ae28b87597a422cb320b95b787a5c2d530aa282fd76d030eb9863e873b993cc2

Analysis

max time kernel
762s
max time network
750s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-01-2025 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f99abbd6fc32710c308a95f1f5d085.png
Size

337KB
MD5

91afd5fc0fe489bfbfec31f4a1762f17
SHA1

fb2d2b6703224e572eda8cc62e81e36f637b58db
SHA256

ae28b87597a422cb320b95b787a5c2d530aa282fd76d030eb9863e873b993cc2
SHA512

c1b9e8843480818f36bb17027abe5f32d38007e5a3a75826f0f59aafeba20b5663c0dd04a08abf83ca863cdbab7f702a573a65e442cf4db6cda87b0eea7bd36c
SSDEEP

6144:J7efzbKqyafuPI7VFR+nj1irwMwGCY3kzNgWQzBeazM8s2au20RvlBqg0:JafiryOElwnY0zNXQzYKMzDu9Lqh

Score

8^/10

microsoft defense_evasion discovery exploit phishing

Malware Config

Signatures

Downloads MZ/PE file

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
6036	icacls.exe
5328	takeown.exe

Executes dropped EXE 6 IoCs

pid	Process
5324	WFDSetup_1.5.6.58.exe
5348	WFDSetup_1.5.6.58.tmp
5144	WiseDeleter.exe
3136	WFDSetup_1.5.6.58.exe
2456	WFDSetup_1.5.6.58.tmp
5756	WiseDeleter.exe

Loads dropped DLL 4 IoCs

pid	Process
5144	WiseDeleter.exe
5144	WiseDeleter.exe
5756	WiseDeleter.exe
5756	WiseDeleter.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5328	takeown.exe
6036	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
119	camo.githubusercontent.com
102	camo.githubusercontent.com

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-C9QAC.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-7FR85.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-TP4V1.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-A2A6N.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-UK05H.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-50B2R.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-AIQS7.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-3G3CI.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-URT4K.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-S2R4K.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-MORRI.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\unins000.msg	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-VEATN.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\is-60C2Q.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-32QMN.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-AHORF.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-LK9D0.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-IKJVV.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-46UIS.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-IRURF.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-5PIE2.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-1F41K.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-VRFBO.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-4U5VN.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-3BI22.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-BMJ7I.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-5EJIF.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-LD93R.tmp	WFDSetup_1.5.6.58.tmp
File opened for modification	C:\Program Files (x86)\Wise\Wise Force Deleter\unins000.dat	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-VBQ6H.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-3VRGH.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-R59JU.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-U83VT.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-NA7JG.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-LT4I5.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\is-NFHLA.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-PHD91.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-FCLHO.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-L6134.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-3RSCL.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-6BN3K.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\is-TVUPJ.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-KDDVL.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\is-9C08I.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-UD7KG.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-004H3.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-HMASR.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-45TI9.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-H8PS5.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-3M7HB.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-B48FO.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-V2QN7.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-0CUVU.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-JTTH7.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-TVTHN.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-5Q43J.tmp	WFDSetup_1.5.6.58.tmp
File opened for modification	C:\Program Files (x86)\Wise\Wise Force Deleter\unins000.dat	WFDSetup_1.5.6.58.tmp
File opened for modification	C:\Program Files (x86)\Wise\Wise Force Deleter\DManager.dll	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-48ACJ.tmp	WFDSetup_1.5.6.58.tmp
File opened for modification	C:\Program Files (x86)\Wise\Wise Force Deleter\DManager.dll	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-VJHKA.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-OIMRM.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\Languages\is-U7CA5.tmp	WFDSetup_1.5.6.58.tmp
File created	C:\Program Files (x86)\Wise\Wise Force Deleter\is-PM5U0.tmp	WFDSetup_1.5.6.58.tmp

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\WiseDelfile64.sys	WiseDeleter.exe
File opened for modification	C:\Windows\WiseDelfile64.sys	WiseDeleter.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WFDSetup_1.5.6.58.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseDeleter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AMIDEWIN.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WiseDeleter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WFDSetup_1.5.6.58.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WFDSetup_1.5.6.58.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WFDSetup_1.5.6.58.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\.md	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	WiseDeleter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg	WiseDeleter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\Command	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	WiseDeleter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\딭Ჟᙩ谀N\ = "md_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	WiseDeleter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete	WFDSetup_1.5.6.58.tmp
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	WiseDeleter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	WiseDeleter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\command\ = "C:\\Program Files (x86)\\Wise\\Wise Force Deleter\\WiseDeleter.exe \"%1\""	WFDSetup_1.5.6.58.tmp
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	WiseDeleter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType = "Documents"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0	WiseDeleter.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete	WFDSetup_1.5.6.58.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\md_auto_file\shell\edit\ = "@C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Office16\\oregres.dll,-1"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\ = "Force delete"	WFDSetup_1.5.6.58.tmp
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202	WiseDeleter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 6c003100000000004759836110004f4e454e4f547e310000540009000400efbe47598361255a50672e0000005d9f0200000001000000000000000000000000000000a7fcb7004f006e0065004e006f007400650020004e006f007400650062006f006f006b007300000018000000	WiseDeleter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "19"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\ComDlg	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	WiseDeleter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Downloads"	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\md_auto_file\shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202	WiseDeleter.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17	WiseDeleter.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\WForceDelete\ = "Force delete"	WFDSetup_1.5.6.58.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	WiseDeleter.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 206557.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Windows-Spoofer-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4972	Winword.exe
4972	Winword.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
3544	msedge.exe
3544	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
4676	chrome.exe
4676	chrome.exe
2484	msedge.exe
2484	msedge.exe
2828	msedge.exe
2828	msedge.exe
2652	msedge.exe
2652	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
3776	msedge.exe
3776	msedge.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
2520	msedge.exe
2520	msedge.exe
3308	msedge.exe
3308	msedge.exe
3188	msedge.exe
3188	msedge.exe
1684	identity_helper.exe
1684	identity_helper.exe
5644	msedge.exe
5644	msedge.exe
5348	WFDSetup_1.5.6.58.tmp
5348	WFDSetup_1.5.6.58.tmp
5420	msedge.exe
5420	msedge.exe
5136	msedge.exe
5136	msedge.exe
3708	msedge.exe
3708	msedge.exe
2456	WFDSetup_1.5.6.58.tmp
2456	WFDSetup_1.5.6.58.tmp
5268	msedge.exe
5268	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3168	OpenWith.exe
5144	WiseDeleter.exe
5756	WiseDeleter.exe

Suspicious behavior: LoadsDriver 13 IoCs

pid	Process
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeShutdownPrivilege	4676	chrome.exe
Token: SeCreatePagefilePrivilege	4676	chrome.exe
Token: SeDebugPrivilege	2836	taskmgr.exe
Token: SeSystemProfilePrivilege	2836	taskmgr.exe
Token: SeCreateGlobalPrivilege	2836	taskmgr.exe
Token: 33	2836	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2836	taskmgr.exe
Token: SeDebugPrivilege	4276	taskmgr.exe
Token: SeSystemProfilePrivilege	4276	taskmgr.exe
Token: SeCreateGlobalPrivilege	4276	taskmgr.exe
Token: 33	4276	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4276	taskmgr.exe
Token: SeDebugPrivilege	5756	WiseDeleter.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
4676	chrome.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe
2836	taskmgr.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
2636	MiniSearchHost.exe
2120	AMIDEWINx64.EXE
5076	DMIEDIT.EXE
3372	DMIEDIT.EXE
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
3168	OpenWith.exe
4972	Winword.exe
4972	Winword.exe
4972	Winword.exe
4972	Winword.exe
4972	Winword.exe
4972	Winword.exe
5144	WiseDeleter.exe
5144	WiseDeleter.exe
5144	WiseDeleter.exe
5756	WiseDeleter.exe
5756	WiseDeleter.exe
5568	SystemSettingsAdminFlows.exe
5832	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 4956	3544	msedge.exe	81
PID 3544 wrote to memory of 4956	3544	msedge.exe	81
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 2820	3544	msedge.exe	82
PID 3544 wrote to memory of 4224	3544	msedge.exe	83
PID 3544 wrote to memory of 4224	3544	msedge.exe	83
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84
PID 3544 wrote to memory of 3328	3544	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\c1f99abbd6fc32710c308a95f1f5d085.png
1⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94d773cb8,0x7ff94d773cc8,0x7ff94d773cd8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11488659100352369402,13981721262952552626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94a02cc40,0x7ff94a02cc4c,0x7ff94a02cc58
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3228,i,16932051903355784124,5913293006616763710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2632

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff94d773cb8,0x7ff94d773cc8,0x7ff94d773cd8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1560 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,5698033809880663330,14399503500871060450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
1⤵
PID:5084

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3104

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE"
1⤵
- System Location Discovery: System Language Discovery
PID:2984

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE"
1⤵
PID:1704

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWINx64.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWINx64.EXE"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\DMIEDIT.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\DMIEDIT.EXE"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\DMIEDIT.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\DMIEDIT.EXE"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3168
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:4972

C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE
"C:\Users\Admin\Downloads\Windows-Spoofer-main\Windows-Spoofer-main\GRINX64v2\AMIDEWIN.EXE"
1⤵
PID:3448

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94d773cb8,0x7ff94d773cc8,0x7ff94d773cd8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,1438233195244223936,3229931672252956766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe
"C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5324
- C:\Users\Admin\AppData\Local\Temp\is-PC62S.tmp\WFDSetup_1.5.6.58.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PC62S.tmp\WFDSetup_1.5.6.58.tmp" /SL5="$804C8,3100428,148480,C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wisecleaner.com/thanks-for-choosing-WiseForceDeleter.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:5136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff94d773cb8,0x7ff94d773cc8,0x7ff94d773cd8
      4⤵
      PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
      4⤵
      PID:5412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
      4⤵
      PID:6104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
      4⤵
      PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
      4⤵
      PID:4248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15324849964271763256,18158239160304208662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:1872
- - C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
    "C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5144
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c takeown /F C:\Users\Admin\Documents\OneNote Notebooks\* /R /A /D Y
      4⤵
      System Location Discovery: System Language Discovery
      PID:3188
    - - C:\Windows\SysWOW64\takeown.exe
        
        takeown /F C:\Users\Admin\Documents\OneNote Notebooks\* /R /A /D Y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:5328
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c icacls C:\Users\Admin\Documents\OneNote Notebooks\*.* /T /grant administrators:F
      4⤵
      System Location Discovery: System Language Discovery
      PID:5924
    - - C:\Windows\SysWOW64\icacls.exe
        
        icacls C:\Users\Admin\Documents\OneNote Notebooks\*.* /T /grant administrators:F
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:6036
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c RD /S /Q "\\?\C:\Users\Admin\Documents\OneNote Notebooks"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\430920f96ce7483f8c3f2036ed47dacc /t 2632 /p 5144
1⤵
PID:172

