278f68cd46d12a39fd7c7883cb1268b9896f3f09a8283db4a4070147f7970f18902885b119848f532d04f662fb44ab8ad5a7cd47a473578a692da7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
6339ba21da359a65a29e56ac94b7f0be

SHA1
6ba7ca2681db103b390956def410047c2cac6a2c

SHA256
fb70f811af2914c1e67b67300a96f20e1bc2d4a884d65e2987fa45a368b095ef

SHA512
4f5361588029b77a5dfd71233b43685a29f19054a894e53d14eed4468bab10a61542b0d8c4df0bcd1cb24c67c86257d301254c23179adc1e7b3bde32e0873a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
52KB

MD5
8bba0df538c36fe4b5ef085ee87fa5d1

SHA1
a8ee8aefd016ea98a2891b4ac6c24d63fdb84ab2

SHA256
07edc28c8615b6f110618224f27ce60f74fbdf3b4c9ff12ed22381f6a81aa87f

SHA512
7e1fa72fa615cd470b99fc90cf41a2caaa5093163f15092e7e7cfd3812bcc9b688f570668545d2f55af479679495d97343166ac1bfc73ddd2231f52308597c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
79KB

MD5
2b7cc8a688fa463bb69ea4c5cb3e6527

SHA1
2aa7929f2f7d28bc186d3a386b37fb0a848d22bd

SHA256
c3e952f97f25a8efc5fd0ade2a8fd62ec7f558b2058f461532e5d55856f110df

SHA512
a3bc8b20a5634976244c16568cbddcd07f49e0b65dca573b8f12d775b74151733be146a6698583b9fb04cd7627d656620f8c1c82c0e582cc43fca5005dc79417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
144KB

MD5
5045d6fa58fd56444bd69f75a97e1ead

SHA1
7ee9675e2cc173a1bb22d4e64846beba4237d725

SHA256
784c6b4c6345e8738dd5e339bcf649d709f3d3a88c803ddfa9915f51a6043be5

SHA512
a492f3fac5d7c379003fe98490d4b50170c203206cb121d35432feed819eb3a0405ca612d032e95eb6bb3ab4d9dd73aa634cb8d6b89b1b30e679a335b90442b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
94KB

MD5
2aedcb0f8b566a49e3e0de62eb841df7

SHA1
2e3a19e2b820b8f5124359de6fc97e16fbfd2721

SHA256
ff2a5ff6fbd412ba855bd0d3f1dfe30c7ef06785130d9b08c6e727b5165d7cbf

SHA512
7a2739c4e99c4d3fd972a979cc4c3e5c870e7c053968046a2c03f4ebb80dac752e9f602184a477d22f4cf619ac2f05872839291689aa20ca590c0402379b23a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
efb9f6a1680c9d3ce3abe4d5a75c7c6c

SHA1
a454374b7f43f129d4245e73c2048849a78768c9

SHA256
96919908509422207d3fe3dbdf26a7bf0da651dae2b8481c4dce4ef0812add18

SHA512
1d6fa00634b899162a4e97adf05cdb97ca1eeaec3f43bdef4412ccbe4ae560ee19073817aab38508b724f177e7942b07982acbf918750fad0385d3b5db3d124a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
20KB

MD5
0efcdae8412f64713244acb713cf7412

SHA1
b33e187d7323f15050885e512ca9eec3afb1c33c

SHA256
18a3bf2c3d887e6c3e3b534ab36354d59933cecc05302093c22768e9bd7a02e7

SHA512
ac3f28737f4cf8d9b392f50633e5e76b9d60f42033ec9235956ec63f30c75cf85f2e1766793651c2310c55a6295ed08b1c75cd63b38b83974be4e6eae5a85217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
29KB

MD5
fc3fc31e5e7c0933dc18e562c1c071bf

SHA1
a44c31323f6bd29e583cc585036e6eb39f7014a6

SHA256
ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d

SHA512
e54f561241404a5fee5b5a87044c28d9fed16bdc7904324cd968d80456be465ac3e6235fe1c82f2181c2da1ba773c89a13b2fa333de73c1e7f693983c330882f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
32KB

MD5
103708790db3586027df27ded660f8ef

SHA1
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70

SHA256
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe

SHA512
bb9fe97db1f3d0050f5d36e202a83cfa04903d09cd3e5996944aafbfd05f13ddbd13aeb361eec76b28941b4cd51ff0e2a58d37fbe8c8b08ba1ab88edac93dca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
28KB

MD5
26f320b7d6b6e404b26001f6616cabae

SHA1
eacf71f30311cb209bf901af12c519c8e54739b3

SHA256
fb81bf2cedd7a5a85d0f04bfa4f00a2ec2b09e7c3bb36ba70fab0c29fb592339

SHA512
e5469299414cead7b12c296371366bb31378e7080114ebbc3a6715ca29c22ed8ca37f44aea23d68ed119c42e222c482a10adea9bc935cc3898aff3682f74c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
65KB

MD5
db812d8a70a4e88e888744c1c9a27e89

SHA1
638c652d623280a58144f93e7b552c66d1667a11

SHA256
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

SHA512
17222f02957b3335849e3fe277b17c21c4aaf0c76cd3da01a4ca39c035629695d29645913865b78e097066492f9cee5618af5159560363d2723bed7c3b9cf2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
55KB

MD5
6d15b7668bba601d768011b3af5c24a5

SHA1
e7ad83760caa2f3156fded96926aaa2f1556c86f

SHA256
43076504193d493ff4f93bfcdd0ca6e9c6460a5b922513ceb7b8e59528be4185

SHA512
5a9d8acce655c912c99fd6bc561ba80b8877d23a92c5182e5ca1cbc69f4ff8b6bc2dcca6ae440ba905bca11c604f43dc8c04d25cb950863221a4d530e05a3ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
59KB

MD5
b39e0b951986c479cdad18c54159f443

SHA1
0072ac8dbc7c02eac61a3d33529b8e0ec4d185b1

SHA256
501e320d7ff8333f084f08f5fa69f2eef5122a719b4ff882f676282b2904d869

SHA512
d1e469f2e006a227d3c74df9032be9e74baf1bab87797e896504c0e2a023e5bf00c90eabb708de71a75a486bc2146ac5557541c6276dd33a0fadb59411f22ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
32KB

MD5
29689f6e6e0a116cfa5090a677715b6b

SHA1
70e66435f2158bc4f297d4c07afa1f04e07b9854

SHA256
0f1c845a919932f23c27d41210b658e2655caccdc160c0b7ad1bdde9a9150027

SHA512
81e430941cd61ac5c461d1bbad1a1694c230f3b1f189f0b3ca0e874c704ffd06f6a606cedb6985bad46cf1da63803fa0847bfad93f1891486f71834fbf3c42ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31263ed17221d3c1_0

Filesize
55KB

MD5
a264427045e6955c261334948fc9ba26

SHA1
6f304f962f19f9b83be0d6edbe367552a4f542f1

SHA256
896c512eeeb0363d6089f0f50d078ea9ad2e9a957f3f12a35c9ba2362c795fc7

SHA512
64d7c3a6081270fb135d3f8d6997e575c6cec304c859e70cd2782e7282759e4af9ad6f4aab07f335835cf73df5fd7bbe09ee0fff790dee2924e08689ec91fb3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\641bf6970d17409a_0

Filesize
24KB

MD5
9bf8b25a3b6a6f05c19e8ee5b139c7f6

SHA1
14e0600bee039f060f19474c2df25365917cf135

SHA256
c5af859bcf163cde77de309467ce5223aa2346cbc216631e3c7f66cf0e66e5ed

SHA512
4856512b8e088c7dcb130cd71ca0dfc5a84d61ccdfa4e65b50037c48b4bcf95b36ccffd19a1e440ff40764bfab8307e6471f968088b98cf99f46a785bc2f31a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
42d88c23fc92a837ad2b93c76615b700

SHA1
0f2092fe8aaf3abc7ba1ba6d149097962e22a383

SHA256
5aeb5b42a83b60bb64300c9b5495d439ec301133ed2433172a27a80c7dd2d14f

SHA512
f59cc614bba03fc62fde43ddb1eb5ed88aa54cf797722726d00e6df8e06e5fe9075930821c283edc5b60046702c5d24f117d2548ad9b25f8722777637b681ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e5678e3cceab616b3066aeb16bcaaf79

