quasar | 870ffdfaec0f76ad2bac52a5c639a34813bf44c37a2c6b52ca582b7a704bbea0

Resubmissions

02-01-2025 13:29

250102-qrk14swngk 10

02-01-2025 13:05

250102-qbgnrawjgr 10

02-01-2025 12:58

250102-p7xt6ssnh1 10

Analysis

max time kernel
479s
max time network
483s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-01-2025 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

livedata.exe
Size

3.1MB
MD5

3393507c6698a8fa7552b474820fa233
SHA1

bc8e2078156b3b87341a0045eb581ac68f605767
SHA256

870ffdfaec0f76ad2bac52a5c639a34813bf44c37a2c6b52ca582b7a704bbea0
SHA512

e28f41de1271208944f86d06b265aa0ecadc899a53e41705a1f2df06b919b58d9d3d9dc227c3ccf8568e15491ca06135b26b2e9be7968b1512533b2a177998a9
SSDEEP

49152:DvOI22SsaNYfdPBldt698dBcjHjMS8mzwYoGd8JTHHB72eh2NT:Dvj22SsaNYfdPBldt6+dBcjHjMSxs

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

ahmettt-36012.portmap.io:36012

Mutex

b47a15cf-f43b-4ac8-b123-ef745bc58b02

Attributes

encryption_key
DFDF5CC5F6DA9099931F989981D7F56159CE6C69
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/4828-1-0x0000000000300000-0x0000000000624000-memory.dmp	family_quasar
behavioral1/files/0x001d00000002aaa2-5.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
4084	Client.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "1527217828"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31153498"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
3288	msedge.exe
3288	msedge.exe
632	msedge.exe
632	msedge.exe
3020	identity_helper.exe
3020	identity_helper.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4828	livedata.exe
Token: SeDebugPrivilege	4084	Client.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4084	Client.exe
4084	Client.exe
4084	Client.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
4084	Client.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4084	Client.exe
4084	Client.exe
4084	Client.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
3288	msedge.exe
4084	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4084	4828	livedata.exe	77
PID 4828 wrote to memory of 4084	4828	livedata.exe	77
PID 4084 wrote to memory of 3288	4084	Client.exe	87
PID 4084 wrote to memory of 3288	4084	Client.exe	87
PID 3288 wrote to memory of 2724	3288	msedge.exe	88
PID 3288 wrote to memory of 2724	3288	msedge.exe	88
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1792	3288	msedge.exe	89
PID 3288 wrote to memory of 1816	3288	msedge.exe	90
PID 3288 wrote to memory of 1816	3288	msedge.exe	90
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91
PID 3288 wrote to memory of 1236	3288	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\livedata.exe
"C:\Users\Admin\AppData\Local\Temp\livedata.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff991de3cb8,0x7ff991de3cc8,0x7ff991de3cd8
      4⤵
      PID:2724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:1792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
      4⤵
      PID:1236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:4068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
      4⤵
      PID:2156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
      4⤵
      PID:2556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
      4⤵
      PID:3856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:2524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
      4⤵
      PID:4812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
      4⤵
      PID:684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
      4⤵
      PID:664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
      4⤵
      PID:2652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
      4⤵
      PID:2732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
      4⤵
      PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
      4⤵
      PID:1424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
      4⤵
      PID:3120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1252 /prefetch:1
      4⤵
      PID:844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10129962122137434945,14862266582538511636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3016 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pornhub.com/
    3⤵
    PID:3172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff991de3cb8,0x7ff991de3cc8,0x7ff991de3cd8
      4⤵
      PID:2344

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SendRestore.gif
1⤵
- Modifies Internet Explorer settings
PID:2928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
0dd3e79cbf1483610fa1ac438d0fb607

SHA1
772a1c6a1b4c50a727990cc53a46ec3ac3755ad5

SHA256
2752a0e9312cabae43b766907c81739f1b7b357d4b4410e8bc85734985473df5

SHA512
dc6c0278286c01db86dfe581c968e8c71737ddf1f6dfa4dae01e4f9dca68f330e13ce5abb988176ba42513c6cc3f7b6b003a670778881d69d41bf744b2067b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
4e035d4419924345da63c874ba6f534b

SHA1
3d163ded0e3ad03ad25dbc00eab646e66850645a

SHA256
f7e0f5593818363eb354bd153649a8c5e364b55d94596c5493b367271988b132

SHA512
6ca7db61c39c7a7a1b061170f024c5b8adadf402df7c3d722db9b7a1fa4109cb4401944d8661aa9436917d5513390bd4ea4d69124fdd44d770f914b45e056cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
86KB