C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe
"C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3136
- C:\Users\Admin\AppData\Local\Temp\is-0Q8MK.tmp\WFDSetup_1.5.6.58.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0Q8MK.tmp\WFDSetup_1.5.6.58.tmp" /SL5="$E03B6,3100428,148480,C:\Users\Admin\Downloads\WFDSetup_1.5.6.58.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wisecleaner.com/thanks-for-choosing-WiseForceDeleter.html
    3⤵
    - Enumerates system info in registry
    PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94d773cb8,0x7ff94d773cc8,0x7ff94d773cd8
      4⤵
      PID:3600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1392 /prefetch:2
      4⤵
      PID:5240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
      4⤵
      PID:5800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:5124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
      4⤵
      PID:5692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
      4⤵
      PID:3572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
      4⤵
      PID:1436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8450838626716330323,18239021133116043988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
      4⤵
      PID:4360
- - C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe
    "C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:3840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:2012

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RemoveDevice 676 344 123 32 {1fb3ae55-e092-5d10-beb9-edb22a4ff6e9}
1⤵
- Suspicious use of SetWindowsHookEx
PID:5568

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RemoveDevice 676 215 123 32 {7a69b59c-101a-5224-bfe8-53024662a48d}
1⤵
- Suspicious use of SetWindowsHookEx
PID:5832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Wise\Wise Force Deleter\WiseDeleter.exe

Filesize
8.7MB

MD5
17534ab01db7d7a868d49c1c8926bbdf

SHA1
1fed0ad387ea8095be4263b26e33eb0a756cf031

SHA256
ff3591af14655e8b424dc00d96e32166ab92941fcab0f6246b0c5dda01ca3992

SHA512
a01e6c6ad1a86eabbbd604643a5413dc91c3ca9c329802669d640b846974084d7273760355f962767e45d0dafe13a4ae4c1e3c8317b5dcb7f491b8c08cc25e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5eb03f98db03f00dba9b5adad5cbc309

SHA1
e9e7a9f4b9db9c377de4e222d6a985c8fb2097e2

SHA256
abe233819ffbd669df5beb8685662013638dd4e09733e6a6a8a035f9a7354f19

SHA512
e039e814959daa470bf2f265045ce1fce2e2aabcf471d7070a40a05249f4147ec89ebbb74547c9b4e3475a8cd9731bb1a313c94d4e0c40a18fe3c6f1e2381cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
229eb2d97f89e0aa1c609f01b00623ad

SHA1
f86b57ce6e00d7d5ad9ba728bfbdfc111eee8bf5

SHA256
f6228c82cdc79b2cd6f9fc5c28f772e6130a932152e6b6b306f1958c973b121b

SHA512
486291fbd22bd4d74f42859b95166a430f94b7eeaabcd84096863094d9ac63699e8c8f754710e03b7846902fbcdcaa9cf83aa9f3d698c2c73d8ff472a5424d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4583e7b290490bcbe75662e553bca697

SHA1
346728b2f15cee2d1fb336d5ca7e8fd82e5d3e21

SHA256
bbd9a9a3870fde67074275a5d6fd3a896bcfb27eafe5795c8d88efa4a5be9f27

SHA512
086c972f35958410bd3727c9e44e30c6725341dd0d6496a592c15d978059e479345227c79123b6a7ecae8c687b4a138e1e303d37d24e1c4e1f79c2939a543bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\98f7f17d-0a9c-4952-961b-287d2508337d.tmp

Filesize
11KB

MD5
95dfed9306a2db7db2b880d63c0de663

SHA1
b1c301aa3773e64a0bab2b54f9619c761a5e8600

SHA256
82bdaa3845249ee6f26d7de5da39edcfaf9c62e755531e9f57ad364ba3d03ee1

SHA512
421cd40e59298cf26c324992d625d33a7bf505aaaa2cd72add760c350bc86e3e0990294fe8ee96a03f403881c3fd63d0f3cb14a0bd26e5aff7c35b4ec5a79f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6094a9ba809c8bb80a6f32704235ea4c

SHA1
4f78443bd772b69a5acf5c66e4791f795b6821e3

SHA256
8fc19fcfa52ff315a2d4156d2e44ddec9e00f68cbf683d807e273af0a3b63edd

SHA512
653a8b06922cee0c5a54359c876034c889036799598258424bfe1cae0e0e6a2742e337364e048f393e7b330c4507705ac46bd70e4abfdbd3c990549e486dcfb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
962a1d4dbdbed73a20b53bf3dc4c9200

SHA1
c1aa568f4e93c670f6f2b8af38dd6f55aa6fcf43

SHA256
41e198abce005d5d69b4afae68fa5625123c5f73e1e646af3fd1c0431a768f42

SHA512
fed7050acc4f9c27b4d160e67db19816ac3e2e36fb8406861fb8987cac24ae87e53fcd57acef529354598d1f596b49862b87b018d1d999017fdf68694f55e544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c431baef03c0283ce4062452b9b34f94

SHA1
292d85d41f3941f9e804fbb369b7812881db9c3c

SHA256
1173cf1abe572506420f883854251d58b6b56be62b9d3b9d37e5494da1436044

SHA512
37393f2effa6f2a95581defaea02c28b9d16b099a4277a9d8c038b758ba1dc10a834ba07f30ff92ee51b3c2076171d3478e7b711682f82e343b889d525977dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3d847378d65f135edbb000429172ba1

SHA1
f3ec3f72fe676df36a2161a692d352fe93ae6f23

SHA256
822ff8a4fb672b3ff6d993c7e474c080def7d90c15f29d32b729d48bf2a8082e

SHA512
860085d0cdaf753ce82ab308d7eee266536ab280267b83192161b2a6334fb029695cdfaa1e919c35e48f98e37bc5947c4809970bb2c46b77f35dc5af48718880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81bb1a727cbf56e80a19587e57fbbbba

SHA1
4edd0f1d8259f5c72b9cf38b8f740ce3272e2b6c

SHA256
17e3bc382e0c64ff1b67515d88b832ec9213063dffb17ee33ab1305a9f1d0b4f

SHA512
78b9936137034f4a2b7235e73848ab970614626061b0cb3d3953442637739874ce6839b9f3601d78f3e01f00e944846aa413fcd3b7dc9a9841aba20ad87684f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\062183f0-0456-455b-a347-eb74a26d8256.tmp

Filesize
5KB

MD5
6721a7f148227b1b6ebdd7d30f68ec8c

SHA1
a6a9fd7b86c0593ab862c0f102ff26e826a7d83c

SHA256
b20c9ec7f39cc09058fd7159a5b0a1356d9aeac1a8da94dd905867a586c1b92f

SHA512
41fdd642813c29928ae79dadcf4570bf4f09f4a540114cc624340edc859ec4587a54f336d963a5569b87b2bdbdc1b472f92d3d67f4f2ce7498e649097666e21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\081a90c3-7a56-4f63-9c8e-699f83dc0a4a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\22ed15d6-8199-45a9-ac5b-61d2b1c5bb96.tmp

Filesize
3KB

MD5
c2496efd6cdd790e13924667ea670e61

SHA1
34dd94003fdb92936ce5df6a59aa13bf50e83cd8

SHA256
596e2781d37820dffb2120b2adecbf357f61d110610de61c6976e9ec6e3ea4ad

SHA512
370166956d71ee82058dcdcb95553fed5b213ede68e16f5a043128ebcf7ade07558b1058063d3da995e29da2c655737d5c37e6df621ab7501b09b021590dd6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
2bbb6e1cbade9a534747c3b0ddf11e21

SHA1
a0a1190787109ae5b6f97907584ee64183ac7dd5

SHA256
5694ef0044eb39fe4f79055ec5cab35c6a36a45b0f044d7e60f892e9e36430c9

SHA512
3cb1c25a43156199d632f87569d30a4b6db9827906a2312e07aa6f79bb8475a115481aa0ff6d8e68199d035c437163c7e876d76db8c317d8bdf07f6a770668f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
3.5MB

MD5
e5e1087e206ca63fe54c408fe38cfcf8

SHA1
96b5efa6f96e38e889b7c7474c62d7fe72c7f946

SHA256
9052dfd0e29f50f064ad6f8e5a4e78f324659f932af5d13c97e0f127e3516e16

SHA512
9f53f34a0bf6fe512331aaa09bade3ae4ddbd9dfdd608627801e094965dc01f5bd6c0b475bce452cf559b8411535cff9f37423e29f9da5acf6198bfeca039efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
d08eb3d86cf8ccc537eb80d02915ab85

SHA1
229df433be3c5f7a660f40eed3fb8f087b9f8081

SHA256
2cf6d72ba2b538db1c35805841a7497b05846ef8cbef960d91fb45846f59ad04

SHA512
72cb458c10cc75f39bb3a60b89e5da7243cc885552aa5facc2ccf030e23ee53f31ca3dfa1ba34415c04b24203e4f0c7415e46fca96f2f304d859447fed2e56ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
499d957b8014091f2deb8d4551f7210e

SHA1
ac133e2ac88777f5529f36c65491e69ad585d34d

SHA256
e4635c3fda522a65f5b4f234cc852af4f637014d67118e8b22e405b9aac62f87

SHA512
c870022db1cbe829618367a1c60dee869184555ac8f8f58bd95d5bd9b0d80ec084efd7e9010a62c423eb7887a7d6405ba67be63491535d9c796ee9141f469add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
fb85deafeddc11e604fb7e17c0e95731