SHA1
7869f1c1b5fb18f587be453f79383a8baa52efd9

SHA256
46f777ee7787ed8359164912408e397d9edc3b9d90198a8d35dff7109c8160e1

SHA512
2547d5c914a21b8f3dd9d2914ff22d2fe80d28c05d8b2cf4e19c60c821e6821f8c1df105b88fa14a1eb0d66e9a87511c03f52c94a0ef8775dfb1f0d15e0d0446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b9c479fab0968a3a0e55c0979dda2bda

SHA1
66e1ca00d0f7b08500d761bfb8b727aac7bde79f

SHA256
57da298fa4e7e3711416904fe560967648512e7dede4b06354a4cd7b3590c037

SHA512
d4b66167462295338af2102ea528dff4e91e26b529943a967465c16745beb75dbdae08d3b6f8929628d104016ec36c5c553bb957434ff3529ee3419edb6f878c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
539ef1b469b528e2089ed4ebe4c66ff3

SHA1
0881be6f0ddb81bfc657b2b7fafcf21679767665

SHA256
ac592fe51d66dd6395573c718a5862ff7473e250475bc956c667103609b52040

SHA512
5a9d8c0bf46d4e5103a0978a5186756ba03e80eb01965cfdf12bcd149ec841233a38d240de3448c14d4421bc66215cc3709835b720c3052dbb49d3a7cbcb77e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7b96fe144af1250910c3264dc014cefb

SHA1
4fb050c043a3db596b9e649f2d2d39ec62f5469a

SHA256
9ea33d1db3f8c2d646f99a60da6df1b61aa6b7f50082057adf5ee416c96f4d83

SHA512
cbe91c3702e945dcb17fab72c302486b49804086d72b50fc1328897a07055dd2fa4664ac5c8e71c45eab324a51a879fd7965ae1353199ffa6dd479d1d5726ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c8e4ef12fbb0caaa936e849d0382dbe8

SHA1
396e0c261b8d2e9beae5517e4e8b98f8c128f9d3

SHA256
985109d907033f0933ec1dbf5ed9839b87315ec507497b60fbd36e91cebb9f00

SHA512
9b9707211203d61b5023452a53ccd2e7f148ad46431640f2ee127242b81c48aa31ae0ed42cd692f6cbb124e3e1bb173d63df74ca651da9926a441ffae4a61819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
541982fdc42564003e399faa23b2c496

SHA1
b22146ed7332f079ee0861d0fbfb104c44b93fc7

SHA256
12e2eca5124b2026f38e39cf08d2fb8ffee16450668106dea36f8e1842b2dec6

SHA512
0558d2e306d6236bff7cb111f6a73e8f70094357cecd3af6649e7649dd7ef80ac716d06c19520e320d79449d2400245a5ec2881c264b546480147b35c970fa23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e0520a689078fe973b628baa31c8353d

SHA1
9dd96bdaf971523b829234e1ffa8cb6e3c671d85

SHA256
cbd7df4b89692e1e4496ce12c824630c5e5a03b1d67c4f2cec93b7c788bf664c

SHA512
0ff13fda7e84ab704f4c03d3306b118aa03b7a9071edc8b39b142c211d79dda1b6772be7d4920a282973fd0611866d99aac7da711b034e396d588b0f05d40bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8572c9cc14da472ba0b38de66a796b40

SHA1
c6728b2d1bba9f7b86885f9be16ce5814c349331

SHA256
76a2bc873f62835decde3f50e87e6604515f42ac26d9212ba81edce5e4f1ef9b

SHA512
f9e0af17adc011c378ffa125de6f17aa2b10ef601a572963138a91b8d765bee05a1eb14b61408a2d93b0d512bda4f86e24ce0c8540136e0b8b06a8f0c63c7c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
12a645adff974af93669631a4cabb1bd

SHA1
47497aa2cc8a750fd0dd66c1b4a67873db55be7c

SHA256
e4be88054254edc9a4d19c7f7a6f312d001da531c9aec4d96b778e1e94d62f5a

SHA512
3a91b1245cc942077ca59507f9d6755754bd234f5de0de110d357b8dd93879b439bea09304077ac2b35e80d73a5454f1a4e8d7afd2453c700e267207df6669f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d1919cc7a1dd29d2205d24657e732793

SHA1
65be06dd32214882b9694dcfca5740ad8767e920

SHA256
5510636c011f2fb1606452f463b47a6260c842d15e7db3473591f3958d342ca1

SHA512
482227f6259322dc9c9cc2e250dc2ae7087edaeb5297343c167a755b15c581e645896796cba707f11248e0366616d51af00a3896ca1d56d2100c9df4530fdb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
488882ad3bee60ab915273945d310e43

SHA1
c5c8a12017907ecba8d4fa89a6499d835bff9e7b

SHA256
602350675abe0fa8919b8ae5b25fe3b723cf95204535f5270d7f28f5aea4ce1f

SHA512
a67776f3989c9b083ea58d2ee524e59622b478a4acefea43355251b6508ba496b3a743cd6b256a9897ead644bb26cce0fd465f640a48c8b4530ac929a4789bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e03403261f5551a1d37c4f7878f12d8f

SHA1
7b6976c357817ab1ab49f82ca83ef309d8413e34

SHA256
2aac10c60a673017bd7bd9736ec2ccf72e393dc3367c81a3e93fd6e203d11ca2

SHA512
6259bfd64cf6e511f46bb99e6d26fa7ef7934d34cf06a243e0bdf085a1c5b6a4412d6897b149356ab3c05ab9bd7fbc31db2c17222ba60c382a599e1a8b7d7a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04277cdb32b87f2642c395e4852b6521

SHA1
bd5ecba94fb0b3dd3c3f32902e0284e008670fdb

SHA256
25123b24c0e5966f270cf2426ad4e2089913a090d380cf4aa903ccec21a284e2

SHA512
7fc28053ef3e8f8abf635403f59daeb1f635197ac36e4d3cfa0591059178a26135a6d69a79a899be9be033549eb286a6473d65b9665e6bca76fa9ca0b11e21cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0bfbf2854686466a3c88a974c18602d9

SHA1
0e9670d54786f3bb6ca23cc53ed18648242a5412

SHA256
ab7e8838417190e5a5fd06cc69be317783b60ce17ba043595d37957747b6586a

SHA512
3c686ea90e6167aca412523e5f4295a95fe0b2e63f2a00c557b18704e0b31843368fbaf58a2b60a582e9c26c6ed4670a75fed9c29557f53e4449bd8f62f658d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588846.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c9412acfd5f63fad74bfea0729157b2

SHA1
909bd3912d52309c26b1dafaef00e367b10db920

SHA256
69d0d16eaccbce92070570fe15b52dd91bff56030ba604b6494309fda211b0bc

SHA512
a3904d4c062784cba30699c04d39fc5a2e3fef154beb0c3d3fe1fead2028eddcd0d3fb3a54746e840b0fea5ada46021d00c94c6493b8c47ce8954433a0e7fced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df03f9551b0a07ec84d6eb2f0f885d41

SHA1
4c267465f1952d6c9227fa0b7f53aa2a9b426b38

SHA256
3e4a4da5409a3f586ca7e0fc9692ecda0ca94d6f84dde4144f990cb66d446535

SHA512
b75c1336959bb4b64439a2f8cb7d6febcefbde05ac49b84b44fde432903381623e085372ef3e7de46e43a46ee3197fa4a240deb57c16187e0f5dea92ba9c476d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e91e6ca17edfd41cdf845d3f179f8ab2

SHA1
12f20278584fac8ea463ccc2de68e22029a36c47

SHA256
47ac7694927b2a33223ed79724431b9f35011474a5a8bba9acf56a43e57fe723

SHA512
d6e71e8fb25baadf81e3f6dbaf7a9790de1e7b49195e99d19754358e0f3ee84a3d823f71b56355838e0ba5b8bcde15584bcadd770ed604a265de64d2ce06ca2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
168a4c5db69a3ae2162568baef87e306

SHA1
d1cd5905afa2c72ec80443384783198908b4872a

SHA256
1e9276836386d64c65a4522fd2a22f2a26b38c7013f8b8bd01157f9089d83dbe

SHA512
df8fa1c0f40e8b6b5265463f2560e536c2205d85dce575edbfc3a4ae58ce6a11620a492ec35db8c65ab0ff0030cd7491a0f3907a43be1ee0bc324d64e087d343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6fa2fc255ed77514b6ddc7529948c0d2