MD5
72f7268694db5175b38eb37ad9f8f2c5

SHA1
585ffeda366ef7e9cb27cd48deb1c0cdc556eec5

SHA256
7f2eb40177fca31869ab6140a0689505bc089948c2ee2580437d4d306a4ba5c5

SHA512
8a5602ad082594a94163c5d7864b80992241b5c26f014dc5708b1a6a7eb1937e061c9538dd38bc2cfa038e34bec052525360156947de84ac2b29ff18a6a557f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
105KB

MD5
9318d5903948b0268f5efc389bc3c112

SHA1
f3d1ba5cb90ed524e599069eeb5f4499e71947b5

SHA256
308b20f43a8c2ce957ab194306b306c46c701ec2d4c6ea616727a9c748a797d4

SHA512
814069e5b14f649d401d93e1fc0ebd4e85631583c36ecc0d12f92288d1cacf8e6b70cc3a4184a16a39535e2bfeea9b7d668f4c8d94b2cd6e5baef12bca30f979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
29be3f4c1685374185295c0577a0fbc4

SHA1
c720338b90479756d89c4c0bd6e1b2c126e741e2

SHA256
84234bc202cd90772c3dad4cca1b2e1330d811546ed6574be8a6dd8706356d80

SHA512
6c8e59a0453b5ea2dfb99dae65a114d5b05e28428fc0b8d0012ed155115137f5f54abb232f7efae0e5c7c9775e7c5e3373c2f582b59c62625206445f1f5d9894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
792KB

MD5
6915d995a699f0ffce93a6c6d6b5ebfe

SHA1
8decc085bc2a520014dad87f6d1b62228ca70bb0

SHA256
83f89dd1fcaa96b69b91b4cfe58df02509b4cd9eb0fc16ca733550dae186138b

SHA512
ed86418298bef0c05c9aac102bc5a781d001ae95e0dfb908873c6f630517a434f91874f39d11f76cfe29104658dad13a7065a2598c71317c921fc5a233cc539b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
17KB

MD5
7df344c16c64a7b6762c205f505c00b5

SHA1
2ccdab8fc5f983a3f5d906051158f95e82b16e3b

SHA256
ddeac823c805ec55d177a14aea55dfc8e5d3142e26deb37df352637ecebd3668

SHA512
4c707db2d87e3c51fa7e0c289f918d4a5815d76a40c3e02c9cbc9f01e15893c66e04a6ac8aa4425799e064fbeb9a8a6f2bd13863d7fa181bcbda1c2178ceec09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
16KB

MD5
6c0949d2cafb4b0136e62e83f69aab34

SHA1
e15091c89e7c0e364993d8da0db159f5c143830f

SHA256
201ff0cba3dda97312a40f4c175129cc078beb4a51bf56684713f93cea14485a

SHA512
2d47fdcc9c091b1de9b040d51b4eb0e9ee01b904eafae3d6f284cbe437b955a5a69e5f1705d02efff2ed77c29e876a8a25115bbef26a12fedc3e64a20083ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\049205fabd56a4e9_0

Filesize
134KB

MD5
ce7542f670fe6edd49a408f587fac536

SHA1
9ab5675d97719168911e62289d9470bba69d1399

SHA256
90c1b6408f45cb2b51ed7d95c28c44fc5d898e510552459295fe35567fcdf2e9

SHA512
34e9c8145af54519665e78e7f9d424b7144d835896ffc63c32b583de676e66f78989e3a9e1cda93babf585c5c3056dfe4ac6904ffa78e36a4b25f7345520ebc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d86f9f84c872aaa_0

Filesize
3KB

MD5
70047ecefc832c0cd49d7f06d0e626f6

SHA1
7e075ceddde55ed41e73c6c730f87dbe2bcbc54b

SHA256
50b4b93a75f6e95b545760cb8025645eeb9ea3e20bbbb32c69bad28ebb244c8d

SHA512
531ba15580aab2bb76578934f77c7b617c709e7e235d73aa5f0ff162cb76fa9ca2745893a5cf597f75d753912b94b826fdac61824f3921b8ba963f4dc91211e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ef075775c69ab20_0