SHA1
c64d22781afa421af7c1fd1c46d89d443439db5b

SHA256
97f7f4259151843a9c24d520803bb0ffdff13e78563d9a3178c2581551307817

SHA512
ee79b36ed5d1fc14138834370586f3b5bbcc52f18651c5f0f5bfe6457ecfab8501320ee29b9780d5b6ab160c0e843a9df3b56083c42b7896a996353700c9f395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
2KB

MD5
407659da47789fe331dc35104489f868

SHA1
1df2430338e2b218cda13531c5b43208b49f25bf

SHA256
2c41501fa8a5656a896fdc81f2990100a868ba527627b33c0766126ae5a2ec8f

SHA512
83015a8485e146d946c3d7925fc04a5a3482b8f50cc427444149e6399107102ba0f56451b2acbc8a9cf71f3687516bf9b0728fb994b95b4d218855a5309cae7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
f33ac22d3ef3d96becda09d540b199f7

SHA1
0ef6260ac00888b6c8ddc21463b73b54765bdf23

SHA256
f7844ec30cd45adca270fa80b2654d81676b36b6dcbfa8f746d1e9a8122e2241

SHA512
b4b2fba4508f042a5a66f52366f0db7709fab79bc2b646308d1015373fd2197ddf1d5d869d8eea590be710e4351e3bc642729d7ff88263ec1844f3d9cee0a463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
74d3c829d0ec589f2f1837cf21be9053

SHA1
5edd7717fbc0e1d50fce5c22d2ad796a9afbe380

SHA256
4446039fe9441389d4eb889e3142010b6f5679d8fd08ac9a271d4317f69bbb66

SHA512
6a71096899648871a3e1879d7b53493533b76900ee8911d267adca55438410df2202e04710eb09c969ed72bb2d134c878b3854fe0266a830559146b145cf8604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
048852e1449da48f6e9a79e6d56ebb18

SHA1
ad5a7aecabd11647100e486f8c4c7d16da54eda7

SHA256
3360885e40855536c13ad49e12e3f09208f9318868bd182498549a2b4c277c5a

SHA512
dc111c983339072822ebeb7648a6a6906204645ca31a5f3b379ca1e206589f0a1a5c4061eb052d32c3aa9d0d09958304bc4f99dbff0d79d4c660e8148594b58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
651a226b2382274e156192d3aebf71e7

SHA1
fa0759e8d38edebf4367df5604afeec1703d0818

SHA256
f72356cef025742ad058f6f903cf6117851911c05158d3fe2d7619a4005eb4b8

SHA512
c528eb04c87cbb555e681fcfbca1d9c307279f8a055b23a914f6862835271340d4d1f83119f9a254ca1f8dd5655fad1cf9f1cef3a70aa46f6fdc9d22755a6527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
d80bf3bc2b2c5c8eb7376eef687b6b09

SHA1
8ecf44de7d39e1d18f342d4e0b759f28ee750412

SHA256
c30eca6ab5be9c92a2838ab4214a2b991d27ab399b65e200cb52d1ea726c20f5

SHA512
5f3318aa23f8580854f65e9838bba2e1cc4c01885e242fe7f6b106d2c9657bd3b7ffbfb89f80634b06cb29c28f1d642e0b29e256f940ecb1b66796c8e65da2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
e8317a490819164aa3cb3598d0093ee4

SHA1
c31b0508a0bbdf9c60c52b2592994ba6a944cc7b

SHA256
7906d312295bd12092f5a5911dae9f0af1ca7c9f95fd9ab4af6f86f67020c869

SHA512
c52c3b5c25dc64d4523bbf666d3e334257ce1ed9e2bb92284cea1bd272d563b2cbc08ce0689a644025c9cefafde84ef9ba4ed1f000331db03f3031adf2cc444a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
49d0a7c9a7c56b2d8a7486f3dfce4ece

SHA1
11d4a351bac1485c327d19760115bee0463fcadf

SHA256
43a7c857c6f5a683d0a1daefc758625c32a990bec6d151116d0250545d5b2c92

SHA512
802d9ce34d87ff14d08a581a58589b6cfb5b31c6d2249c13537d351b6236bfacddfc16f2e268a833b6493d097efd0f4fef84d6274427305bcfb6c60b62006371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab38c7b2c8042af4_0

Filesize
14KB

MD5
f21bd9f1b295841df546a4e7305fc0e9

SHA1
61ade1b3b64da478015f387dec63d305821c9b7b

SHA256
d7d7b80f6fc593577461886634b7dbc48a1373e2a605e400a84c9f0f717d2085

SHA512
730100b185ec10ad8f89659cf497820bef86a75dd166f791b3ab52a563fee116079d06ab7a7c82ed242d5ac93a3a96753af0f061c7d0cf6af3ff9f4078151b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
f119bd1030aa7c0e439d315d1c865eb6

SHA1
9e546655f699a72a7f5ace09bb399c124c488e50

SHA256
81b2013f75eac35fbb2f2e38a22c72638d9ddbe711370f85a5bb0e8b66af6e2b

SHA512
d89924acbcb065a51bc07391bf81951e59322d5194e3a0ec899bdd879f4c6302982c744ea72758515244719d3a05bd6acee24146870e4dd94841b398d80cd9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
866f0dc4aaa091717ff2d62b4ecc1bf2

SHA1
7dc9e00915583140daabbc24f9eb8d46a8e5c713

SHA256
517b5f08d90f3c7b6a992aa811718ca3808b76152aaa5ff40bc5fde1d792cf46

SHA512
99f0ae08fe4ae59a006780dcd038bfb28cf3a5453ed8f641db5b0c6bbab52e9f4ae280b25d29ba937d13246ececada535da8e613dcd42b657ec73f143e93be2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
56acbe67d700d05152652d5c12b0581d

SHA1
a872e100d6dab0fcae26b524a3f53c7176af34cd

SHA256
307308cd19edfd38d556f6c634cc519f8f00fe9c44cf082b0ec106cbd5a31641

SHA512
5ea0792469786f5f33a8a1e0872f79a41dc3048032f36f87686cc1f98114a012232eeb4a09e1fb98023cb3a3f5bd3c870902cafddbc9eee342c8e7b43c79374f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
5caf555b171bd5a965f91e203b28b256

SHA1
ea57824b0ab8a7f5dc0e4a32169dd3ee1912630b

SHA256
5a002d00fb929696011a03b551be1cd0bacb2795a578e35aeb1811d11aeacac5

SHA512
0cc4bcdd6d7871649c0822cd36270e79713bf8761408e65ffe7a7d87da106f2ce4f18e5aa03868eb1f9c63c61733adc74d47fd52f0470c51d8412caa8d87527d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
af1e6d696109fd5e2391df2e7904fd57

SHA1
06348a282abf4a4b81eabd1276db4c86dd7ac5d0

SHA256
2ca4d1f4c52bc3c3c132eaca74316488be15abb75b0fabc86c0cd84a7ef8ec74

SHA512
4bc154f8f86219894de5fa3e7cb1625887b0cb1b2999a12dcc590e68683a486dc771a109976959d9e404988903f46b42375534b9a8bfdcad62f36ed280390914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
6f4bef9e26011e35aa5481fc9375ea79

SHA1
a50ab9e87f633de15c5f50f4d8440d56a711513e

SHA256
b37e99a92eda76ab27811bc447ba7d0c5fcd13f603602435097a4ddff728f998

SHA512
3e6df87bb024b039ee6142d9fef3eb15ccc076f320ad687dc414ea372295d64966141109d0a4fe2ad0f95e66909364c0df1a5882fef48de5ea1f0a94e2fd8a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
32ac8dfca46196eefb43ef55e83f8a19

SHA1
b89ca6fc137bc5cb9e44857901d0b3d5e2307023

SHA256
74e85ec7afa3583bed8dae854beb960665b2cc47cff20ab6fa5d7f7ad4b1edca

SHA512
b14c300111f9d94a00c1a93fe5fc011b9368aa428ddaee20d204ef963ee02b3ed34b686ab0baae8755d188d69422552bbe131f785588bafe6f19f90ef8abe59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
104621906273e882fc33bcf6044a95b0

SHA1
53566f217ebf64b15339d04165c97b166c8e6e56

SHA256
653b7ae840c1398fc246d148994b70738d79ea3ea6dd549bba90078e665caaad

SHA512
9579f46bf162c32cde056f89cb8e50d44bd1b5abd6ffee6f68431ad22619bb507a2a9d8424057393ab52d53b20bcebe926e0f810881ee4c44d31703972960e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
b83c66c5b4583ecbdd44c764e860261e

SHA1
77057e4c0dbb3ff3763c70c5755427999eba9682

SHA256
23c2179142edebffc118f2bb56b4550bee3f0b3f1e56f9ed06a5b8eddfc72c4b

SHA512
da6f49bc40d0949254e24ebfad4ba76c00d832aec8fbad28f7cb1321d00679c672c0c8b8b7fd63f4174cf58c48e6b7fea7a3c9aea31072f46f3d21bfe898b8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
63a286d2641ee77e6a270953dd6e7eb2

SHA1
834aa8b1cc7eea231fa1054bd70991638a99d313

SHA256
ede9bbfc6e5e8449bcd9a74b3168679cc61d40831df18fe007a3221efd0284ce

SHA512
cdf7e346767797a16e76eac7681b7e576d2cd13bac1726fc2824f615ad8cb43c7822d0344462b8ac4bd9b12400f751adb98c318bde472fc18f66383435295fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
95e9a7f05f4364e1f2a5ee0ee57a3f64

SHA1
8f1afb6e9ac81cb8ee89da4d837791c6c8003e22

SHA256
ea22abf3e5938d9e2743e025e630f1f8dabcc164b4ddea2be2eaad828b4df54f

SHA512
8081232fd43c5e735b343280474f5cce37618559cc614000b251f0b5126aee9c31e0a9703ced8b68b3bafb6d226e72f00c0fd982fb311b2f263d050dc12b3383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
75aeeacd4b49b37c2a7b1e923d78f7fe

