cryptolocker | 2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2

Resubmissions

18/01/2025, 16:59

250118-vhmksszkhq 10

18/01/2025, 15:36

250118-s1wkbawrdw 9

Analysis

max time kernel
1441s
max time network
1444s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18/01/2025, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Logged.exe
Size

74.0MB
MD5

cf6fb14c4dcb8a424d3154953a86fdf7
SHA1

d181373763516d4ada6bc1a4bf7b88cfed0032a9
SHA256

2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2
SHA512

c3f4d52efc5bd723b109dd7ad832130d64b8367bb7a57e6f6ccba0e4351b3e1dc2199bb6bca26852a5f1c776191d0bcb0f9c671fe87f2448915c96b0d3de8c74
SSDEEP

1572864:/QwYC+7xMkRCtQkTMT2Zr9yre77nD0CpbeQ/KZYlctCqkFj23tWoG8g2cnr5:/306kkQkTyCAS/DrbSQctXkFj29UbJr5

Score

10^/10

cryptolocker credential_access discovery evasion motw persistence phishing privilege_escalation ransomware spyware stealer trojan upx

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Cryptolocker family
cryptolocker

Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs

description	pid	Process	procid_target
PID 6808 created 7000	6808	taskmgr.exe	251
PID 6808 created 7000	6808	taskmgr.exe	251
PID 6808 created 2812	6808	taskmgr.exe	284
PID 6808 created 2812	6808	taskmgr.exe	284

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 4 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5724	netsh.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	setup.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat	xcopy.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat	xcopy.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 51 IoCs

pid	Process
7000	Free YouTube Downloader.exe
2588	{34184A33-0407-212E-3320-09040709E2C2}.exe
3864	{34184A33-0407-212E-3320-09040709E2C2}.exe
3536	{34184A33-0407-212E-3320-09040709E2C2}.exe
5228	{34184A33-0407-212E-3320-09040709E2C2}.exe
5976	{34184A33-0407-212E-3320-09040709E2C2}.exe
7396	{34184A33-0407-212E-3320-09040709E2C2}.exe
3180	RobloxPlayerInstaller.exe
5648	MicrosoftEdgeWebview2Setup.exe
7460	MicrosoftEdgeUpdate.exe
5472	MicrosoftEdgeUpdate.exe
6276	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdateComRegisterShell64.exe
7088	MicrosoftEdgeUpdateComRegisterShell64.exe
5500	MicrosoftEdgeUpdateComRegisterShell64.exe
4888	MicrosoftEdgeUpdate.exe
7128	MicrosoftEdgeUpdate.exe
6732	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
7284	MicrosoftEdge_X64_132.0.2957.115.exe
4608	setup.exe
8080	setup.exe
2584	RobloxPlayerInstaller.exe
2696	Bootstrapper.exe
2020	MicrosoftEdgeUpdate.exe
224	RobloxPlayerBeta.exe
7772	Solara.exe
7500	Solara.exe
1232	Solara.exe
560	Solara.exe
7112	MicrosoftEdgeUpdate.exe
5828	MicrosoftEdgeUpdate.exe
7328	MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
7680	MicrosoftEdgeUpdate.exe
3952	MicrosoftEdgeUpdate.exe
1464	MicrosoftEdgeUpdate.exe
7620	MicrosoftEdgeUpdate.exe
5904	MicrosoftEdgeUpdateComRegisterShell64.exe
3344	MicrosoftEdgeUpdateComRegisterShell64.exe
7880	MicrosoftEdgeUpdateComRegisterShell64.exe
7100	MicrosoftEdgeUpdate.exe
5208	Bootstrapper_v2,14.exe
5780	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
8052	{34184A33-0407-212E-3320-09040709E2C2}.exe
1376	RobloxPlayerBeta.exe
5040	MicrosoftEdgeUpdate.exe
7660	Bootstrapper_v2,14.exe
5772	MicrosoftEdgeUpdate.exe
348	MicrosoftEdgeUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
948	Logged.exe
7460	MicrosoftEdgeUpdate.exe
5472	MicrosoftEdgeUpdate.exe
6276	MicrosoftEdgeUpdate.exe
5268	MicrosoftEdgeUpdateComRegisterShell64.exe
6276	MicrosoftEdgeUpdate.exe
7088	MicrosoftEdgeUpdateComRegisterShell64.exe
6276	MicrosoftEdgeUpdate.exe
5500	MicrosoftEdgeUpdateComRegisterShell64.exe
6276	MicrosoftEdgeUpdate.exe
4888	MicrosoftEdgeUpdate.exe
7128	MicrosoftEdgeUpdate.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	FreeYoutubeDownloader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Manager = "C:\\Windows\\system32\\winmants.exe"	Mantas.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
1202	raw.githubusercontent.com
1496	discord.com
1201	raw.githubusercontent.com
1490	raw.githubusercontent.com
1804	discord.com
1805	discord.com
1489	raw.githubusercontent.com
1277	pastebin.com
1434	camo.githubusercontent.com
1503	discord.com
1505	discord.com
1114	discord.com
1933	discord.com
1276	pastebin.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1500	ip-api.com
1692	api.ipify.org
1693	api.ipify.org