SHA1
f94e23b5df373c0bf88502d86154f9db36a5778f

SHA256
e2be0310da48a811a5c28239fc8f1a9c985fd99952c94204e9ad0c985c6cc300

SHA512
bff0bec52f3c047aa32001b46dce4f5b9f1ecf4fdf00a31d500068f478f9d58fd86501a308f401418f5ed9731a22bf1bd9fcc0479a05843e892409f7ec693c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ec5acfc364322fe0bbb2d339958fa4aa

SHA1
c476ee6eb92e9bf9386eb7a5ef7769bdf1d619e4

SHA256
dfa8e3651ef4efc6c806bcd957e2e28a0686924591d8720df125bb493d35b59c

SHA512
40c2cdfe4380a3d9a42bee986851199941a6d4ca86bcc73fc7b091b560999111f0e37988986c0c6d10a02824f213df646c534fcc3fee1ac1e61fb911d5207efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bfc1f9a4244c13fdcb7046b3959ca022

SHA1
70f2339ae66ac2b9f1646b97f17504986b4b2407

SHA256
f681e1731415caddd3124b85be868e1aac86492257f7fb062b18791181269dde

SHA512
5810ce002c6e59aa0b48f40f3af15a6e28a9e9596a772bec33e0104f35384daf0ad8d7e353786c0bbca2998eb02dad7fe923ed80beeada4ff376e4bb8436e615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
67c2bb171676cd91168b590ffa0e4023

SHA1
f3801aad87c572c034f1e73b0929aedd43563abc

SHA256
230388075b00e7fb72d5718937ad95f09d4246a7e10de97957615055c38fab79

SHA512
046cdb0420d0b2780a2d53030e7ed83a0b93d7aa3b4d58757e51b720f7af54155016ead59655a9fcb2a466eff24c20ceb0cd8ee49381259fe7b08b878648f301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
199131ea32cf81866e751dd11d73082a

SHA1
352ef42dfada0f587bf05d854cc8d2bdf90b900b

SHA256
d35b2b842c65c9645a8816508e075356c9e7f070ea05591e9e5ab94b8778a853

SHA512
676c0da9ca3b06954b7086c196a9da1c89e0c1f5a3d45f336e7c0df01d3a3fb2045773ea9c082728bccb27cdac937cc02a3515cb3cfe9ad1309b21bdabf90d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca19811322a3c8b3184ee13a9f4c1fa8

SHA1
a8c9f20d30d42b14094ac175485b0560eb5cf171

SHA256
7dc92ec46e6a20291f92bcc9f3ad6c3179494e246c57bfd8fcd87fc26512de47

SHA512
2a8dc76ec43ea3b6786c2664b83d395408dbc29f3fca99d198d1e57eae59f8599bdbf1d309cd17de9b76e243b004921eac9f7ee6ea369f971f87013fcfa88659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43e5f87b108e7723df7363b56591393b

SHA1
2a235c1b770ca2390aa629f5c784f5aab38d5800

SHA256
118b490dba3e4f6c32adb97f3f50e531cee967d340e7323614195ab86cb7c59e

SHA512
d9715db051ef437b1064655ee450977e68a854a1b2227ba0fe1e18009d2e649ea7b8113d808a6dd087d68815f5ca0a833c03205e5f398edc64312513629e2ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc340e1b0f8df6ffb74bc860947aa20e

SHA1
832e3532fcf11c2f07c93c3f24995a8e7cd50014

SHA256
2d8a54286786f9501250d2f77f99e9387ece7039ba27f3989feea708e213733a

SHA512
f30c88dcef0b020b88d7c647244c4589de877dcb12317cf68c2fb4c9c6b4773681f6b068ae143cec4753e0688a299e0ee4a4a64b50070ad40c98ccf5fd6cb749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aee013d08ad09c3e6f99a894b229f322

SHA1
5e26bd584019081931693717d8470bd188b8c904

SHA256
4da7ea0cc4f8be2ff8ab7577aafa9f2b001869b8555c6f3d77199f53d5201906

SHA512
a988123466176319982cf6791cc09d87e5829976a34681c51bd85038e95a119aa5dcbc703106ca86cd5969d1bd78a558a90a80cc0e058ccd373c0276493f1612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16b42442c20ebb5ed5fdca743e826736

SHA1
9b0187f8bf36ca54ee73d9828c5a225c90b84a81

SHA256
6d6d5e5d050c03071a7c18e19f8b989ebad53a176b303769ebc7a8199b8f5211

SHA512
7a1d75f9f8e86c00b2d1cd1aa721e20979bd4bed68ce7e54b90ed3d3c9bfc959649ab26db3113adf545b41bfc0f4f3b0789c5c113d963d68c7cf87dc0a6e7af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9612df49cded4d3bbf3e9b7c4e6b25a7

SHA1
dfab01d322bb4e89de227fb59130685c3ad0bea4

SHA256
758e47e01bb8ec49b05d607cc537d3bedb3f44ed70c71a936b20028910b370af

SHA512
ac9c3d836a097be2cb05f6ad5782dc6cac8e4dc6a3e3e9f94c65a57af47c9b8e6a8e025fbb79fc9434169c17ebde1e70febf87f7642b60492f844b0abf1b116f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d67468f115ddf74e93aa3060038cae20

SHA1
3fb6de576ae3a3767851a08ded7b31d1a49fab0d

SHA256
5518e5d1ce04b20435d1762747f1fe18f23a8f478381bb068b904b36c961c424

SHA512
66c8e96de135846791892181ce7c6f9537f80bd794d579938c808e1555a0819b10fe5f95da75ac7fa84f4f989cbcd288ed3433270867a71b6c01bb6e0b1a569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
218316eb6a21307aa8ad48086a041aa5

SHA1
6efda4b24679b6dc5a53be383513df995b7db635

SHA256
236c30b33cfcad4f2212ac36545763541fdc3fe0a118fcc0f6772a5450fec205

SHA512
3a469ad6f3efaa5615612ae42cb2645169e4bbee0dfd2ba7ded9e17b5e49404fd949e3eb85a10aa468375f291e3be104706a4aa939911bd7249dce789d448185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2dcf189d76a67355f9a31e6a3a0511f

SHA1
af9902a7ac7fee5ab31129e1e8de4072c3c00b81

SHA256
2b69dd3e894da6158ce7a79e720ac59c2cd669a5e09c38aa837be8e8efc20fa5

SHA512
57be82bc3fd2df22a459ae3d0f2b48f60c9f5778bfcf411c0b2f1e11902e0c0eff1e6f1816fafa7c6e0aa224250879a2a2645dd243c18f9e7c8eacd3d6f97401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ebdb6583b9af90c6dc24afc9ce421c10

SHA1
49f3358bae45854a523caa903a5a0a5e7c7fa95d

SHA256
5b27656491facada672ff99960910fc170c8aa81a532ed9b4aef04b050be60b3

SHA512
ea94ef0c38bde71fdc291a4a12bfaf83d5142e60f877781b3ba451d83c72f7cef46eb3e0a1e380defc8028fd1a018cd3df3d04333278056f526c96b0988b922e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e27a6889fa941aef2cfcf1eb490428f

SHA1
8e05385c08e45cf34003b71fbc655e38e53f2bdd

SHA256
462796a36d02d6ef83b3a694a2d2379ec7775e32246eb0ceb1fc4e7e9150cc3b

SHA512
08ee3b849cf55a7cdcfe77f0a173ed1b1d364acaf83f3e16d178839e605f08e707a56aa4bb21759f3987ac251ad8520f2c8b19205e1012a3378e8659954bdc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9804b96dc4779441f3328aed99b6c46c

SHA1
418dc25adbbd9499b3b8abfcbcfb69e670d6e31c

SHA256
d21a7c52e08283cc7a5cab64ce0344d20fcac9bddda5895f1e9718603a1415d1

SHA512
b72545cfb707bc0a254ad679cbc02ada336d1082b3666a28fbd622f46c4efe265ad69aaa8ad698f40c3e5dcb07879aefab9e533f97aacb7f6287fa37c9605a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
76311607ee95ee57c3bd459109eed237