SHA1
1593a6b0b2824defe9057bbe16c33f8b9d952836

SHA256
ebf83bbd432390555bad30832f5c9a8c4604e3f5daf7d59f9c1d85e80e86c11d

SHA512
8899f074d409e1418eafce2df0d72a8c7ecc55ae7960e2c01e320682835ca9faddf538a3a2f24ee39750ad0ff560fe615e769c12f41dd3b467e3fae37bf70fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e4a2a5404b96f9eeadb29f85ac46adc4

SHA1
9987ce62ce7278cf632650c60a08b737e2f990f6

SHA256
c39ffcb5f07e6077c3b7a9ca30bbe4b38220238d4a66aa3044c701d4c9512223

SHA512
ad9cbb19945fd3d5058039ca3bc6e667bc40a047e5de58b9518e94fc655452e3c9e304ca046a0638a76920180ba439bef2ece56c585d773deff48229e00f6511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
5c17ab5e5bd8eab2e278ca68453648a1

SHA1
40308be6dc0041649ab08b36d781d84b7a169bdd

SHA256
8ab144066e9061ac951ca072c27085d2db3e51f1c56c0340d4ee97436c70d450

SHA512
1efef28ce96a0eee364e95a3ee67942940f15c304cf4473f2ebbffb50d8d4f6f0cee624128b98b0d18ab463b4c22e7fb1f7d0bd161c36e711f6535a529df9a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
a26761e577894721eb576eceec7bbafa

SHA1
06536f42eecbf3f444013a18c38b12b5b6e4fdbd

SHA256
6a1a3c077b5e2751889fe77756d71e40cbab0706fd6dd0e340ee549a1bd8c677

SHA512
c647fb97363f25efacf58dcad108e3f8e38988a477921493d35c19a745ca05adef6903f04a58acf4099f23974e532606ad03e56936f5450965abb965e02e68b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\49839653-882f-4bf4-a44f-4a5292218f62.tmp

Filesize
25KB

MD5
613acfd16c7225cffcb305c24b547a27

SHA1
b235812cfcec17f148b4fb1385454a573adbbc1d

SHA256
2fab0c43f0e165a3504e9145ab6e5d945e9fde3b722b8aeae10883ee78635406

SHA512
f3b68485123b8e17430ef463e26af7f20fe4ca53c47494b2b9cd2ca7f9776cbacdb340e0924f082c5b5c069ffaed011bd1b0ed35bda4db0d4df5242de8efbea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f48a7dd5f94a0fa7a2c44b3ba983de88

SHA1
978184aee82661295469a214ad595bbd3428f0b0

SHA256
24f560ed5483476f8a28888906db844c815741466dbe882f42c32fba926f676b

SHA512
464a9f3078aed1cfd01ad58d5fdc01e40b5a1b92a8061d6381db427391fc0ea540bc14f3d92efc6180a1f26fefba19ffdb1328c3c44063e89ae0878447ad27f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
51842dadf0eb2c3a44a935863e72ba96

SHA1
fb4c8636e66a995f05feb9ed5d8d1264182c2b14

SHA256
e7a1fa733eef5141d28206ccbd22d6bed2a70ced8ea13063b26c2beead8d01b5

SHA512
9a1badfe1c861d318a35a473d493d480e4da994e0a921580685d9f909eb3a0a0dc7ad31809d81c4f7a41673be94db83a0d5d3b5d6f050fd2bf04cfb6575d64f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
921B

MD5
53aca8d1f457bbe88c89118aced25bc4

SHA1
7894845f0642770e7c15adb28a633b246c4bea51

SHA256
483bb78c826c59ad2b70e7898044dd59daeb8abb49be1c443112c1549e3cc8a1

SHA512
d95d614e3db425ce51f7e5a3cd2a83c2e8442888c61abcac9d687324187297ba8d84a40eeb5d8fbd24dbbdee10743fe81fb43ba2e0b379234e41a42c29c511ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2cc1a5dff2ec5fbc19674ed333de58d9

SHA1
c2554c56011175b7408ac9148414ad3e80661fd0

SHA256
99e68456f138e7f8152e11d66c77ab0ada26e8ee970d7e941a0b2428417c2391

SHA512
0ddb720b3c42b37e003575271e9250066d54171df8cc9cef192cfbfcabf15d1d15b160a76bfc3e727f4217fb1f11b7f72ada147ae455cd0f3adec61934fea23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
631B

MD5
9c4c96b664b48db8386a2d4a5d658ffb

SHA1
a122b1da3e75f33c88af25f8d15f93cf1319903c

SHA256
6185eae4f372b936701aade7870a6e86203a7927f370db285d5323fd7bfb9561

SHA512
12906f45a1052cddb59823ae8e9976c5ceced8f129cd3ea1d33ca7892e46d323e7f5c02fb493058896d2e5054e2b9722f5121f9ac73f3b0e112afbbdb6fbb6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c6c2490128b5514fb323e1bb434ab145

SHA1
40cd4f748a1f6a1631c5aafe614ce1cba284fa52

SHA256
8083c003953f64c861c388715c21bce23315a8b3b60d4256466ca53476844712

SHA512
b9d200a3df5ffedfdaf8c0af2ff23a6da9cd25e230e1e46ef0f30494a6d3094fc65a258fe0b44ef8bdeabe7c97bd30df0c65d5e8c8cc2035d47b1d6433987207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f82b1142806be542ca147d7fbb3b79e7

SHA1
54503e664ebf2be62e3fc4e793af22eceb661203

SHA256
bb121445b6f585c23a5d823a11d5e806ae9c2246473937585dc14ffa5b78a700

SHA512
ee51ce63c02ed36aeb8a672bc2b6b7132405a7511d50b2ac946e1f73dc32cbfc109fe0db716e17f2fd39469ec651fee41a3d2ae110424f5fff144f27ac42bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fd0353085936e688808d0f7dd6f3423

SHA1
ccf1d4fb8f9a7377f084b2dfb5784093068b46d6

SHA256
4cf9bc8a42ca24ec24af47b91cda1e0aab835c657e9eacb8ceabcb91662e79c8

SHA512
1a8056991783a1071f4c41f6fd84644cdd2d269abf9d16e1b92bbbbe58831b62c605386a1a15e71cb5c75e6eb693bc21608003d04eca3b08070a6f4c6af37b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad3c3d364908b75f65ba035c7a3c34a2

SHA1
b01ddb2477602dc6e167e7873ac584abb8ff1c67

SHA256
a3006cf48a96becff100620a4d31fab71025136b376de8d47b10ffb57f2a98c7

SHA512
7405a12dde216ec46bcdc0c0b34735274edf2bdb1fdb58500266c04548bf47dc860372b0dafc5aa1b025de407e49abced0313d1dfa9fa8cc57e55022a37bec3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9d5ee82334899015cbb70130e4ef6a2

SHA1
815f9d8ea5e796f1a2700c2118ca6182d4fe908b

SHA256
1e8ccdc214de0d92abfd1a24110f035fbc6a342605ba2265715cb7c8ec2183b2

SHA512
74a3106338eca71fca154385ee1ad1c0a6d6bb1b55df6f7fe3b470e1101dcf6b085a2a9f975b165fafd312d5053b59628109ce9be7dd80c2928dc695b9092313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fc49a827c04634919e659af74a35cbc

SHA1
bc974f11c0b3c82bb1b56ca487394ef925c8c325

SHA256
cc68aea1564d17112deac920e7ffa8cc1b8fd252a54e493d4b95319fbaecec1e

SHA512
ea9063748ade086af70485d47cb5257de633ead6be2b086ddc85003b263edadd831c4242bc5b69f6d2acc628a3a5c4bb540ea7c96799bd05b7d25ee614c5244e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4280c459475d69116c3035b38cd58285

SHA1
d4d01909f61802ad44092123ece2d1a9c66c20aa

SHA256
b13eaf36d68924a0c5ea92fe310db32fc6a01b967848a4a15a4478c6993024e9

SHA512
b404ddae0cb321a1c0b8c82711161db3ad0db0ac54a7f6e78ed0c394501ed227563e28f5a68e1c0d469038e2421a33f18883cd5af8e9db9006aeb8c28d63f936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f70b2cd58f3921f478929080cca25db

SHA1
5928cea44b85b4989cc3a30e5f9f317f26348fe8

SHA256
5b27f0c182d40c0acfbeff1c863f780897b3afa2b59967de14ae4ee12a536f85

SHA512
aa1ec236dab9136aa8c18cee917720600c432757fbb45deb2ad1f3c6381efdb626ce372827be03b317b0ec3df5385a31efcab5c1879ec107c9d3afb9178cb826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60107f482776ab6c27f87c6aed533101

SHA1
66ff0fb00af8aa3350672a1b91a862dceb3335dd

SHA256
91d17856dbd970810427ff9fab8ca0de535a8d2e319e6ec12a541ded3f63aab0

SHA512
44a2aad7af313e3ba167723464009f5af6f09b14375fe4f5ed1d38a08489c32b0fc020f01e3c88589b515cf44c2e8f0bbb00ed9d548063f16ebef390e316c626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8534a8fa98455082b86fd8177cc2cbf

SHA1
ff2a5769a08364590bb89d0a979f519efede7bb8

SHA256
b1743ec371a44963d53615d2666150dfc67ad25ad637251bceeb9477144ad976

SHA512
c0234a9009018608babc0180e10cc9405ae4af64e83204136cc839d5b246cba702ad3493b12e09c3b89c9c7fe0aae1922ea285cfdc416414ed6e67698479c2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04b459a91997b84064fa4deec90dbee6

SHA1
374a546abf96370b172f5c435ca6c8ba2ababc65

SHA256
97bd8808b32ae6ee462e3eedf2044f38d49203870b3e4b7391e650062393ead7

SHA512
4c058e3c07c1ca23eb00246f00e4b2b9fa9b28e4c13a9e93ed30d88d4c1c3b23a862620eab85ff7dd14ee1dc3e9c224537bd6ec098f36b6996d922b8cb4b877b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b81960e20fd975d69b435199552d2fbd