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
384	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks system information in the registry 2 TTPs 24 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winmants.exe	Mantas.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	firefox.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
224	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1376	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
224	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-3705-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/3020-3796-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/1232-6608-0x00007FFA7A7D0000-0x00007FFA7AE95000-memory.dmp	upx
behavioral1/memory/1232-6739-0x00007FFA85610000-0x00007FFA8563D000-memory.dmp	upx
behavioral1/memory/1232-6738-0x00007FFA9A9C0000-0x00007FFA9A9DA000-memory.dmp	upx
behavioral1/memory/1232-6737-0x00007FFAA54D0000-0x00007FFAA54DF000-memory.dmp	upx
behavioral1/memory/1232-6736-0x00007FFA85780000-0x00007FFA857A5000-memory.dmp	upx
behavioral1/memory/1232-6742-0x00007FFAA1DB0000-0x00007FFAA1DBF000-memory.dmp	upx
behavioral1/memory/1232-6743-0x00007FFA7A2A0000-0x00007FFA7A7C9000-memory.dmp	upx
behavioral1/memory/1232-6744-0x00007FFA82B30000-0x00007FFA82B44000-memory.dmp	upx
behavioral1/memory/1232-6741-0x00007FFAA3260000-0x00007FFAA326D000-memory.dmp	upx
behavioral1/memory/560-6740-0x00007FFA798F0000-0x00007FFA79FB5000-memory.dmp	upx
behavioral1/memory/560-6754-0x00007FFA85770000-0x00007FFA8577F000-memory.dmp	upx
behavioral1/memory/560-6753-0x00007FFA949B0000-0x00007FFA949BD000-memory.dmp	upx
behavioral1/memory/1232-6752-0x00007FFA7E880000-0x00007FFA7E94D000-memory.dmp	upx
behavioral1/memory/1232-6751-0x00007FFA7F930000-0x00007FFA7F963000-memory.dmp	upx
behavioral1/memory/560-6750-0x00007FFA82130000-0x00007FFA8215D000-memory.dmp	upx
behavioral1/memory/1232-6749-0x00007FFA9AF50000-0x00007FFA9AF5D000-memory.dmp	upx
behavioral1/memory/560-6748-0x00007FFA82160000-0x00007FFA8217A000-memory.dmp	upx
behavioral1/memory/1232-6747-0x00007FFA82B10000-0x00007FFA82B29000-memory.dmp	upx
behavioral1/memory/560-6746-0x00007FFA9B0F0000-0x00007FFA9B0FF000-memory.dmp	upx
behavioral1/memory/1232-6757-0x00007FFA7A7D0000-0x00007FFA7AE95000-memory.dmp	upx
behavioral1/memory/560-6758-0x00007FFA6E1F0000-0x00007FFA6E719000-memory.dmp	upx
behavioral1/memory/560-6756-0x00007FFA82110000-0x00007FFA82124000-memory.dmp	upx
behavioral1/memory/1232-6763-0x00007FFA7DC80000-0x00007FFA7DD9A000-memory.dmp	upx
behavioral1/memory/1232-6762-0x00007FFA81E50000-0x00007FFA81E77000-memory.dmp	upx
behavioral1/memory/1232-6761-0x00007FFA85600000-0x00007FFA8560B000-memory.dmp	upx