SHA1
cd7641949172207b7a6b2f23f8bb8d19c34a518b

SHA256
9e1079690681380dedc03b34de1acd2f181a7f900bdd100685dbaf71c975e852

SHA512
984d7272570b73686a6272c37ff4aeeb2d6cb4b44cc44e2b99401b06204c6d685e850b00df2a41cf4cb32304552d98a721e4df76220c5528c18706330113757f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
54aeb54912c47a059575cb228ced0cf9

SHA1
968f09b0496b272eec5bf7b6b4a55d399b4e1e16

SHA256
baa6261ecd78e7dab774cc45cc637cc0acdc1a46e085b2846d4b5978e9035e54

SHA512
30cb26994bd9f0343ac14f574ee85b1fe0d461961f6dacbbaa033a31eb9db36b3e9cb4d4ae8bb1c25d2740c27d223373861e79c1002384cf0f50d7a9aeacb66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a995e0fde1fbe8289db27a18fdc1246

SHA1
d94491111739ab95878d396c654ea88f78a71858

SHA256
4b970cbf35e7761a503716cfea00dd983a79571c5cf454583d8a1c2629604b9c

SHA512
7ffd9de164c25506dda55490ff312951f1ab2e6dbc4869934d7402c93b2f3ca89a4c61f55db2fb30705f17c40814178c8af68c089f187834c96e1d07aa6ac37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d2b105e74bbd64491ac8c8a1dbbbbf48

SHA1
d33b07d514243a9061adb31d2c19735fb528e6b2

SHA256
3acc59c5839cbfdf313736870add5505f9c9d6d5a1a69b5874b87408321ee673

SHA512
aa92b83ff9e18778554eb7983582433b0ea6b785f9aa170f8934b8514e69961e777f98bee664506dda464b4da10e807a080797d1fca48f2193281608ceac4226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
28fb2e44c6f28f5f883a4bea035f97ad

SHA1
7c34a5d15f5263db0c2103790d29070809ebb347

SHA256
598b22aa49f6f7895d0fd2d45b12e25265f1f942bf401d1d8eed7f7bddac7f08

SHA512
0fc47330d8128132af94e7df30fa2321693dd50e45c3f0fcc6849c628a4c64dbc3e7d417e6a9e4a3ea249adcc16b72ba1bdaead9ca1d8dfc921fd86de2f71b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e19ba13021915ebf77a1203461edf396

SHA1
8cfa2e1b572e32338b7c834044ee4184be22860e

SHA256
8826c66ce9c61682047841d2028a63e0f2407683e66cac43f77f518b1baaf73a

SHA512
12e7b3f76fede4bb0356fdaea905291ba16562a1b43ef7ac8f34a76b9a5a01211a69e9d0af3989e40e5094782cfb2922f7b107733a9805635f06f0d348ef3e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ec61e36a9ad736ddb4b51b96bfefa94

SHA1
14b15e8abcd55454e49651d839794a389bedfb48

SHA256
626c66b7501bbcd99bb5e42e6d36fc812d498b30ef40d967b24f468e9769673c

SHA512
c25a772437316521d3362c7565a7e55dafaf241da044d8251e6a98ff06adcc94afb3c3475eabc1a83675fe1e3e8d07364440ce6f291cfce2a1e2648e082549fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
27eab5f1f7ea31e79921c46ca649ebe0

SHA1
96a638896345eddd8d7a9c2fe57de58e5c26d0f9

SHA256
5c3783ad62526806f7babd6d10aaf22a5360c9236e05e396f272e31eb8a0a090

SHA512
63f1ccb354c5fd6d5ed9d990fea7e5e9c24349f123c81f35d7ef40d4493d6797db2ffbf45f1eb0df0676bec6c26327793e06e0016b7f2a12d22ef4732f2098fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599e59.TMP

Filesize
202B

MD5
3baf8c05ee01e1ca6811d0f40c987e74

SHA1
b1faaafc3738ea3ff77ffc35c12a573b62e04594

SHA256
d86a306870ed2526a8373a121ee52b950e3404fcf11290d135006f1cb709347b

SHA512
5acb2c724554a99b7427449f4d36cfeea358de52143de81d97694c61113f64d10c2ada2f5f674f7b45eced5e36230b9898e0ddb7aff8b427dbd1bd1686757f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cc857e92c7a80fb753b3fa293d63e4a

SHA1
0f8ba62fa6a327c8b4e8531d6bb7c4a035ed6c35

SHA256
4cbae374b6b656d2ce3747340f796ea1308daabe2ec284630eecfda649eaaef1

SHA512
6fdddcfc2b58bf9ee92af612fbcf1d4580d4cdae66c0b04556624b6c7660cb6ad65df7a8e05c294ae2ee2bdfc3ad6245094010be286756063a6a42efe72abdf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
983ef36f684c671e831f59499deee0a9

SHA1
f0e033a13f38ab421facfa202e7ac71dbfcee292

SHA256
dd7199556c04193b501ce2dd442d76aed5235b532c1801ddea04658a461bc53a

SHA512
918d1f08282ef86a6c9ccfe9b8940592872cdb62a88db4a33c177ab99a253e473adf1948ea232c58496e6c77a7992d9ad0a6ea0594617b53b68131b9eb9d78bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d468b6dc1c39f91a33e5561d47bf630

SHA1
efe01d53b1bfb2788a20823e8802ed897a8c0c57

SHA256
8b2dddb843740cdcc1ee754d005a1e2a9069c3bb765bafddd924d17b86f89b24

SHA512
5d8733f7cfdbb04e8e6aa79c0492f4f5629b21687b77cf18286548f02c2e37dc7811519d19c452211ff6d9c58d03e3b464dfb0bfa995b3d17ca481447ee4b579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
316c9345b248ea049d427efa726e8727

SHA1
4e2c23b3ff90386e1034fbe97f408582be6825ef

SHA256
fc867900ddd43649cae3c921c7f445462cf983b5d24101eecedfc6f7299761ca

SHA512
e2b2ae4b222c180b34492104a03cdc1966c704c3dff32d0c26c70aab06cc04883f6a0f217649a3fc30b91b72eef552681537e779ef06f9669f5ed454dd39d593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83195bbad7a76ba99ef62c81ab602e95

SHA1
bd4ca9bcc398ac9fc301945b01920a240bce4fc7

SHA256
d611f712772e7b229a42d9aad0ba6a7f70e9619578558b7fe62be6f719767bff

SHA512
53843c1c7d4e87fea07d37948acb23407b958b76bc3d83d69f9dc6afd69484357bc37a9bd448e00aad3951086925cdc74d587d1cd0848a75d5b39776241efd10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
69bceda71e4f5dda87a6cd986cf34d45

SHA1
607230a1a8f9a37a55fa469e8c1f225833f57211

SHA256
02676c92cc2994b9c49be29c5f138c7ce78eefb0505fa5ad4b145f9b8552bce2

SHA512
66df0e72af7509015c07fe3d465a4e804ad53a033e6d0beb775e8b59f344eafda9b736314a50d780e31606a11573e3c9610a2fb8a82b979af29a845acda96cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd7948e94d97667767be9d99a370fbbf

SHA1
7a8c64e7793f91fe479a8e430401a319bd1e0b4b

SHA256
6ede8c36880736a18824d1d7f3266b8490169f787d2ec5ce0108c36a787d4acc

SHA512
2adab1da00f4743d268bfd98da52b4263ae6a7e58ea6befd9e8f3502c55b2e821214635e72ab373180fb5c1a2037938db7838a96ff459c0e80c64387c68ae312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a0ea79ec846ed58d5b66adad1a51582

SHA1
713534aafe37dc762f8ba7ffa893851b97cf89fe

SHA256
f1aac782d641b15362101c36cd14f1823c4233dae2348fb66ce6a67cef40ff16

SHA512
de26fc1bf21d1f20c965ac0dec129837a0f4eb76c17a0ad76630fb58ddd3316e5d048af35641d5774fd77f6ccea58c0db4bbce4227cd7c260a31789ed32d583a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log

Filesize
690B

MD5
69fc051ff0c5a6cff3abe5d740be0d11

SHA1
a68c7e621ffffc4f2ee2ed9d4e5636f5d4ab5e05

SHA256
6aae6f67841f1fd9afbd9360b2a8a1bac648dfba3789b6249cdf03340800e22e

SHA512
8c6db803bce64a8afbab2934cd34cada9b5d04a564fda98dfcc9dc8141928242af44f3cd5b12ecc2cfdd26d1bc2e20f34938d4a53b0fda1b02bc2e844b6f6d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log