SHA1
7b9e2a14205177a22b62036d6a752214c387aee1

SHA256
8d1041d8dccadb7e2bb4b301cb0679c5f069d1f2763e531eb9a9525dc42cb06f

SHA512
06a4624c8b3db8e9777eff2861d70ac75542cc251f1e1340cfe6eb2b8342ddf02858021a8e9f3512954a9262d6d602e97f5ee806566090e1f93877484326a199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e34ee46e76cc02dabc0c9b214793ce4c

SHA1
3ed5e65eaf58106285ef544d776f7c0e6a8c91ba

SHA256
a0991ca7e1b7ff4bd323aee870398cce664b280a3cab77740d7bc5668fce4b7e

SHA512
3dc0c804c38801536fc92ba4c575a3743bb34807ca9dfe25b72c4474b13cfb6ae59b612ec21b2ff8bee82444863dac5333024143020fd21dc13600f7560edf55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3b4688ca6372f21f3735328ebb05dd6

SHA1
8853cbc6b69ba23f4caa1343223ef67b0e9e8521

SHA256
4180b4b5f7927db9b16a14314683e0051fe96af650ab4a6184bb0ff82cda2a62

SHA512
8a92935f8f28f88712044702d9b4718b76f0367ef0c9dab756ca7f0f61badba58389a78b8c1d8ccd5f05334591412f5217cec39b95204132a74da2035eee66a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cdd21df12bdb53ec3b214895ece109c

SHA1
91d69c5886da87eb85164b677849f4e6c67afbd1

SHA256
4261a41ec17c16622f7b599d901540271d335a1508b1970ea526417f16dca085

SHA512
5a13f71085d55b67f3252f73966d5be17d554174f44c13ef97a85454e05af6e4aa082f983eaace710c44cd316ead09d6c6e889f3ace956c3f81a6ce5c7102945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8fa8532f4ebbeb1556f7c9726ac56fc0

SHA1
c90a90c8d0870d3d0ec440ad1372427c3c78cbf0

SHA256
f136629fbd6fd2b7744fcbc71665a1fd1247cdfe87c7d1eb52277cad186b61d1

SHA512
4d589c551189d5006e493d99d595109e390bfe150e6bd5986341a17a8e70d661609832c4095c4eb87dd0f4b2cca073364cac14128e339ecb55d36d1aa4b66fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c112f2934fb057b822d574c9eb47974

SHA1
0fe7bb552f02e783a9b87816261b1a6e6fcb8f28

SHA256
b10756fcdc2aa28448e825a474d603626f5c89a3e466d55e77f207f1ced48585

SHA512
d8b55ce37cd43fdd6d79cb4a0023b7d098a872132d60ffe712b8a52d605e39cfefea4b772be4b867301d1210e23a5db68ab578e04ab5783500d826b80d602632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddf4c790bcf1304177334bdd8b361f59

SHA1
9b65eb891fb33855f69efd37fbdd3cb71845bbaa

SHA256
7a3f11df394a1b221ea37fa963c0eda2fb6ea3a53e121f8d341b8d60d500716f

SHA512
6e9e998d863c56516f4592b64c9a3003deed765ed4d2231dce6ec827183853e1609caa09266c8b719fe5d0a45a2884265fa79b85f13e7644c3540f45a6203ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bb1fa296b1fb408750687f8adf6a8897

SHA1
0ad2bca91c6161c822edff5066fd33880399abe2

SHA256
5b3e1111ade74bea008b66214c826798cef44dbf00e5dc6a72b2b65764dffc89

SHA512
9c4aa6a23ac4377b8c897f2dd457984ca2fcdaf8666777def9e18896071d7716d46d8a7f3f6eb3efa0b840a507aaf0dae6821b5b4df4a4a727bacd919a322de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e746dbb6ddffb8fbb8ba035532cc11d

SHA1
8928f5c47d4a24d5e2f62f81c8cfcd4d65138d6c

SHA256
382381fbbde1a5d3b2b939274c4502d109fb5ae20e2fb0bb1a251cae386e3116

SHA512
1838ee3b04e34e16d6fb1bfedd4d5fea0910d5df8a76fc665ec5142ec5a6d57bc516fbdbc2c2fc9c5644e3d513daf00b020cf056b05a57a8efcf4636ffa64d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc8105a8cd245711efb16b8ae59f0965

SHA1
d08a2dc04a5fa042e825204e170c68549b7aba6e

SHA256
a01255d245acea2f92e4d7a5e4e7247816fb4c3c6105063444d3b3a879cb879d

SHA512
c2ac3b693c3c58eec4be6a7b9d003bf99e2946c4c184b1efdc1148c7fb4d45cbc2080f7b255dc6932d1cf02dee1bc6c76c60de6640a6901669303b3b27a9a1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1f5f6b081daedd7898c45ba8177e097

SHA1
c52ce24fdbf69cf45d100486ab99d1ed16ace79e

SHA256
a830066ba864265faf2ca79b78d960f010ddf68bfa2abab1dde74128ccf4e1d6

SHA512
b6237dca2593e2fed90cac0d609da5a0314301ff90f57c026782c2be3e9166f101f8a5be05b41c8c225d1d0d2ea53f77674febe961b60ee9a7e4f0d9df1b2599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9491b8f8f23fa97fdb6fd504dad247e0

SHA1
c34e7a7fa04b7299c30ee31a38126d0de3c5b56e

SHA256
47af97078f8d2e61b239cf294acbc730d4471a18c76b24a21cb3403034647416

SHA512
b38209be4118ffd617e4b1cad7d63cc758fad4d6d704ae6b38ad294a2154a04bc715f51124117b0d9d28e0a1c4794fe20c9caf4ddb9c65a65ee97bb63b9b9c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd88a45b103d7a4aefd5333346853554

SHA1
5bbcb1cee2ab9215bce5f968584dbbfcd2223fc9

SHA256
5cc65be15c2b01de500b8c2e072a39bd84eba5c62932fd664863b7b42f1f9327

SHA512
afd3c96f2b7fe72595359154990d864efdd1d86cafb1a66dc45cf723b52b9787ae6a512c0e139426adcc9460c21e8db34c8fd43b93ebc14553ac1ed6e6798a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
652abc8b2a93650c3430693b3d3f072c

SHA1
7c9ef0cf18cf9f5a5025e6d251215170d98fb08c

SHA256
2254a87246922efbc8e064c9b2f1276b5cad9c31e910dbcd5a5d20cb86868a92

SHA512
33b044edd8d4564768f9e7d3289bb8b2f9b69a77a23a1fea40fb90f3b2632d7b8abaebd8f20f275685e11cc95c61c8b572d43d480c74cfff879eb52abe01b151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c1dc974a157b4d2b7fe0cc592501b621

SHA1
1a84d9d7c4158a70823a13b506c7a37fddf909d2

SHA256
daeb8227f83fff064d150b296d3bde69fe997e404c12c7ae6d2896d876875384

SHA512
4e1e30d0d71e05c74db6297788ae09b4280042b277e98f75913f10dfcd156a51d7f988f590955541d4162bdc2594c5e7632c86b5c7a1d3a42b023b3dabc49dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36ed145bc8cdfb337b8f984c0a7d7758

SHA1
8a9cad1cea16142e5d6e0bd0febbcfbfa0b91cc8

SHA256
773e3badfc6af2d0a851cd95e582f84a6c10ea081247b8b98ccd5da49541530c

SHA512
15a3a23322f387b9b4def7cfbee7aaa07136c2bcc19abc9a8546bd79944d4355df4d004ae8eae8b661f8ae0672db68e80e8c4784f1da37b3e282f132b23d6900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
542c37f558ec9f70849d4f39d604fda2

SHA1
946d214fb7063d0b7092869a954f765e48b27443

SHA256
ea046905d2ad69bca61136d5a288b7e28bf1ca80cb154591ce2e6841be3d3de7

SHA512
d4ba50eda01577eaa971ff5388bc5622c8e481a6322293e11d143c3790d6d51991114ecc712980898bfc56fa7e7e69ddb0b0a2ac5ad722e29890ba651f1abf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c7059c370fe19522df470a8961fe805

SHA1
098cd1c865bbf3e810316752e11d0d85084d0a61

SHA256
a17ec53b16437ee2df1c7cc15761c802968929039c254c6942aedb813ff5531f

SHA512
133a2cdfd8db0814584d222ec6f7263281f5c942d841d17e08c1a662ffd1829a4d84a639840da4482967fc804c88e0ec419a3b594ec399fa85f0605197dabd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3aeccd06a1c80a09b834d34a8bce34c

SHA1
9146c829dde92814f5c378378bbab6877f5f6c6d

SHA256
5f82e21d803e18d275cd1b89ca1bf8cdd83291d1148c69eb342931646af9baeb

SHA512
d10bea678251e7bd771893c476b0aaf3b496b473926e75633922ddabd9cca1356a60fce886d904bba682f6fa3ff669b065d6dce712c4636696c18a6b1d24e364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
652e7c6aca0b4d18d1c119ae5bbf3938

SHA1
9659e90cbf72a4427076b13b009e7cf7bc56c271

SHA256
428d684cb30ac764204949f07ae4ccc655cc54be48238b63aa1664be102f38c6

SHA512
00c21029e59d2ee0f27b103a6c66f1bb5df392cc70b22d949f0f22515cf953051a1d3526d5150197e862fdde6900b8bc8ecaa135c18e12ce33057ec67dad521b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380555423465598

Filesize
12KB

MD5
f818652e68a424993960bf69072643f0

SHA1
e018e392635201984e201159f8b4587bed319a87

SHA256
4945263f783950c449413c32bf38ed5b21c472abf9ebdedc0640a214c0aa35ac

SHA512
7f8c8cfe10ca3d056c8aa4254261f0e96bc1976fd72f2bc383d53f1e7175c9e64a72bb9ac357709a02e6caa92dd483edf18227ac4b24c9fa5ca4a4cd4ff19e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
20bcb7a9c83a1f807c57a9b969880fab

SHA1
6cea09de0c5ff87144a9d5521b0f1951f608c657

SHA256
09e7d62d0295da999e0f27f7985e82afc5e4adc5f44f5ea69de3ed71c5452f90

SHA512
5299fdd12f72e601ea2030e4422886a981e9de44166f435eb0218b1bdaed8cbc77fb02fe775311847a5b73287ccccd7827750912b695981d7b82353531a84d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
e2d57237b73090aa9d96cb011eead851