Filesize
265B

MD5
a97842bc4ac5f4b01b71b75890921e2c

SHA1
b64a8b5247a648cc1f3e58bbde27f6d946ae7b7e

SHA256
f140f4a418d0af98a99352991b12a5a4311c69da8248512e8a02bb7a71b79107

SHA512
c5ed36b483ebd33f2438118cd09280e2efd6da1d2872fdd722d0427e4f9cd83859f2d03d4f0562c23fa875d37a60588d333e9f4aa73a3f8d93db2edbf12c7dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f7588bda91e5c4c_0

Filesize
3KB

MD5
20ffdf3d3905d3b9341f3ebde29549e3

SHA1
220bf85fdfb8a730a97ac6fddafba5df0a2d84fa

SHA256
b873501fb57284caf42e416bdf0ff3688725a7b124b52419d5baf2c78be0c2c0

SHA512
87fa081075c0ffdef1b3ae684716122cb0b0a41423206cd8882f0581ffff9b720f86ba38f9b439e2bdf71cb43ba69a65242fdc13bacaac4a2500309a397eba88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35f18b017985331b_0

Filesize
2KB

MD5
7f29a928b068a8b8592684ea79aa197c

SHA1
da35b81f844ade7bae44f7c2342f3b0b9dde89e6

SHA256
2604d06b06064e830f47dba4b0c57828dc8097e2189b45da96f0375cc9b1dcaa

SHA512
3b1758b8f71cdb8220939a8590a511be21b48cb583985c5b8e8d7d40d65922f7ca82eeef47a0d201ddf042bae24ba5db940fa3cc1fdff1ce8b98c070b1b82d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3651a29593531c27_0

Filesize
1KB

MD5
ec047d78bf53820250923eaa3aea6580

SHA1
6a007754ba986acd90dc8ba4257f17bad1192053

SHA256
3cfd22ee46225d244d209e9c11613d226031b90602ec4f5b2f22dadc87ef9b02

SHA512
95cc06555d8a78e5a1d905a7b7e72b52192ba2c62fe3dc57f4f8231ce5e4bcf01a21e0fbb7f5bc2c05cf5419b13bbd778362cecb7466cc74383fe0cd245391b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d3c3fb446694839_0

Filesize
260B

MD5
403fbb412c6e6b58853b03f0199f7912

SHA1
78e9b57c67ff37d539c3df84d6b1201a4c9c81f0

SHA256
6e45d50197cf8f1dc7c38f3a1606a4d1562d503038bc885b1e6b7693b2cfea3c

SHA512
12917bea753105163dcb41ab803a052ac67bfd078d19be011a4f9d3b602384a6eed990a09c6a93c2b10228cad265eec17b08217588ee99ed0c2f07965c030572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d6e1a4601df0a0a_0

Filesize
4KB

MD5
26fc1a9de3c9b91275274e6994eed2a2

SHA1
04e13f1e6f32a4cf77e9354631c8dcca32f5b992

SHA256
3bbdb1413a4007d55ea7e13f4aaecef0e55bea57de08946754380ef58aeb9b68

SHA512
a580fbed229c6479bf4ca5c911bbb2267c18f033e6fb7a8b508173d894c20af8995b1726f584fef3dd9679d733933428f49b8398ec46556a5a6dc694303f99ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\495fb8518cdaf037_0

Filesize
11KB

MD5
e60c66eda0ce70ce7a74ac858f3a3be7

SHA1
e1e5107a4488d62b750aeecfb421efa37732d032

SHA256
751e8deed63d1bee4b35976259adc77056fcc0465801806bb39e8bfb276f2c71

SHA512
b4cef9b9256fbe62d7d84e32372231be5faaf04e0a363a3d35a7ed1832c545e2e04067d1106b11a26cb5652c394ec420f72bca9c6aa39749959831805fa41564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c9f4e24f562044c_0

Filesize
457KB

MD5
857b33adc9ffbe2c2a5731215cb68d26

SHA1
8c72fa30cad81e2d1c136c0b642b265ada232ceb

SHA256
775f4beabf22e1882f186f4d9f3c1530a48e2f37f570747cb7cf81756743e9c8

SHA512
e4dd42c608059ccb1752edb0cccd78f0d28afd1b1bab6fb6aaed894c3d78e73b1c32d84de2da7280609a3b13fea13b103ca10b19fbf1c9335f223c18182693ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56ee70fa1decbb09_0