Filesize
1KB

MD5
49767e7870808a03290f6dd94a290724

SHA1
b02d666da07939045f430f6408ec1dc137e4bec0

SHA256
c87d9058ab22013b6b2d4c91695a109aa708d270d3868f13c5e9ad13e0f27dbb

SHA512
b5daa68779e32b7f0a7ae12f7cb5f889ad16207cb05db0a9cb3ecd4efdcf6463456c2120989a9137c20dc6a1ae0876453eebd8f8293ecc49cbd7be10ab38a7d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log

Filesize
2KB

MD5
315b9663ffd22594c9fc2fdf5f1068b4

SHA1
cadac066608da4799fa5cf9975d2be0c8053ae37

SHA256
4f470e44bf9fe6903904a92c64973354c4df23f2698671f316041792090bafe7

SHA512
5a58a9662404a4b4515371ba2389a7a8431797b4474e2dd39990b087b234997b9b5c88cb928e90b4809e62c50684ab001c1210821f6168dbcb7704a9c7e7691e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stealerium-Latest.log

Filesize
5KB

MD5
3cc9a2885f058d2c04a7ca11477a7f70

SHA1
0e672fe9768c3cadbfb677864e66278abc50c2fb

SHA256
f64b91398924ba3cfdff44d4da0f5fb9c652addec0a99834b3bc4f6771967fdc

SHA512
5b221bb589d3fc45c52cc1ae7c6d51fa53219b674cd0a98e011c88da0bfb22a5a4f2faaebc8c769da8d8cd093722fb29b7cc26c1e307bd501427dbed4c740355

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RQAUJ.tmp\xbv270x64evl.tmp

Filesize
705KB

MD5
4d8b3565adf4c8e21f4e3b4643b75038

SHA1
a31359a19451ed5af836983c74570f6d8a555b27

SHA256
9c99cf486ba093b4bfc7d09d53c9082fba39ec74edb258f82196a8e0ff1e8ee7

SHA512
2786962c7d6d3e50c18a9ef262faef6fc0bf94eb2018fc0b35ac69c52d5ec6009ad63c8df023ea4c65850bc78fe14fe87b61170eda6f0ed86b27084c850b475b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ce7ac7f7fa847e9debbf8cef40485384

SHA1
30bf9233627a3b71736b0564519c782418ed1555

SHA256
5d33f51b57e1a4633e485aa1ad1f392ee565c6a392769eacefa2ad91d600244e

SHA512
ac249ca60e3455e868b3a0fcd8f51842fc4b4abed737065486da28c2efa70693744bfcbae875a6cfc30cdf5de0e595d66609ddf2c96eef6454387f8023aee8d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ee8bf4f2846f3103e15a32b022063aff

SHA1
0aeaeec87fc53724dbd4e3313d466f3e8cb31f0e

SHA256
ac73203b4d3bf9da2f67ee74f2ba90993d98410f0bb41081f1a2ff748a7bddd0

SHA512
44e8c926b4afa8dc2f44f8030e895b4381666c3648a696a1ec8b14177a0445ee3343024f795d8ee2cf6166693c391b591391112bd17b8636a19759e42fc871b1

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
63KB

MD5
67ca41c73d556cc4cfc67fc5b425bbbd

SHA1
ada7f812cd581c493630eca83bf38c0f8b32b186

SHA256
23d2e491a8c7f2f7f344764e6879d9566c9a3e55a3788038e48b346c068dde5b

SHA512
0dceb6468147cd2497adf31843389a78460ed5abe2c5a13488fc55a2d202ee6ce0271821d3cf12bc1f09a4d6b79a737ea3bccfc2bb87f89b3fff6410fa85ec02

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 462239.crdownload

Filesize
2.9MB

MD5
3f960b403cd616c9f59b3c22fc69aeca

SHA1
c9878d8dd7cada17525d0fb41626ef10387cb624

SHA256
8d0e9176ab99c1c4442f8529a5e06a84cf4573b79d21c15022f825ad9c36c84a

SHA512
bd48219ce56276114a411d4a3b19ff723cf20fe75571faebd43c2567b2a6cc73b77ffe5858ac5f80cec32d79ae3df84ebfc42b80b38af14691727f2c08399761

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 497657.crdownload

Filesize
573KB

MD5
1094707038fffb881fd65aefd893def5

SHA1
5307c00832d98fbdf7c6707840f4c52db06d6da3

SHA256
6ed69a3664e4ea7d98de54bd47d3dd320de43e91e10b76ba94463fcd835b516c

SHA512
704fc595aa128bc905f0f81dd4bab1d53e93f11c563b4642d3beab398d33b6edb60316d1451792deaa9032f196ce4bee2ddea15699378ae6c32a6ff11ab3b5bc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 535330.crdownload

Filesize
3.6MB

MD5
67fa781a0df1aea8159a22c0390023f3

SHA1
d3641ee05ddd0a652a9004894f09b484336f115e

SHA256
c59878f34eb08565dde137d3da8f37185c07b01de149b4c210497703c737605a

SHA512
2f7fb249fd1e4097928adffd40b5131002b6fb47a26248d92f0781f6510dbb4e382febd2bfc7755970baf2f4c90d48591ca3edc08d10ed0491df9ee4575eff2f

Download Submit
C:\Users\Admin\Downloads\xbv270x64evl.exe

Filesize
29.1MB

MD5
6eef8717a0422304d9a4c5e30dbf58e7

SHA1
02837450d384adb79ac6bd8fa0b1211d5f8f31e7

SHA256
1622ebaddb6c7330523286747c883f626749b416ae90e3a69796358f35a6eb44

SHA512
90211be878b73daf58ae5ecb4ee603a681aabdb2700acd83a534258b13c29f083a9d2e4235b7f38ec578066e9a5b16f86dade9df38ca3e4e9a30758eba24327a

Download Submit
C:\xbv270\README.html

Filesize
18KB

MD5
4fb15c179d279353aef3551286d90811

SHA1
c40edf3c444c446b3a43a3c325fffe370bebac8c

SHA256
ddd80f90fe6c180689b535096e0ccc7d8e6d38ccc9f04b26f6456f8f07872a29

SHA512
0ec271f19b8eaa802e2656b84aaa488a035dda2670806ac39c681f6fa7e7f1d15945d18dd4148335e2440f0df8f0fa90c7908ecbd4ba037688065ef53991491a

Download Submit
C:\xbv270\bin\MSVCP140.dll

Filesize
612KB

MD5
ba72c2f6f465926980adc2fb7f8b3490

SHA1
63de0e3c14d0f45c1edab1c3ecd4adfb78ee8cdd

SHA256
86881a7054532019291c162f0a8177980c1c2b45490f7e88543f22915d08d9ff

SHA512
05136a8dde4359efd112341b12e0545accc8d018e4fa7495b071197833a0227bd50879d7753b61582505b8e2286f845604008bd2020e689e148037a9ef7d7474

Download Submit
C:\xbv270\bin\Qt5Core.dll

Filesize
5.9MB

MD5
30ffb1e7e93f0611e801044f76925498

SHA1
a617876e4bba63ec10bc5fe02726fd525a7f93c1

SHA256
46de435941821b1a02953115a2761699f107f1a810066e7a13981657bf4c7380

SHA512
1018c9fbc54281f740e9b42724c2af905401452380b63c13b6ec2414541e10812a06a8b56548560a673436fb277d15256a9d914f526ef780fee761383eac7365

Download Submit
C:\xbv270\bin\Qt5Gui.dll

Filesize
6.8MB

MD5
ba64872da03c95e4fd46cd251c8e92cf

SHA1
cff055a1e2a478135bdb5b8b221fd9dfb22eab62

SHA256
424068a763cad5e7afda930f01f6ea741746a6e4f29c30aba642388949e14204

SHA512
2738181fa8cb2dc080af143bf0d452f19d69c1a737e944d2337eb6a96443f98fec1062272757dcb689575ea3a9c6583496b4b4d9eaf9664ba6a0067f7c1cf079

Download Submit
C:\xbv270\bin\Qt5Widgets.dll

Filesize
5.3MB

MD5
666f38b86d6c45179542c20da6a8276b

SHA1
daeb260e638b94eb7e17dbb8939cb4b1c0a977ab

SHA256
099257300bbf49e7fe3ac04b6aa85a410b632006926cfe2031289862c00156cb

SHA512
81d3528ae29111cdae7a2e4c3aa37e40c4461b367f948532e3a3e4c4db62f73a506ac82b60f489b5008ae8288c9ef00ca65df68054d40794618f366fd565a6e4