SHA1
81ca1292dc99ea70a7887c6fec41043ff1f34983

SHA256
4fe15302d580db213928ce6fa1afe4448a5640153679e576588c7dfc034d1092

SHA512
1e140ea416a9d85a10f1d8269a705040e75facea3ef2513762962937d13f60a3099d52cd8cfdb5a577a9063339e3f0979d3c567e0f84f49976e5527d16d92515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a121f4440b44bcd37e8a0b918c70fdd4

SHA1
539e568264db9f8bfc3cdd6e68910f3e9fa53f96

SHA256
bac3ec628de1f6554eb152176c7a06429f5016c3099d92500bce3f27fe9125f6

SHA512
64bbd1803ffd248f8bd83224b583296f615c7ec098a9df789449323d75a412a7eb9bfbe38ec3e2d3a275368f551a92e06de58213a9db74874135773f84f62061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ca8776b21fb18fd76e93a034c6be19a3

SHA1
9b9af17fe7bc95264dd9b6f56363391fa5a0181a

SHA256
334206c2fe5fd8b4e1637bc6b9b20a48af9d2068b9d9cc9b14254782c2adbc17

SHA512
ef3dded3bd502f483c1ceb79f5c444fbd4c5d7bcd09bad8196d558dc5fcd9f7880369ade3ef75b3d0c2edfea8ff601bd7b0dddefd46cdd9ee5310829811ff8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b670a91f4e82f63c43dccae59abff72b

SHA1
5fd78e8fb4bc45da52da37c607ae52adffb4348b

SHA256
c54025d24b46d10d546113fe07cf7ab12684b00ad717e78016b2815f6679040e

SHA512
625dde4ffa0125dc8a737752eb1e3be5ec2b434bfe772fd92ce47b0f60529fbc7b3a1ee28a9bc5af9916d7ffe7fb680431190bd09c7b920e68f1506e9d7b382a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f5a9ccbaafffa1af09594a027323f056

SHA1
68f67d6c4faeb7e1a0acb9729f7df2e9df59de16

SHA256
be7b93ab8065c21b5cbf3963d42ead81c6702f7c7d7e145ae1ae86270e7edf68

SHA512
ad2615c3961e4a646795c410a96c2f50e39bfe7f5a4cb33cf1c9f6320d0432fa8a490c2811509f174995a9f4e3c5afab45929e0eba0bf4dff2789acde3fb4fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b26b692ff8961597f417a52446c1c55b

SHA1
fcbfa01c36fe521e8b05beaab9bbcffe70af3673

SHA256
cdac7b6509a4d008f8301140f3c589593a92c1cd5c7134b848413a028b8d70e7

SHA512
bbc6e2270fa7accecf246150514c7c44b89dc4d3f4fdbb7cd06a17cfa13d95b6949ab639a1c372271b481790fc79e40bda3881e8bc1565c1a1c0a29f9249e6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
f000dd7281398052f199721846ad7c80

SHA1
e5aa74c58cc6a52900a9f5423eddecbda7359151

SHA256
d6ac96857dcc6c1c478ac5e0b562b57e83b38908c24ecd34c693750818944c28

SHA512
6fdf445cf843f95ff1e4be91ac9e79540b400ce25ecc47d8cba7926c836f3937625ddb7f9260e557ae3dc201be00b4bf78826f50716e8c84fc71e830e3c64434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f4252b6276edaecea11a32b3f55e8cd

SHA1
dd71e3eae7d75519a0c55b10fec48d7757905b58

SHA256
50650822f610bc64d53de9f0b90501d489ebfc1fce6e593aa539f5fcc7967959

SHA512
cdc3b8a661d815cba743936e368242d03bb3e6244959cc2794455c225fd0a38352c40df85535d35d212e841d253b60a02291731e4470bbbc9271784cd9b7c42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8211bd0ab5f31bf2a50e1d5c2b01499c

SHA1
d61d70fed09b967974bd69b122afa7b752e0fc5b

SHA256
99c1bb5312213e4058f450fe5c79f935cde6e846fce9f8f199beb8c57321b00c

SHA512
747b9ca95271bb72eb9d6062c60137a2e614f45b532b04417a9d6656abb5e8bcff75fa07da18f8732219225a59bfbaac2c631be5e53fa5544131cc7f9669fec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c8b42beadf675a77298c26120904386

SHA1
0d5a66d942b24c545b04a8f6248d2b1bd45de66c

SHA256
24a1b4acc01ee4e91ad5df67d76afe6e26fcb6e83aa49e07ffc6e2cb126ee89c

SHA512
9e20c76980ac5836ef923e224510b363f73b9eca8b0a6f91442ef968079e60888669f033c2c44fa5c560babe8f1cf942cd1b226848f3fde0d0b2219f3ff8da7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
171f19f86c59a3765113d6fba53593f3

SHA1
699060d665de35fa8a350c02d97a56d6cc99ab94

SHA256
eb61cb4d1790f8d2a156528574f7c0492e81155c1e5f1d68a9a8f6228cd927fb

SHA512
3cc5cdf7110258fc9825b3fc5fcbf7d841f4268f7f5f31736dfabcd75e43a4248e2353cd1bb51adecd19a308d85faf5546d4ab4911f8842acb9ce3f827df80c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
69dfb739a96139f304b344764f4f12c9

SHA1
95fb5bbd9e16e4be7c7be285a23bae04f12234d9

SHA256
65b4aac2ad4a3ba0c64054d970199dd0c179d4d41b22a3339aa8daa80c3a43db

SHA512
e54a3826c1e3fb6ce0cabb208555028fecce0d0215bbfc8e581e3f0e651b68aa447245a980223b8ba1e51b13eb01ccdbab263ce4ed30304ff6124f9d50a4b26f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef30b878a24cc5f2e501c56c6258f5aa

SHA1
8c2fd26fe83a76d94bb00b022464fa8abd37627d

SHA256
bbf4c403e7ffb86a2eb7eb4816a99e5c28c04a28abfb7a3345d6d73237a6d04b

SHA512
c9ac19de2c83505c7441e550a4f94ac589ff1035738f37cbd4a1486f31f68829559959502ef73decc7136baa81e92f59173f72e03d78bf85a914705b4e0eeeb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1185e3d6dd2c67faa3c387d87398cad2

SHA1
ad3bfc30ab9b0383cfbeaf157718c39bc429d440

SHA256
65e9aa1cf924cdd1768a6a2a1cba0477a18d4113786de8ea68b66331002c0303

SHA512
0495258659e55f92fb0b077120e89f18bb9e4ddb7f0bc808a0b9a76d22500129a60b5a01ead00fbee4ec2e86879bf9c39e39d09d680cdec63165ad102282bdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9df8bf5789bfebf8f68d60b95ba5be60

SHA1
b978ea1135973f00f3e04560a275faa73e93130e

SHA256
7b348124d1d17bd16d00d3759b36709d32733e14b4843d9ad19c4aa4f427c77f

SHA512
9e994daaff81f24adcc044257cba176e163d646c8ce56008401b434073235b3291405ba60072592956f1143be6aff11b163a11f0753797c00912391ca4c175ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
932f3456ef0932b6acc1fb9bcce0a7c1

SHA1
029ae21917b3881997141b5334437ed2bd4ba79d

SHA256
e7e79ce56bb9d78ae59431e89973b362fc11895bc91d6b3141ac20798a6fc49e

SHA512
1069c1ce6674ca57736b99a59881062b18159de6765141fb33300a091f1e14c0393cc6c13b8e69ff9d46bcbc65b829acbcb93f194a50c97cfd5dee46ffaa2cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886bf.TMP

Filesize
538B

MD5
751895a700b7e2f4591b85819a1e033c

SHA1
243af8c98e21affbd76a5b9791fbadc372eff6eb

SHA256
791d65d0f3bfc2f3bae70c81c2e5cb733f63af0b6e31a716df656d46dc31fe90

SHA512
16dc58e210eb23e44300e64ccb79140bb32b7ffdf12d26c17092e39e5795ffe83c4fa1d7db33672f8f162f632ccd99704dba42a6251d3bf1579e2ab39782a9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
537682b307cd82f5b99e6d6445922a62

SHA1
cd1d81cd910837f8a54aa574ae37130712a6a282

SHA256
4cec3b34e1edc79d003236712b28103e964885a2bfbf5e58356e7e845a571f2a

SHA512
2d2a5ac76652a1bc0763827d016651795eada8704c9c6996d6847dd9eef0d6652a89d414ecb95477db7575629893b7b864578e3e5fed8d58738e561b3a0ee418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
137d73f40567578c333829309716d232

SHA1
a900ad9a5efc7fc3ec8144b910b1fd362f93615f

SHA256
9d4fa8cd1f841397ae1e9e65de0c1441bb9d7ce09e4e9f253c6f485a4cd7e6eb

SHA512
9a7bb53e4602fb785207f14242de7e40f02d0af86b70ab23cda7d2251b8df4b7a0c1a08d3cbe529449fde76e5c25e0f7f303958fb24f2c0a1f0226207c8c4f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
64KB

MD5
3604392cf9d2791af9203f44ce11d63c

SHA1
3a49bcf5bf2ab8401a94af0bf4c6d093e221b1fa

SHA256
2f49ef4a7e14a5f1c40b9fb98327bd59494ae4704ba0fa3a0c64c49c5c029e6a

SHA512
731782d634746b7c318d826cf274dc0b278365c7f20c18d8fd8ef0cf85d5128e3637361386354039620d97843eae4a160e831f5b4ee7acde9a8959df4c2508f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
06416d11178d705b0df204a9f1284148

SHA1
95ff92d7873d4e3e1fc91e97432f6855358413b7

SHA256
d82c0159fd2d6d819585612039a7ce9a3ca9337e9a4a602cce2977c15c7d14bc

SHA512
6087a544bf8e091b9e6b759c8ac80df4bcf7070619f75fad7151d785951421264544ae8a3947d0d0c6d38d91053d59766c41a01f8006907ce74f0fdc4b55f278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4567bf0035964606eda19c419b7efee7