Filesize
107KB

MD5
2bfaa3196ce750faea6f91ae0b293deb

SHA1
3d90efc9a565964ec9b6b8998523df523de1c7a6

SHA256
ca70c04a83d691febc023c9e8c191177f8218c2d9efee1f1d4ee2201bd140dce

SHA512
f19f6918b51b343d8d833c5ba5942fb312dba57affe0525cb98be7fca451410969eef63300a023324e6b26a62626d40b9b1a438e7ae653dea820870404b2d9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f5c5bba6405835d_0

Filesize
89KB

MD5
f9be99edb5c5fdec9a2eefdcc9202e87

SHA1
2e2723817ea76b69c805a293ac98a1c2c11ac654

SHA256
f1b76ea5b63afcbede6f7bbf97d514d68ade5f7d778abb5acfd4f1cf2d9e6219

SHA512
b597c868d645993b966e2ea896c8d33f529e3599017f40d704e061c7bc4997b3fa7587178a012a0ab40af6caf9130f018741774c3d51cf2f999131db9097f6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f878c7420b45bb8_0

Filesize
30KB

MD5
ea0f1dbbf10042855d34c7d6e273518e

SHA1
6630388686edb6466709aeb87a089b31b0b06ea8

SHA256
8fea833180cba2eeda9360b61a424729653769f88ecc0ff646c6fcb05fef92dd

SHA512
ece72b4b9a34e3d60a3948e5d1307f810a66e09197b9848f7f35e4ae5eef75dbf744e72c8b0ce6e238646f991cc892f6080eca4df4ac9b91cf80abce89566513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84ebe5655959b906_0

Filesize
10KB

MD5
b835bad9c3bb2df5d89ac3e273fe5bcf

SHA1
e7c7293f95c0591b3b802ffe91891fcf8a630744

SHA256
7f41deecfe8f6cc3e85976d6362cd8a786e54de785bc3158960b4494df23a191

SHA512
92d7ff05dbdff4f4cfc8a6b14d7c03ddfa9eb6824437f18a799c741aad9d9b66d5c7a093aabf1bdc12338cf37661528f9d3b4c4a4117497c4418ae3ec378cdc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88c75b53a4f66add_0

Filesize
21KB

MD5
9e436cdacb9d48d0e97a9cc7d620f07a

SHA1
ad05a5c7398f8cebe1a130d3de6b694370c9043f

SHA256
8411caf5a35552d5c0523fa72009343c908164164d3a9a9a1fc694e5bd62c21b

SHA512
6aed5f1175d5e0e1eefbd17d80ceaccb4a52c6f63d96ebf3d5c04fd1b4f2b07c9ed9e4a7b3ab79988ed1109f6dba1635c29ad96c769277c9ebccfea7d3c87f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a36ca549fdb81ae_0

Filesize
3KB

MD5
16e1ac2b1d9582e213767b73f9083d7d

SHA1
00ae342ea87299bf0d54d1e2fb3b763eb562df34

SHA256
f69970d223e933c6290be7915d997140be61b11d0b98da5cfce9e4eb463bcda7

SHA512
167a6a08aeb56a4c1c701ae379de7302d4c7d9b59ad4ca53c5293a2a941c1691c5f5625294d932bb2439df3bcd853f8cde2906057618be8a72239adcfba11f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\930a5c2d4cbe2c48_0

Filesize
2KB

MD5
2c503bf4338299e4ba619a30db4d14ae

SHA1
e76df1c0d4469425efe1e8fe686acd101c3e41d6

SHA256
a6699253e0d80be1d648d357793381b35d392e64c96e5eed02654ec4bd3924b3

SHA512
12b88142d035fba31c30443ad394c445c1352c22afd670052bb3d81ae96b428c3d6cbe41723a0cc5341b70f09d5f98263d31ce6d0e7ba0f7e656c5ed3a8a9578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a10a720a1bb4ca6a_0

Filesize
61KB

MD5
11b8d589f5d451c1ecda38614859f615

SHA1
ab4579a98276514804043457fb5f7a9a21cd50ff

SHA256
37c1ff355fdf1ff7435f6fe8866d627c5f0d358382f309d08be18e38cf0542a3

SHA512
3c50e7625cf72228f25d76d399012effad2e9e8ff1d5c0eb32576f8eaf084c76e8a254926789113c0671aa63e1a283d2f75434dac15b9319caa487609b8310ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3f149b0534fa3b1_0