Download Submit
C:\xbv270\bin\Qt5Xml.dll

Filesize
190KB

MD5
9a95c6bf4d4b9a0cef65f99fe62ac974

SHA1
79a2a18c661dc1b1062d7d5b3dfe30e7a263e42d

SHA256
6c5b0227147f3eb01b138b15115e8edea3bf9a4c8118d8626249f02443145647

SHA512
ec565e828924c490c02ec8084397ff9406c6eed51b862e6c0a0489b58dfa0d71385acbbf29ce1cc9c8c4f3bc83bd85bd15a025a9a0adf9598c30782f712b45d9

Download Submit
C:\xbv270\bin\platforms\qwindows.dll

Filesize
1.4MB

MD5
c1f99ec79f00e4fbfce9e64faa529d27

SHA1
d10a5713409c6352ec02bc3c403f6918c1731451

SHA256
872696985f1feb8d6692ec84894c2e40da3e9bc92de501c8cb53f3bd0670a556

SHA512
6b3766c67df75dbb526e073c30c59aa9c4233a608916be7c6ca56de24c6c1c2c8e93997adc8c0412e25cc67cba4b0b1e0bfcdec0561fdd49406c0453b375ead3

Download Submit
C:\xbv270\bin\vcruntime140.dll

Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
C:\xbv270\bin\xbeditor.exe

Filesize
737KB

MD5
dd512e5c96c6562c69fd13a26468f785

SHA1
6899f89eae424d7b72cc690fde200f26ad7e68bf

SHA256
397136eb717e04be13eef33732ab272ec61f9a142d942076d98bf1d38ec89768

SHA512
4742d90b8c5e1fcb2a0e12e3a13bb617ebbb94d99762920a985329ccb8cd17b9cb8676dfdfe67567afb0943115c6cf66490275c8fa15984cf62a448e9e7b97b9

Download Submit
C:\xbv270\bin\xerces-c_3_2.dll

Filesize
2.7MB

MD5
fb10a022fd67d564538a5c12683aaa1b

SHA1
a4702605a3b6054d5b5a1e852b081754992e327b

SHA256
d9b0901cfa24e6c9ed4b3af71eaa8adc9d47bf0df2088eb3b794ab7bde744268

SHA512
bd4d69a8f96c0d0998bddb11d0f14513d67ec224de58005696d37faeb10b5805602874b7bad316636e428c6e3fb254819f77be622372cea2131800e23220b91e

Download Submit
C:\xbv270\c_64\sample\CSTA\is-37MTE.tmp

Filesize
7KB

MD5
fd19b224d83484fe0011951fb67420a4

SHA1
f6f2d0792b9744fb589639cb3f343a43490f4cc3

SHA256
94fdfb6a6ccad295d424b163a3286fb05031088e7b1a0d4e41cab768d3f029cc

SHA512
c21613477daabbff0ab3fadfff9201e5b8809c819ac757e47fee2d1f690d86c17110b6c17cc056fa70b9e3b146fbbd8b884d373f828ce4aafa0e68d3419af2ab

Download Submit
C:\xbv270\c_64\sample\CSTA\is-LH71M.tmp

Filesize
563B

MD5
50bcf92aac03d3e09d0ea26f5db65030

SHA1
32e0858e003902a29ec70b9da451033c36ca9734

SHA256
9622ef0bb057a21e23feeff22e5b1018be8b913269bd712408c04274ca1076e5

SHA512
224f6cb6993676e21c82da6e70e3fd15bbe52e6a185a637420fece3bab7650aeb5813d76877f95315ae367ffa901920ea22c434c69332cb2a080d562ad00ef47

Download Submit
C:\xbv270\c_64\sample\EmployeeMicro\is-0OKP3.tmp

Filesize
1KB

MD5
10126573204debc81634d403ce8b616e

SHA1
58072712afc3142476d3e57e5d44cf69f5aa1e72

SHA256
efd41e061d4ffd0fa75905a794f76fb6192bd9c1bae1314ad72c889861b36208

SHA512
4da479a14ae042ca461c9dae8e341b0e06f27dae1e69ac8ad6c216feef919bad07aed69244fd753d32e452945d41fedcc63b577cd063a54e26d1e49be751ecdd

Download Submit
C:\xbv270\c_64\sample_json\AttrsWithWildcard\is-81A15.tmp

Filesize
1KB

MD5
b6b48d972a6a6d7ee44586c2d994396a

SHA1
d4493249cda8973a5216d32406a2fb2157f709aa

SHA256
6c5880f0ecbd1461cc6e32eae75f944c1793e1e2e7ede48a5d2adbbee5f0ba19

SHA512
eb69b50ca9de4649e608d820622b3c7f2f675b83c56433c6e2269abc763cb2767e5edc5628ba20b51a31a02104a8f72c0c59a63a5ec6b1d441bb7e35a15c7c5b

Download Submit
C:\xbv270\c_64\sample_json\AttrsWithWildcard\is-QP1HV.tmp

Filesize
26B

MD5
f8f851e23a241f45a4184c746f75fe54

SHA1
61eb81eb36206e52b73ed03e613183c78679c410

SHA256
2d73b41e55753971ad8fe0b7a1c1e89739965ddc9400e2f9d3b5c3a2cba2a1fa

SHA512
867ec2da9f26cdd206bbfe873e08c613af57813cbcdc4d504b5b8327e570762cd24f42f2e0573c58068e79be60a02a1ac0bad7ec40f604f6f2853678238c86ee

Download Submit
C:\xbv270\c_64\sample_json\product\is-OC5AQ.tmp

Filesize
583B

MD5
7414e0b45047a394e55d67c1f43c37be

SHA1
371b8afcdad0ab272c2f91ff2c43cca080a7d2b4

SHA256
5a3cdc692f7de2aef29fc0215685cb3425ea6916031263f0117ed9d2b679b217

SHA512
4e6667bf8b90d1560b7ffff01466f6694419aa1ecface52bc91c346e5e9ea957bc460e96a1b91a14711b26da1c630e6781054d695a66c4223cd0e7e4d323826f

Download Submit
C:\xbv270\c_64\xmlparser-libxml2.mk

Filesize
612B

MD5
05942ef71b315eabaecc6e7c27300328

SHA1
a6360c911ad421ff3c5d19343e04fa774813a112

SHA256
acfb3972d9ee0764a023f3ea51ce791b0999c43fc7644b97c77224d0e543d00f

SHA512
9f09b6fd0a06f886605c839ada46973dac4a7033ce2c6a15514d9f813c689cb1cca0755ab20567f153d1ce806547ffb8632db939a25318c5b17e745b2fe242d7

Download Submit
C:\xbv270\c_vs2015_64\is-5D7SL.tmp

Filesize
2KB

MD5
306e1e27eddb1c33ca32c912115db692

SHA1
f3788578e36de3ead9722de827467e65115834dc

SHA256
65f1c627e98e8b2b35237cdf6be28fbb53099b7cc96b706df723da2c2fa322df

SHA512
c18b372f0ee5d745ce78efb762feca73e75a6f18b7f15007721ef6ef3e467bf2c89a92afcba1aeb77068e3cce845beee2ba7e4959fa9dda15528a257381d1e75

Download Submit
C:\xbv270\c_vs2015_64\xmlparser-micro.mk

Filesize
230B

MD5
76d77f9a75ba77d786f302869930e32f

SHA1
44133a03ef1f9a242ef5cc0ff8f3cda2557d2b86

SHA256
e9330cc1b26af89fb9eaa38f440715da28a83326a69979fb79464f6755831eae

SHA512
613e77e6cc0539431f0964d229b5b40d69022ce50d552d0ab48de5457cf52166cd586220c2014846371d98cdd5f3f15654e17fb931666aa6c03d5fc240f986b0

Download Submit
C:\xbv270\c_vs2015_64\xmlparser.mk

Filesize
626B

MD5
223ff0d76eb69354f869730275bb24be

SHA1
8745c0babaa9cc28a4ed7df6edb119ffa395a028

SHA256
ae13d8f9bbfc1d137c89b71118dad8231aceeea1f742d53937a66cc70ed7f296

SHA512
5f5ae25471864a7530170336b24b25cc6f815fa18c30df9241926f7cb4a8f505349cbeb6165ebb339a9ceb4d048742f65853a89b01a7005e74a04ebd3f74ec8a