SHA1
f2dcd7b6f4f7620005f50ea5cbab3548836764f7

SHA256
ca1a6f0f50d3d1ff5839552ca9a105a6878e56c059de8ff3e72f9f3f347659ff

SHA512
744bb915114c72f1c5bdc6fd8aec2043c9ce81d064b9f610c4775ee0009b24191ca64eeea5e2ed897c3ba02bfe740ccd1859414c1ec2bbedd01963ace084d306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0db35171ba37fa4fde23ae75db2e624d

SHA1
66adfad1b53f0b806dced383ea7411d6f2e8d06c

SHA256
3583463c2ae21409a29decd7d0180e74ed552a04065de8d17407b7f6b1751835

SHA512
50fcba34c5d77218afe4a0d46445d77d5433f19844514a9bf9f09b89535817fec01dec407f9ee260a4761d7435db94948546353e80ad10354090ffd9ba4f7f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8a5995cf8efe3697d5b505c8a470cb9

SHA1
81e3f0158cca57882dd7fc078d01e545154b52a1

SHA256
ab72f506a85463d57b419542861aaaa79e42865a5597cb4dd7b7a563b572268f

SHA512
0e992f7d79b4f856861d33574c247812799a21a055f740a5a9b804d4493c15ded25256d23ad058a2f4e2c019b4b1dd7f505eb9af3954a2de8883bc36292706c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ee039119c645c0bbe4e2794ba327ec4

SHA1
f729b59df3563e8dab5225c19285f958d9e2139f

SHA256
725005f7e0c6b523164f32e5d5ab8cbe8fe8d048b6761fc65557c7aa7a8b753d

SHA512
2f643c146f6af4fcca044fb8474ad6f160ab554b59e8cb7460adc63ed36798101a4987f15e5ab151283f187196f873478cf04fd1cb1f89ac058d35fa14cfb8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90508bc3ce8819868cb50f2593e068f3

SHA1
e044dead4cf2640d3355bf631b21fa09ca7843e3

SHA256
53e5be9ad14988d251164446b82a85926add60362ad4932ddc5171ab8eed2d53

SHA512
3df51e574b82abccb5b1ef8fe346aa8d410b3189b8dfdcff060554277263856b71864323aff927bbe93d9e61aaf4f486b172506c6b31f0eb8ec165aa7fad092f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
080358e44855ad2924fb04756d3f87bc

SHA1
8e32fb6879744c05b12a46e28f61893423c3332f

SHA256
77d23c9ae1da910de7eea5be894ab40388ee09021d6ce83330b0eecc7ada37b4

SHA512
7fe20fef4eb8ea21a795dc8a9e612a52bfe154f4935dc8e766b98a4b0b02b2f902d24a541dcbb4470f62ec8a6a7ae271f0dd6bddc5094972f3dea6ccf0e8668c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0736cecd7490061d12a056bac025f3a

SHA1
fc23ba6f5f8cd06e9461e0b8b43851859ea5df7c

SHA256
ac2c0ed82558a10d3151b24ca40f84606453b4569ca8c4fedaa4a21aaf74622f

SHA512
5f2f9c8ea565698756d6ea1f964a16773340cd78ea0535a13f6bbc82caaa57d29348aeecbeb2e213301bc5d0dbbd96c30ee8e1c6d2b03d9ef8a62c8d338346fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f177ae11a94c8daf45967e26fdd96f53

SHA1
af8988ce3e72d4e6ef8e8afabdb025bcea0a1b45

SHA256
cfc0e7696aa814f5734bddaea964c8e64ad0a82b3354632e6867d75e12b612f3

SHA512
0af20b350c6ff8d924f0beca89441b7e07a1f4a8295b0a42d7d5ab20366f81a43b3565e072cf85b67f865db4e177a4f702fbc971fa0afc7b196870a1a194d60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a96e011146477ac3b3d8499d5b797d0b

SHA1
1e395b6957176c54bc5813522875142d7ae2d911

SHA256
976bd15dc0a0a397eb7cb2f81c507953aacf5af65c2c59a45fec1b24c5f8362e

SHA512
3e719b82f37462851c36dc3c8a81bd7168a30a683f7b6eb2517bdbc3f0e019b0e5c4ca01d7f9eb8e2f642c114729bfad065d460cdc40df01215c5e94067a31cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0035fa575ee20146ab29b9d23219e6c1

SHA1
afdbafa72f00a689d8aad1fc0992686379e6124d

SHA256
9cc2e602c54ee2757493cf16c6c6ecfbfa64db4e1d8469adccc8811cc4b9b923

SHA512
244eac74ee924511491e720d30b1e19f9d2ae8af53e51e75e938983f52d45881de94e32320f6e9c67017e010c052ed2ce8d6b05f236fa97b57c19bba73fa6b1e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c229192c-1d3c-42ab-a2eb-03af2c9ea81b.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
327975ba2c226434c0009085b3702a06

SHA1
b7b8b25656b3caefad9c5a657f101f06e2024bbd

SHA256
6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c

SHA512
150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\UNLOCK64.sys

Filesize
19KB

MD5
3a876b31c94f7782eb9de06f8abdc9e6

SHA1
92a8a21b89a0f692d7c847de483cc3114478a478

SHA256
8c4c6cc6685a719ac4e6119e1dac4ba029eba21720d5c3ca340006c9113cc6df

SHA512
97c22a6d971fbc9f09cf2304cf26737119a91c5e5e2ca8b7d40a76b2f55c24005eb7350fc868be800da02248dd40dfe8af580a2c11fadc3a9eaebfee75325197

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0Q8MK.tmp\WFDSetup_1.5.6.58.tmp

Filesize
1.2MB

MD5
edb9910ea149e30bfd2d22e7c3ef400f

SHA1
c34c98ade2d55dce64e5d289bf98ec68a1bf3672

SHA256
51c091b6615b792fe1f73074f3f53b710f4b804a07054f4e6930fcdeff3b6654

SHA512
df3cb956d9e43ec335c238a3e871b21cceb75f4a8bc76d27fcb30a0b0397d5ef865b08f4a7ec1b7fee3dbbc9d4a5fc23e369345459afc095ae7a1872729e05d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-I6FNH.tmp\introduce.url

Filesize
95B

MD5
2e35a6bd98b8ca45fe4bdafb6e0766c4

SHA1
8769dbcf749ba63d60ac21f0a8cfd7a65c76ab38

SHA256
3d4da45e8695a7a6203398d65c55f52c3b47140eddd2e04b1ffecc2910ebfd6e

SHA512
b27099cb26a2bef2688029128678e1d57c66ee23f453a8dcbb7bc299a671175d35bdaf424d57ee98e179c80c8b079ed3fa5a5c8ea6d47a35971e3d35af639967

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
bd419bd3883fe26b0836375044851e71

SHA1
d4999af39b0b2305a12b31fc5550920a21e1d85a

SHA256
c70aabf49156c6f80e1f9e6003a030b0e3da0acb946dee91d048a2f2ea4273c6

SHA512
4188aec754615526459e6c3760e39f8dcbdf4f53f8344d02d864680a5971dc910981e6823606fe2477dd4c23373e959a671a3b0bdfc83191e5f1bf43dacba336

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
8f9741beeb80eb4dcd389ea87663e93b

SHA1
1d721e7618d9a4498153175c2ce7313bd7c6e0a1

SHA256
da25428963d98f75f3215239b0c8084923d57bb86f5aafbfccac2c3e2c920727

SHA512
00466c2b0b5b32e03688a697efad6bb744045f7258c8879bba3e079aa10c4ffa543308ea85365a1bc76632fc609b40d9a62c3dc7c200b40443d5bd152350aeba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dc52dc8aec39690e7bcf19429d19ad0f

SHA1
ab540ed6203274e09d47dce5177c2b041e065475

SHA256
bc79835c9eff8b7541162e0919ce7274b543f13e190b2e708d974cd76f7ebb4b

SHA512
08f874ea95829c8067f292cabd43ee02f3d8320dc7adacc9e539294928125f08b4304003755e1879edd5ffc2089f2575772b4fac83958dd28a4b51ef24864c98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e876bbf2798faa1fe6ea3cf5aa6e9a0c

SHA1
f5dcced89af525683f45db9eaf31f7c675de7382

SHA256
2f0eb606cb5ae9f22ef61c398f7999c0b5be8e4c1ad51504d3e025c20aae110d

SHA512
ce315c39386273d3e11b7194d5c4e6c78dae8fc7bbcb081d45086d541d3cc5be29e576f1962442611826efc879865687fee6eddffa0680902c57b5eb978b41bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
eced3ef51ec24d96e1e7afd2ed61d3bd

SHA1
3bb70ea47d2448340d0a0f90216605f3e4640274

SHA256
495763c5bb85b60ee0cede3e9e58172d9ec0f66d2654bc964f44a03f53f8c0fb

SHA512
a90aba09e9a58225698b743fbd61bb42539a72c5f147a75149a09eb9e351db2f37f58f601d4d417fcbb5e8166d07a3e07485630eb84b290aa5e6fd6439f41805

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
05bf27e561db0257cb0de0e522bf0ecc

SHA1
61a088a32e515243b02c03537e0e77c149e9848d

SHA256
65282397d86f6c0143b7c3228bbe18734214c459d012b8ff50e2ea7b9dab3353

SHA512
ca970346e5f041cd34ffcbac5544aec5fe02c1caf9477a7c81c3cf14a8d4e59643628a2b4d41bc0bbb84c54c4f635319a3c53eedfdcab6ed84f1f53db2ffa022

Download Submit
C:\Users\Admin\AppData\Roaming\Wise Force Deleter\config.ini

Filesize
87B

MD5
8127662a246fed4eab22911cbbd82f59

SHA1
82809b2512116851e907ab29770f4bbd234aecbe

SHA256
ccd0e59264dc3aa3d1fb51f307646d14a9d512aa39f89ddfaf3a550d0196c967

SHA512
e53c3ae7353928e291c2e14664bb232f21b07676ddf5131410a7daad238cc7e19199e0f32b1adb4cf9923f1b751ef04e2e98af21a780691ff013c98eb71d6abe