Filesize
307B

MD5
52efb80c4a128c11760341b187aed2a2

SHA1
a5ab7049f4ba82d1216501f87bfc574471c64769

SHA256
f5f03aeabbb0b671c238ac38b19cbb93dc6b3b1fd5257999298f18d5e0e3d379

SHA512
478aaa50b554d5b9d1027768cf0a24a6399e13166fdc5a97efd5f8b3d4c1e8ad5c394c02354c157d371a7944b04a2c91dbf684469a82d0fb28d1e2d7452bed55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3e06f5af569ce76_0

Filesize
1KB

MD5
fcb9a9a921c075212ea6a19df5af9c55

SHA1
a5658df4c9c7908a42b7a32b514a745b7a8409ae

SHA256
a9154bd4bbe2ab2d233840ed57302af9e309e87d9bdc0751928d3777ffc7cf49

SHA512
79e3f0ce19b1d4aed0c55b9792e5ae5bd4c9ea5f3a5d4c44d69c15d3943c57f8b3e42f7ddb69e68f2b4f6a029142823548650bbd1d82037cec1a6d27d7628bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d8de27d3c6d4dd48_0

Filesize
5KB

MD5
fa2d85e465b1892125ea9269a5453ff2

SHA1
fdef8d7de61c9136d35f15f1adb5fdbbfdeef22a

SHA256
27b40bc45dc324898cbc1f81a5ae6dc4a3cad5040e7458e6b09ba5f3f3fef15c

SHA512
f533fcdeec1b10e6694db90a2836c7f3edb7b969b88c12ab444b77fdb791e448ffe0ddb2929e9c49dadfd2f3a8ef6ce6044984aeb2595fa0f6decb31aafe3e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee1e47bf4c7aaea3_0

Filesize
296B

MD5
7e6b7c9e9d0e7fc40680901ad1e52abc

SHA1
cec96b35f29cbb959e7c5ed5d20a9df5fa371b27

SHA256
29e809d0bc0da2c2e233e78a48337f1119c697c15ea554fa62f01ea560fdcaf1

SHA512
8a1b05213ac6a6afdc508fad56b35c82dedf29bde486720c1ea77866a37b02acb503d1d0db1bde6052823a6c0dbdf167a8eed243376322a99a0c0cd64ecadf83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1eb83435a1a8135_0

Filesize
268KB

MD5
6ea1a57adab6c3c8e3f45d3787dfe16a

SHA1
27983a749fcb9a77d0aae9942215ffd58b1d289a

SHA256
86c69a5ef4417916b6849c52e7151763038c7f78e431e5f5caad029ece72a5c8

SHA512
bddec0cd0474cfc7f160ee2c9e2cdbe013d7ed8d4e0d7c0e9d5d6bd441543059e72e79dda2f36493b9800fee263cba41323945ec9c0178b126f3d20831c75beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f39752e2a6b60dfe_0

Filesize
269B

MD5
eb680d43fafb319236bc8bb12a7e3750

SHA1
1677f4fb5fcca2155fa4f1480ed5c2409b1787fe

SHA256
39ac3db5ad9828717a138dffc046d8c44ddc919b1fb1812973313364cd1b2073

SHA512
f7e946889abcf851299966791a8f68a28563f6d3b8617da89e3251f23b62180beb06b37a39487a6df096465e1c01f1fb40fa6332b0346442b69d6b2614552d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9bff6f4445fdaf8_0

Filesize
2KB

MD5
96311bde4a0e72b35bb2340ccd8db762

SHA1
2d502f66bbe168cf2cf39a63e9ce1bb3c8c31501

SHA256
7fab114b10036708c41d6e22e84392e10d07c6aa53318447de9e885b428d0c6d

SHA512
d9cbb6ae12599cc8be6a708b815f306cfbe3955f91eb076c2a4f4db1f9f288034ada80915913b89fae3c5990bd6dfb7dc234096945f482229d021a3c33d886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
816B

MD5
e9d8d5d2eea541c310c97b91dc4e2472

SHA1
51666e588a4f840f3c7b6a2a09c219fdec083b34

SHA256
0e0066fa096a637fa48eadeab242410fad8b6fd656fefdcf94d8965fcbcb5f8e

SHA512
655e65aa310361b26341507465864d96c277cb861a5422582eb2f63b0ab7596cd21c7eaabaa41455bc108c44777dfaa91f1e98b3abe9b392965026db5d046348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
d9591332627cc98185147100cc7e51de

SHA1
f51cb949054b24f09db88a5fbc91e5e4c1a9645d

SHA256
8a818d1f082f2b81bcda0c4394604e4562e60b8b226bf593dff95ef272b88cf9

SHA512
ccbaa02eaea7983555c9178199ea9c52cb911c34b7c582fb33bcb651affde4e69fb61c2844c44347c9a62c287ff3ed2010a62dbaa0a493a2cffc494e820b3048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ec21fcb633d1279f7aea03b366cefc0a