Download Submit
C:\xbv270\cpp_64\lib\is-6LHI7.tmp

Filesize
16KB

MD5
2a14894e4f6e10ca6bd793772b2204bc

SHA1
5a870fefd24c815417de191669d97589869cf260

SHA256
9b3c5c577d2ad36bae6a353e32ab106f8dfef341ac5be660a546117edb3b7668

SHA512
82d0136a04686cbbff9f8670b3b1f895eb8d2dbd2b882eccb77dc9e2c10e790a7d78368983ae422827f40e4164eee5643c2b5a08dec6ab090d9030d54919bb38

Download Submit
C:\xbv270\cpp_64\lib\is-PLSJ9.tmp

Filesize
328KB

MD5
904777961842af6363758f4c5c423c91

SHA1
6985274596a84ae94fc9f27e2a3a89449a108a72

SHA256
c879fbdc6d5a4f79913e8ee3fef1072bdc95def6ee60de5bbe77e33f1265d42e

SHA512
2ef2d15397b2885b7f6147fd7872b84c3665b687a54f9425626740b8f114f44c00333d4b4f2adbeae061a422e12dd7c409c82c204b64e89f3064dd1c84511b58

Download Submit
C:\xbv270\cpp_64\sample\ComplexContent\is-H1OTG.tmp

Filesize
6KB

MD5
883161b40fb7531cfb4debdbd9566a06

SHA1
c67d8591c0e6b9ab6dbbe634d41f5098091c78d0

SHA256
d43100fafdd023448505b328b3c20de3b3eef93441d9bfb5587bbb4b87af2f65

SHA512
31c1d47d3897e29ebed0a15fa9ed1c4296adee9b532676e68d6b812987034d631cdd8aec567f7edc9f957894cd7b38b142c044297443949455060b13bddf2bc6

Download Submit
C:\xbv270\cpp_64\sample\PurchaseOrder\is-BRDB3.tmp

Filesize
2KB

MD5
e067fc41fe661ae004ecd7acd54c9972

SHA1
9cc26d83066f5ba949a6d244dcc3edc3d67f8230

SHA256
274397478ef0d2b06cb6f2da5144b46b1bd50bf262a817f305f7010cf804c8f4

SHA512
b0c10a6e0502d68d1480c073198c729c464a6fcb877bc04a4ab730edbfc7b644f5974bffeaf86d86c9154ba5e8ccb82813cd207d4f5ab5c3e1c477f722f18b11

Download Submit
C:\xbv270\cpp_vs2015_64\xmlparser-xerces.mk

Filesize
601B

MD5
5e5e914e7b8fe7c45f240fe8819e873b

SHA1
595c5e3b68de33397134d8807031a1fef9f2490a

SHA256
a4f5254bc17b955eacfd83ef596b59d793bad9d55c25749ec4b90a0a8dfa12f8

SHA512
13171beda3687b5c6e489d4d89470d9117079ef4d36573ef14bd08025b388ff62bbb70c0b0ad41ae9783d158a087a1caa1c3c1fb1b3612d6a3e4ca697c689925

Download Submit
C:\xbv270\cpp_vs2015_64\xmlparser-xml4c.mk

Filesize
578B

MD5
6ecfb55332db45eb41efe36285dd75c5

SHA1
2e2e40ee525070a68ed8d1e640a05c7132ac1512

SHA256
ea1103deef35aeb70e33fb20d9668e5b72cd4b367e4f8505fd5f31fc075b43fa

SHA512
e6332130dd6d5a88919dcd2a8ddea03a391cb6a76a7feb5ce2781515b0fdc8d4c425cce3a173823cb63cf38e51f9ea38fc6b1b134125de78b5cddccc872b3d2b

Download Submit
C:\xbv270\csharp\sample\RSS\is-9O7L1.tmp

Filesize
26KB

MD5
f46c21d6d4132bb18a35619423eb4c0e

SHA1
6cf5cca31cf547f26b9720549f9378ae339f997f

SHA256
4bbf233f01c2dd258e63946687321fd894772ecda1314c51e60e47a477f09166

SHA512
d6b750124a5174e0d51909e0e848f695a34d5e34ce857e29206c03e283f3d314c6bef8c6761e452f7de182f969abe6d76d8674536217207d797060e43421b004

Download Submit
C:\xbv270\java\sample\CAP\is-FRKE2.tmp

Filesize
7KB

MD5
63c40746e70239bfe8ed21915df2dbfb

SHA1
bc423ab2716a52fe205b99a858c957f1a1c1fbad

SHA256
b44d9672bf0c281d28d99a11665a57f7b5aacef6008fbd1b46b289b3cba58891

SHA512
ac55e1f5ef7556326a03fa3110041c148b3a0dc3da6e3638e80963ea0cb964f5c2b80d4a0dafba97fb5bdc52fd543494a507bc3df6527fb738699f2f1b70873e

Download Submit
C:\xbv270\java\sample\CAP\is-G9IC3.tmp

Filesize
1KB

MD5
cae5371ad0472b624148a1d385310161

SHA1
13930ad00a98d4f281f9b1ca8ab1771e7404f3e8

SHA256
71dc4293da4b842e021eb156b46a3d6330bc10cc3eec6b9e09d40ee0f4be3730

SHA512
971ecb3e358248340ea242d4589c72f3445afdc7149bac77653fd67241a79dcfb910d388ccd03cf6e5e7c4711f92d44b0c6eb5ede0f74908ab67b01fad3b13a5

Download Submit
C:\xbv270\java\sample\CSTA\is-1S243.tmp

Filesize
231B

MD5
bc4e9e844bfeb84b2a93e841fa6121a2

SHA1
57e567f852faf5009b1452067e6dea50cdfe99eb

SHA256
b75655020ad936009b5b1285309540426196b0ca7c533a8a46497da6b2772bd6

SHA512
fc190c87411cc71e836123f0c975dbedeff0153a8d8d8930efa37c9283e4d7303c696564e4a57b3416a2a60b25c0008ea456f65fac834f2a2be5e42f2202dc6e

Download Submit
C:\xbv270\java\sample\CSTA\is-3UORK.tmp

Filesize
19KB

MD5
ed0dcc049683b6ca2225fc54f5caa5b3

SHA1
27f2079eca2f72097291f31249921cad2b48106c

SHA256
509c5e50aa199d966e2f3d11a151da8556f6bac499bbd2e1501372c972e7b429

SHA512
8482b5af93f8b2ad09659d17bcf40e232fe054cec3a5f536b3d937391effb3eadd781c0700a4ec7d34eef82b4c69a9a46adf030da2f599ad43a08d2040edbc8d

Download Submit
C:\xbv270\java\sample\CSTA\is-861JJ.tmp

Filesize
7KB

MD5
7ce92825ddefe97132b58f7b5d8d19e0

SHA1
c01f9a24d45cbad0568ff45b3da5bd3bde394c4a

SHA256
80a895b0b761a08650828a59d1aa1f26f2b62cdbff9c8d7a714a80ad9e595614

SHA512
85972b038b9bd6ece40ac1f2db08917468f6dac6cf2e13cc30a41e76c8903ee05c42d8a95c41e9413c5157fd6e825641cadacd839f48e38b381a36f1533097c6

Download Submit
C:\xbv270\java\sample\CSTA\is-9EDI2.tmp

Filesize
4KB

MD5
6531dc6ccd91b5cf823f01f89e7c22f0

SHA1
43b72e352f10e6f07a1166d9dd1e155ffbb3d093

SHA256
87bc9954ceea066305d5df1f1b502be5e70073355f53de59ad3ce6c4252d148a

SHA512
50a9454bc583178f772458195cb59736c9c1e55b263488d19ef1cebcc056e3d78d137c621188bdb1f2af83b9183f9fe16317613690cf9443eb8f91d6ebf4bbab