Download Submit
C:\Users\Admin\Downloads\Windows-Spoofer-main.zip

Filesize
1.7MB

MD5
507cac37fb32cd85c0e0f213feddad65

SHA1
fb4ec0a1b9d78097fb9ddcfaddb0c0c2ce4a0624

SHA256
e87f1002f094eba37b2ccb2b8cf1fdae0604d445587a6ce4ce7ce74e3c7f1abf

SHA512
ae62af7385af90cfe2ac9d79de2adb090bc8413e21eedb4fbbd79100de65fd115ade147cdd99cef1032660290dac198cf7d476d55ecac835f8f9f1eac2efbc40

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
380KB

MD5
e729b8401dc8863345c0c769015ba810

SHA1
92a0e3ccc0d46411fd7056dbcdd61e2cdde989d9

SHA256
b4ea8c28dc9e6a79bdb3a04096e4afb8b616f99b95161faa55aea852a06f8a61

SHA512
9de1fcb4b302f4cd6218692eb38a1fc34b62fbfb88ec3913799e502796b42c114612fbc761c1aa0f35c42d707bf6b62623f9b1395ff482a823f3159df290e389

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
5d6a2289596ecc651353c90c78b0482e

SHA1
b33e9e0ba193c53fae9086501a83e843cf589d09

SHA256
91da3a79c79dfbe614e83cf89bd90369898a3956dcf1cceadc9df9c7533ea1b6

SHA512
72cd7155c20a3012b1e167d262b8891a448a9ae949dcab67c578c226f3ebd49ecdb3bb72e5383c5c18c7a0f1f7f054b76c56a8f2fda869fd979631cf56f48460

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
396KB

MD5
50a15f8b2dee04bd5ad7dbe53bc215a4

SHA1
ab51b6e1de37daa178ce5c29b0d67b2dbf70d97a

SHA256
8da72305581aa72b6e1dbb1b02c35b183e9784a48845d0ff7c01b5e752d6b56a

SHA512
d5a14ac76f71e0528336ef97bcc97672b58e062f6e4f5dae31216a062834a4a6fab8ab492e19fa7239d1b6b8048af71e7f50deee8b519661aa7aa55938abae1b

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
af928bef1578eebe9a03aafa965ab3ba

SHA1
1a6355606723bd22abd9e87884ee2a361bcac195

SHA256
75004e1eaa85479490e03d05a23f0360d19943ec86a4b0576968f9fd68836faa

SHA512
e7ea35ca41c73eb2f52eb1f2f10fa77f89f1b05139c0a20874118eab1e2ace31667b82ff9af5cfda9129e0dc36b4d46fc218b447ccc78eef927cf787c7b6dfe8

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
35b9e875a511e88774c0cda5f34b8b7b

SHA1
860935548db18a9b92fdad26084caa36e5692381

SHA256
a3b231517f3162b31246875592ca598621911939bd4dcbf063ac03f228ad3f5d

SHA512
bed91b963cc6b662baf30059bfcd9a9965311e7253cfdb67f32652831f1f8f8d73af48acf6802491a8e320272979a9a5c479503a244bd4ae22f0b04ae025d891

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
15add5943fb8974e621115897b45a70a

SHA1
b3ce9bc570e8bb182170b2db2ff59c7ea2359464

SHA256
911d5447221510c0501c192442bb0997c97fa7e0b6175b871364499a9710f89b

SHA512
d0e323834fd535e32ece12d3fdbf5007de338ceb69dd1a5b8ea2176d9e22831831b5159178cc1523ea037061250a963c4e2431aa2093d75f541b134ea3037893

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
64e340f68522f8985f3b01c5b8c33ce0

SHA1
d6b07477337fa78ee5d3b4c8acf0281a03bc58f7

SHA256
ec358604f8bc265981103ef1241b97504e6b079d8b3073974a6dc0b09682aaba

SHA512
d11a94413799df86f6e687a19a6f24da0c8751263a7f356b0f11a7a2328b891a24f9544bf28102be4b2230fbca1cc78d5982659dabc57572b9398d2dfb37ac2a

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
c397b8a93905f3646bb32acea21aa651

SHA1
c984f6e663b8db03820658638b3779d356966f8f

SHA256
402f89f65256e78d722d9f80d524fe6268e48505f03a9353d779c0e8b663e779

SHA512
3fba97589dd02349404fb68bf60bc8a04946e95e22b1fe606523824b8e6ee7d8fc97800e4fbb3ff8baf07e8de2f61235fa19547ff241e39dcf3aa63d77852a9b

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
54fcf2016415da890c6fae48aee4ab6d

SHA1
14cfb58d9b6a29297b4407e9c52fa48dd941411e

SHA256
603ad035bde13b13f04d605d741aeaba1db9447ca7d8bfaa0aed3a43ade588c9

SHA512
a04fee0d7676663ca78bd91978ecdc14a8eabf908b554c84d648fc70b3f12bc3707fbab83197841b13d24f8f4835deec5235cce5044d471fcbeaa56e6e4f9f9b

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
190KB

MD5
9023cf7ac3d5251ce2f929a0f518131a

SHA1
dc27b71879b4f904679219be0ac15f1b6aff4dd0

SHA256
713a9e35b90ccd94fa5bad99bb5cd5239d8db4aff18043911703e43bc41980b5

SHA512
d2070b8bcc92c50749cc7864eddb15a70372368ddf87ebf139fc4fc6bcd5599836da42e2c3a01ed05d84cb2ef53d22d8f2900ced4839e0dd9a06e098d21140ff

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
322431f5bf03f00f778599afbbfcc3a9

SHA1
abecc28983f664f78ade74d4a70516783374193f

SHA256
67fa1715d41b6368eb2509d247dbeb33cf283f7fa45640eeb68fe0a7a08d8888

SHA512
2d755a60c5d9ef638e678a7d2572a8ac25d23b4ca180d86af2a4bf0ea721db32849bf7c90f60fb04657d8c26ca215dd8e93f35c89adec415c1e2af908e74b2fa

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
4a5b0a962e3cc360d5b3ce3f3f3e357f

SHA1
a214e69bb19665bd8251586597a7fc751b41af7c

SHA256
a67d2200c6c29d640301ded18719373920eeb931ab67ee2efa3af86b0e05103d

SHA512
8ddfa49ba28683e1af3b3539b755702435518c88cc4c66b7e0b0da7f71845dd2ad51f5ec99160d5f32fab1286981f92bad2a5c1a8f2026407315477d31fa9ce3

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
8cef9845aa4e6408ca1e65bbce4ff8f0

SHA1
c5ba4c0bb9b4ec5540d9d9a4520a4d41cd67a541

SHA256
66920b1eab73d758949746ab1907fc1fc8b236051007fa11a1fe0833fdbd8476

SHA512
421d0f8531ac36f575877c53513c73d1c8766fe1fae1c1ee5c11af7fa54743a1aefe3218ecad50d20c81dcc48225bbebbe6514855b4252759592f56bc1684131

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
3c965a8edfb09b93e75c5361f7497a68

SHA1
eeeacedfb09fd73ebc1931cff8565122dd0e2eb1

SHA256
78bca2ebe20ead95e87ba5dd2a5c04f2214e8bb1ed383a16ebcb605ff89e92cb

SHA512
a63320afccb757cebd70e8391f40fb114810647eb77fd9642ca13e47b1bdc959bbfc45162cd91776cf3086922117cdaf3eea56074dbf32f765866e2ed322e92b

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
5e9b3dbf8f40cf8f83a1e096f9c47f97

SHA1
7a0b2740d23b504588f4fe254f745119e63af9f3

SHA256
031d2af67a41d0a7a1f169008497c08b64e74001a4099f2008b36d1e08af9275

SHA512
c80f166ffd0fff5819b5eef8b28414a36dc5199a2cb98e2add14e5f805f581f90ca79dbb51803cd7ef3f707ba4afd1613a9e9a2ea764ecdb35cf2d46837566ee

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
9a310ed09d46a48ca68ba8fb34c7210c

SHA1
996c059d31faf4bb27602dc16d54763b547db275

SHA256
b58840d3ea7789d0c47c3b4f11bfe42096e3aa07d292ddb279a93293c9aaa150

SHA512
6765f4c326676fe1e53a4ba3d09ccf4fd9d0b36ca2993137f22456112414ff9a56817b5abbc33a587ad1a339f6e640050bc82ab930fe8483decef46d53993fd7

Download Submit
memory/2456-3024-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2836-1781-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1783-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1775-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1776-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1777-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1786-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1782-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1787-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1785-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/2836-1784-0x0000027248250000-0x0000027248251000-memory.dmp

Filesize
4KB

Download
memory/3136-2900-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-3026-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4276-2296-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2298-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2297-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2294-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2293-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2292-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2301-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2299-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4276-2300-0x0000018752BC0000-0x0000018752BC1000-memory.dmp

Filesize
4KB

Download
memory/4972-2263-0x00007FF91A7F0000-0x00007FF91A800000-memory.dmp

Filesize
64KB

Download
memory/4972-2288-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2289-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2258-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2261-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2291-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2259-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2260-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2262-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/4972-2264-0x00007FF91A7F0000-0x00007FF91A800000-memory.dmp

Filesize
64KB

Download
memory/4972-2290-0x00007FF91D110000-0x00007FF91D120000-memory.dmp

Filesize
64KB

Download
memory/5144-2736-0x00000000053C0000-0x00000000056D9000-memory.dmp

Filesize
3.1MB

Download
memory/5144-2896-0x0000000000400000-0x0000000000CF5000-memory.dmp

Filesize
9.0MB

Download
memory/5144-2895-0x0000000000400000-0x0000000000CF5000-memory.dmp

Filesize
9.0MB

Download
memory/5324-2739-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5324-2611-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5348-2735-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/5756-3025-0x00000000053A0000-0x00000000056B9000-memory.dmp

Filesize
3.1MB

Download
memory/5756-3142-0x0000000000400000-0x0000000000CF5000-memory.dmp

Filesize
9.0MB

Download
memory/5756-3143-0x0000000000400000-0x0000000000CF5000-memory.dmp

Filesize
9.0MB

Download
memory/5756-3149-0x0000000000400000-0x0000000000CF5000-memory.dmp

Filesize
9.0MB

Download