SHA1
b256008f140fbcedeee583e1674c9d92cfa73053

SHA256
6f09bb64dcbdac3248c2c98f5c9e97a2bcef94746bf88030c0b23a87fbee7647

SHA512
eb6b241b08f9a1eb69f9b41f8b942e5808395d9ae45f6c55ebc2c0b79c4f81e6ef7693ed3013e5b1ecf30ecb8754aa10d353e3f34f4b97f26a226e3c5f99263d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e86a762db56db303dd54f3a3564e5f07

SHA1
a37fd56a4e6db1567a8c36fcf5ade8b05a17a196

SHA256
ce3351c04aacb58cfe858b4afedf3e190ad4130033d424d8dcf12daa05d66b01

SHA512
dcbf8ea385bb9914bfcf3aec313fc5ec9e983d164804aa9864114eb543440e9cf7cd85ab0e847dcecfaf3e982e377e8ae99da71542845db9367022051d74c008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
33aaf5048ace9807f8017ef870e33a39

SHA1
4e73397703043b237470006138bedb6fbcbd9d2d

SHA256
ad58fabe22214120c25034ad683caa593fc0fdab15a6bd40149029591778b0de

SHA512
c2e8c7108aae66dbb82bab2db81ea5dd05a80834ed71259010671ac3e5b4791315c2daffdfc1ca04f4fc14af0d2926e65f656dc4a2aa5c0e37caedec39743247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
115ae4ef9165295f9c3db696da577524

SHA1
651d92292cc4203156117a659081783806d8f46c

SHA256
20240b4f9d256fec655822e7473ec6c1fa3cbf0eba7f64c344ac70f6be41ae0f

SHA512
228d88d5e9f046085b9103019c816e914c652476fefc0eaa62673e9427240b020bedaa14bc28a70c120abcaa548afd04163865decbbfcf0ccc6c72f2f3b76195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
777d83d42cdaa5fcace49625a91d8536

SHA1
6d01c32ffc6d5f901c726bf18f907e3f14d2e2a4

SHA256
8f045629ce01743f82ec6c9da7fbe7944688a018ce325dd5ae4bf21411e927f1

SHA512
215068b548a7fa34162c08ae996928169346e134df1bae282a02b17bf5f8329d0de258befdaa7b9979706648e5f893c331d557d132556d7d140412425c4865c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
deadce53067408e24cfb807a59f08390

SHA1
1224693232bd7447ce0f276ff971ad3a44f183d5

SHA256
c9cdddb199679e48e006f29ed0708803ed716af05639e24af6ca563880000a06

SHA512
ed35a294ea17837b222c1608193520e5b6e23cf25dc74b10af1016f440c3df8ec60d459da0480ab12a5f3555cf6008dc6f73b2f09c09d03ef3cede51e9904a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
839e09114582ceca4b9ba845539a9f21

SHA1
977d344ee8ada4c967ab4a64b07aa63b0d3a30df

SHA256
39680f6feec2e93a5b89cfa46cbace650f891fead9a43c7071bf2668301b3e9d

SHA512
e11bae97cca557f5b48c16ac3f6edae720a4d7598d3abea073f2e1ce4cf8290caa72f524658264a4b9cdc090e9f965c5bd820c3b3b051e11716dafe1a3f7a37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e70c9f70618f9664ce335200fac9493f

SHA1
584d8d376845997d5615b6cfd184c0030a099030

SHA256
01dc4d788d9e08cd2e5504eb628aed1fa4d2c4c155f4352997dec5ea3ff295ab

SHA512
6ecd090266fc719256a1ff9d24e3f6819ac1e349bf44776fa462977877ae201a597b15d5785cbbb76d8b54cced4e5e2a9b507cf40f47b0e8e9dc56551f22019f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd70146d6fe27a9bb0787473f8522422

SHA1
739fb443a91846db4a2ca5a744c443a7a4256d99

SHA256
da6c48b6d31b1aaba9094681fb4a2496996c5945ff33fd0f13cd7e26b2c43aad

SHA512
24177175e325232f79ae238af02bd8540dffa2272f2c5f425b07bb4abf011e301d6e293db8bac6fa76b25e7cf5d4b58fbe2091261bf8b3f106fd4443d0c84f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
4KB