Download Submit
C:\xbv270\java\sample\CSTA\is-FNTI9.tmp

Filesize
13KB

MD5
d58b8a26b7576b799fff98237f0f57b9

SHA1
34e3ab464d6385b4a60316b106d963b0ec4bfabe

SHA256
1b464b408ebd86b9112a7fcaf55119425e1fbd1653ec3d9161afba9528eac349

SHA512
855a6967a6ed9a41b0f2b6ea4e73c0c409cae5a3a7ad715accac7f00da4d314b5ac2db85128c83fe6aebde933f1605e7f8ead7f768dbbe2e495650043432cbcc

Download Submit
C:\xbv270\java\sample\CSTA\is-FRCE3.tmp

Filesize
1KB

MD5
304dc8d1c5cfc6cc805005ffe6634616

SHA1
52e0ed025c6114425a843c9a0f95ce782290cc88

SHA256
660302663a1fa32d96fee67c1a460bb93f537a29ffe7057ccd96a96f566a70d0

SHA512
03fa9267b9f7765dd43102e379d61bb647cc29b0c5ed48405a50aff9a298480adcdc60fafa12995cedafac948cd9abbf1ba717ca4be8ddf1c9f237f07ff2385b

Download Submit
C:\xbv270\java\sample\CSTA\is-MKMPN.tmp

Filesize
521B

MD5
8ed87f072a970a1a6d970cf76852978a

SHA1
c9de067e56b7b82333934a4874968eaafc3cfc63

SHA256
d21d3ccba484b794f74b9d3e7cfd09d75921abd8d2a67528680251a29b2c56e6

SHA512
78ac574fd016492c842f6b4cd57e6c370a8f2d441cc5700c4761e9888bd1667d99559c97ca93bab82666a4735f23bf81387f39bae6cefed68c0b4f8a6e1a24a1

Download Submit
C:\xbv270\java\sample\CSTA\is-P7NVJ.tmp

Filesize
5KB

MD5
bc157c15c83524b15d9c78c59eafc5b4

SHA1
63e683e354da9777b9e19e700fb09f60ec0664e8

SHA256
e7bc2d968c4460521067e5895c925b1113fdec754e8c7fb3f7172e67be4b5919

SHA512
d0df609e13cf7945fd4f6d5c96f584b3aaac63bfc2d3dc4c0a9ea67057fb7e27251fa754ac69a61f529a5c03706b98f1deb00cd80eca67a1256a320538fca814

Download Submit
C:\xbv270\java\sample\CSTA\is-QJ8TO.tmp

Filesize
227B

MD5
1f34a167a42af6b302e64a8a21d611f5

SHA1
3210eba82d8f6a522963bff236975fafdf3c59ff

SHA256
3aeb409bc994e263d7ce669340046994dedcebc69708e148d11df3eedd1cef10

SHA512
c650772184d4b15f231cadccda7b8d33e9230e8a064476fbbd9efda8f98ae3aa901b14617ddc77e7c4042b45dc1d29732359438dd6a52a3b4585e34f0c3d40bc

Download Submit
C:\xbv270\java\sample\CSTA\is-S6Q17.tmp

Filesize
1KB

MD5
f82fcd57da0f0003527b852a6ddb1f4f

SHA1
48401b5ad8b23aed3a30815df913c334135f301f

SHA256
314f52e8713c4e2678bbe8ec6d04506c1cea4ef3d2d44262551ee73fb1a692c6

SHA512
ca30f3cf78cef7957f6bf4af173b4d9156573bd5d79e58120ea3fd8e55bf28bdb99bb2930f4ac85a22cf111947fd48f3d1f8ce2c625a92dd0217aa95d26b382a

Download Submit
C:\xbv270\java\sample\CSTA\is-T82R5.tmp

Filesize
7KB

MD5
638644e5b746e21904801357be2eb4b9

SHA1
16ac8c0add12628903036c3564febb05db95d597

SHA256
c63bc1e771aed6b64095900cad38011d3894066fb7582d2abba256c9684fbd71

SHA512
154f19040a10ca79f1efab4b1506044dacdc411c6f9476fe33450c92cb83592bf5f89d843d7367d1ba6c757a370d161a50d633f3efd943d8b3abccf77212692e

Download Submit
C:\xbv270\java\sample\CSTA\is-TDOUG.tmp

Filesize
2KB

MD5
e57a1f5c7909815761b04107691d6ad4

SHA1
7b2b676a0ba92f37cb80a4fecea36c1ef2f8b2cb

SHA256
e3f8d86ff8cf11c28d3ac28de8b06726c0c8e6eb7830c974cf02424fc1d4bc0b

SHA512
f62be1a5a9ded7d64987144930117187a44f4e1c5e21a6b705380bef382c767668130a627aef079457bd78d9df66dc3bcf0215afbc373a2d7366b2909ff84bf6

Download Submit
C:\xbv270\xsd\csta3xml\ed5\is-HRBTA.tmp

Filesize
2KB

MD5
7a862bb06c8735244e00d80ca8032c44

SHA1
ce853a520967e3e48b07324f75b18ee66d428774

SHA256
430d4c10f6e8f31d2722df605a363caf00f2091ed7238f88640ed189da865928

SHA512
570e5367fe638435d735c22d1be5de0b5e83c94d90f99eb533e493c04c11b67163153974fa7c6a3fa6b8074f2cc26813d45c96ae2ebf4e00ac31abee195f548b

Download Submit
memory/2940-5596-0x000001D84F530000-0x000001D84F568000-memory.dmp

Filesize
224KB

Download
memory/2940-5603-0x000001D84F510000-0x000001D84F51A000-memory.dmp

Filesize
40KB

Download
memory/2940-5604-0x000001D84F4F0000-0x000001D84F4FA000-memory.dmp

Filesize
40KB

Download
memory/2940-5605-0x000001D84F5D0000-0x000001D84F5D8000-memory.dmp

Filesize
32KB

Download
memory/2940-5599-0x000001D84F500000-0x000001D84F50A000-memory.dmp

Filesize
40KB

Download
memory/2940-5593-0x000001D8301E0000-0x000001D8304C2000-memory.dmp

Filesize
2.9MB

Download
memory/2940-5601-0x000001D84F520000-0x000001D84F528000-memory.dmp

Filesize
32KB

Download
memory/2940-5602-0x000001D84F5A0000-0x000001D84F5B6000-memory.dmp

Filesize
88KB

Download
memory/2940-5597-0x000001D84EF90000-0x000001D84EF9E000-memory.dmp

Filesize
56KB

Download
memory/2940-5594-0x000001D8309A0000-0x000001D8309B0000-memory.dmp

Filesize
64KB

Download
memory/2940-5595-0x000001D84AB40000-0x000001D84AB48000-memory.dmp

Filesize
32KB

Download
memory/2940-5598-0x000001D8503F0000-0x000001D8504F0000-memory.dmp

Filesize
1024KB

Download
memory/2940-5600-0x000001D84F570000-0x000001D84F596000-memory.dmp

Filesize
152KB

Download
memory/5204-4900-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5204-342-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5204-349-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5308-4917-0x00007FFAC70A0000-0x00007FFAC75FA000-memory.dmp

Filesize
5.4MB

Download
memory/5396-4899-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/5396-2664-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/5396-359-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/5396-370-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/5620-5521-0x000002151E230000-0x000002151E238000-memory.dmp

Filesize
32KB

Download
memory/5620-5159-0x000002151E780000-0x000002151E81C000-memory.dmp

Filesize
624KB

Download
memory/5620-5158-0x00000215025E0000-0x000002150296E000-memory.dmp

Filesize
3.6MB

Download
memory/5644-5566-0x00000000007D0000-0x0000000000DB6000-memory.dmp

Filesize
5.9MB

Download
memory/5672-5631-0x0000000000DE0000-0x0000000000DF6000-memory.dmp

Filesize
88KB

Download
memory/6048-6076-0x000002A5F2EC0000-0x000002A5F2F04000-memory.dmp

Filesize
272KB

Download
memory/6048-5579-0x000002A5D7B60000-0x000002A5D7EFA000-memory.dmp

Filesize
3.6MB

Download
memory/6048-6077-0x000002A5F2F20000-0x000002A5F2F3A000-memory.dmp

Filesize
104KB

Download
memory/6048-6119-0x000002A5F2F40000-0x000002A5F2FF2000-memory.dmp

Filesize
712KB

Download
memory/6048-6120-0x000002A5F3020000-0x000002A5F3042000-memory.dmp

Filesize
136KB

Download
memory/6048-6122-0x000002A5F3050000-0x000002A5F30F0000-memory.dmp

Filesize
640KB

Download