MD5
9166c4fec3567f965896ed6079e9a2da

SHA1
7ea86cf58f493f5e5dfb4a9c7f93be6b0d667a1b

SHA256
5b71f736e3a383447d5d2e8afb3c39d456b1b7d21e3d10ca22976e2fee2d1ccf

SHA512
8cd2d2f7b064c700cd941b9626297feafb3579a50997bc78fda5be7c2c8b524499698030a8b22a2c5a999d19604a1a2a3718085c5f20c1b0bdb327bf0810fb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
2KB

MD5
d0b93b983b647f9f80c2ff5789808be0

SHA1
78de1b5c04dbc327aebab511c46bea886fd7786a

SHA256
84e9e2184f15e927aadc094c0f4986ba784e90ecf3e9569c82f431d19ca2a43d

SHA512
dacc1ceb81c6b8ea536b1ca7b867e5354589a31350ab28da72edab731cb641fd40c17a61afdc5e20f58be4703e99d6ece09358646c0b3fa93c84f3848e12b26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
3KB

MD5
f80f08a9cc695c9a1ec489be396bc3fa

SHA1
34b2197ff0d8e47373931d677697c6ff308959f1

SHA256
4c31667a92778060e81bfeaa4cb1f1c2200908cbf029fa4a0125504665d4f422

SHA512
539ba9330e4ee0a6e8057378897fd44318b67e2c6007ce4717a2e5357e17a9ce476eaf941a8476dfba431b34a1109b21448a96d36b947962de13cbcd38332d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
195cc9c424cafaae91b51fa7d12b79ae

SHA1
9c3acf269490faa00f1824ebb574d20dc0258f6b

SHA256
d7177dab6d3c06365b10978522fc8c5fc1c30b2e9a564877a365c6dff7bc2f7f

SHA512
067b4bde8864e1a84078dd06c425223cd33942cbf34d1f05292947012e05bcc062bc43e04363f47c2daba8c77096ba918d975e2eb18691fe050c05a4b435dc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a2879.TMP

Filesize
48B

MD5
0fd5686e229ee63a75a81aa1f8764512

SHA1
6dfde5d7c9e6f581e2d09b433fd665345c5cc56a

SHA256
b3f36f22658e2cd619e5a0ab56a26b4b065c794dd2e2e3c91b8c408562d882e5

SHA512
19bf559d35671e35dedeb7edc82ff9feb37a1e391c8518a2bbf38f596ad6ec8b61869cf6ba3f528bfba53549fa24475a92de4ea8e00be7418e65d1a932ade058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
dc4240eab8ba842f878034cec42a979a

SHA1
34f650a10ab88fce66113ab5da8cab959edfeb66

SHA256
07637d5ab5a5a740428dbd9e113623c9c205599fdd9b2d4ec0ec005d7c9752b8

SHA512
8ddbff700153094b968a141ae002dee09b15bbcb481f6c18899bae51be69e8051ab3778e69e3daff9dbe54b299a8af6302852003f678c171fc156af0b6ba8026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
780e11a16491f7b6750cf44a12f1561a

SHA1
e50bacffed443047e05e1c248419789f08df9b20

SHA256
cf48ae60651f82274540403cd1ab69f953cc5949ecbeb79ff891daf3c277cc2d

SHA512
8521a27d47ef5dd52b84e0617494e961e41931391476e956e9e9dbb4846cce95e7704e735c0503cb6ff13cbb6f8d236b54e593bc51e6c848b4d4b209aeb9f6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
edc32f1ddc79e7773239f8447e5f856e

SHA1
44965669bd8f57a1ecd63a01241a496ce1764b17

SHA256
bd996051b26e1f85b95e4522d9ef010a8d39ff7dbfc6b6c41ba9fa7be068bcb3

SHA512
9bdc87e681a67551853bbe9dc0b819ecc3a4a729caff6db1c63ec8e884931bef656004ea4f7ad7bf51160eee01f622ccb0bee8522cbb07ba3c01c7ba696d524e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
587863c8cc9f54b726fe297b84e5beb9

SHA1
b3677ee799735d714654cb2699a5369188e5c6c8

SHA256
f597d07bde1ce37aded4570870f6d6126ac8e025a944fca0c290f9c391213f60

SHA512
bd65e1a92a7e6b132b4366eb7c0ab9f3767f98268ee85e2a010ced5b506f4ae6d39992efc7cfa8e4bb640100379f22bdd7b33b2169378068c8658193bb4292e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a55872d6ca2f965f0a902389d7213fe5

SHA1
7f940b40419292370f837992f465c935f25f16cd

SHA256
d9ac91b762811a4893de0e415e38af811570c40ed8580f910ad9385113e20756

SHA512
385fa881b8d91a6f6dc29bafc9a0acfa3aa50f359e3d07d9bf74237691edd3e6075ec4f194c7412a82f7b3ad0e2fb78258cfc107840c5fa93c53f6ed5d012ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
6d9bceb9ef73f1f91166d38617c21ffc

SHA1
4f9e7acee40c13804f99b4e7ccc823768c9a31e5

SHA256
f345fe9316ac9158f63d624b405626c00b6d43da1991029a457d0cb7393a61f5

SHA512
c69ff04402912f23a6bb92e4b22b5266c538d1aecb29babe7f6720f4a5c9476e946d9da7feb1e3183b36d7c5bc108b294ed5bcc9efddcc7cfa5b60ef683d03ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a568d.TMP

Filesize
537B

MD5
2098085e63a3efd82de3cc94246374d1

SHA1
f4ceb636ed82a4aa09ab5db6dd2917e0ff6b7bc8

SHA256
9207a72ed7ac1421646962e654fcef2c7c8b1353f219660c103e6792c434de6a

SHA512
f3ca32957deaa700768386b79964dfaaf4384aa7b3de9e9c2ad6c3ccaeb9a37402159bdbb9e4b5beaa599f1a96f96b59cfb86a392b6573411d94516046b702d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a6844539e953dfd6446ca49bbbe6893

SHA1
d6f3f68ef73039f44da3c7c467ed5ea462e5547f

SHA256
a2490170c995a74e38034a82f95edd80bbe8038e31fea9d6f85f25d7407b8b4a

SHA512
09fade4b809cd00d75cbd2ed5a169993cbbe4646203b380105b82062e5d8d5250dc581efc683c80aa711e83e9f663ce3f5d6d44f4af5a0de3054d9a6fedcabb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
517786ad3e09b47d93176a4b987d3938

SHA1
fdc2a74b6395ef1d501abf03d83772722a17db85

SHA256
f1765ef3c43791a3e51c4d9490d304feaf189a918c77e170d49ef1fe9fbd6da0

SHA512
5ec3e3b81e4c7d59dbb55d17f5192bbcb3345bcd86a0a717e3baca1f594ee04293e43a329117739bad71f5ad19ef32d4c72c197fa831f29bb2f0bd1b19792a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
3393507c6698a8fa7552b474820fa233

SHA1
bc8e2078156b3b87341a0045eb581ac68f605767

SHA256
870ffdfaec0f76ad2bac52a5c639a34813bf44c37a2c6b52ca582b7a704bbea0

SHA512
e28f41de1271208944f86d06b265aa0ecadc899a53e41705a1f2df06b919b58d9d3d9dc227c3ccf8568e15491ca06135b26b2e9be7968b1512533b2a177998a9

Download Submit
memory/4084-18-0x000000001D1F0000-0x000000001D2FA000-memory.dmp

Filesize
1.0MB

Download
memory/4084-8-0x00007FF989240000-0x00007FF989D02000-memory.dmp

Filesize
10.8MB

Download
memory/4084-10-0x00007FF989240000-0x00007FF989D02000-memory.dmp

Filesize
10.8MB

Download
memory/4084-11-0x000000001CBD0000-0x000000001CC20000-memory.dmp

Filesize
320KB

Download
memory/4084-12-0x000000001CCE0000-0x000000001CD92000-memory.dmp

Filesize
712KB

Download
memory/4084-15-0x000000001CC40000-0x000000001CC52000-memory.dmp

Filesize
72KB

Download
memory/4084-16-0x000000001CCA0000-0x000000001CCDC000-memory.dmp

Filesize
240KB

Download
memory/4084-17-0x00007FF989240000-0x00007FF989D02000-memory.dmp

Filesize
10.8MB

Download
memory/4828-2-0x00007FF989240000-0x00007FF989D02000-memory.dmp

Filesize
10.8MB

Download
memory/4828-9-0x00007FF989240000-0x00007FF989D02000-memory.dmp

Filesize
10.8MB

Download
memory/4828-1-0x0000000000300000-0x0000000000624000-memory.dmp

Filesize
3.1MB

Download
memory/4828-0-0x00007FF989243000-0x00007FF989245000-memory.dmp

Filesize
8KB

Download