behavioral1/memory/1232-6760-0x00007FFA7E7B0000-0x00007FFA7E837000-memory.dmp	upx
behavioral1/memory/560-6759-0x00007FFA798F0000-0x00007FFA79FB5000-memory.dmp	upx
behavioral1/memory/1232-6755-0x00007FFA7E840000-0x00007FFA7E876000-memory.dmp	upx
behavioral1/memory/560-6745-0x00007FFA82870000-0x00007FFA82895000-memory.dmp	upx
behavioral1/memory/1232-6770-0x00007FFA7E880000-0x00007FFA7E94D000-memory.dmp	upx
behavioral1/memory/560-6771-0x00007FFA7E730000-0x00007FFA7E766000-memory.dmp	upx
behavioral1/memory/560-6776-0x00007FFA7D700000-0x00007FFA7D81A000-memory.dmp	upx
behavioral1/memory/560-6775-0x00007FFA85770000-0x00007FFA8577F000-memory.dmp	upx
behavioral1/memory/560-6774-0x00007FFA7E700000-0x00007FFA7E727000-memory.dmp	upx
behavioral1/memory/560-6773-0x00007FFA84DA0000-0x00007FFA84DAB000-memory.dmp	upx
behavioral1/memory/560-6772-0x00007FFA7DB20000-0x00007FFA7DBA7000-memory.dmp	upx
behavioral1/memory/560-6778-0x00007FFA7E6E0000-0x00007FFA7E6F8000-memory.dmp	upx
behavioral1/memory/560-6781-0x00007FFA6E1F0000-0x00007FFA6E719000-memory.dmp	upx
behavioral1/memory/560-6792-0x00007FFA7E770000-0x00007FFA7E7A3000-memory.dmp	upx
behavioral1/memory/1232-6795-0x00007FFA7BF40000-0x00007FFA7C0BF000-memory.dmp	upx
behavioral1/memory/560-6808-0x00007FFA7CA10000-0x00007FFA7CA2C000-memory.dmp	upx
behavioral1/memory/560-6807-0x00007FFA7D010000-0x00007FFA7D01B000-memory.dmp	upx
behavioral1/memory/560-6806-0x00007FFA7CA30000-0x00007FFA7CA5F000-memory.dmp	upx
behavioral1/memory/560-6809-0x00007FFA6DDC0000-0x00007FFA6E1E5000-memory.dmp	upx
behavioral1/memory/560-6805-0x00007FFA7D020000-0x00007FFA7D04A000-memory.dmp	upx
behavioral1/memory/560-6804-0x00007FFA7D050000-0x00007FFA7D05C000-memory.dmp	upx
behavioral1/memory/560-6803-0x00007FFA7D060000-0x00007FFA7D072000-memory.dmp	upx
behavioral1/memory/560-6802-0x00007FFA7D080000-0x00007FFA7D08D000-memory.dmp	upx
behavioral1/memory/560-6801-0x00007FFA7D090000-0x00007FFA7D09B000-memory.dmp	upx
behavioral1/memory/1232-6812-0x00007FFA7C950000-0x00007FFA7C95B000-memory.dmp	upx
behavioral1/memory/1232-6817-0x00007FFA7C860000-0x00007FFA7C86E000-memory.dmp	upx
behavioral1/memory/1232-6816-0x00007FFA7C870000-0x00007FFA7C87D000-memory.dmp	upx
behavioral1/memory/1232-6815-0x00007FFA7C910000-0x00007FFA7C91B000-memory.dmp	upx
behavioral1/memory/1232-6814-0x00007FFA7C920000-0x00007FFA7C92C000-memory.dmp	upx
behavioral1/memory/1232-6813-0x00007FFA7C930000-0x00007FFA7C93B000-memory.dmp	upx
behavioral1/memory/560-6810-0x00007FFA6CA10000-0x00007FFA6DDB7000-memory.dmp	upx
behavioral1/memory/1232-6811-0x00007FFA7C960000-0x00007FFA7C96B000-memory.dmp	upx
behavioral1/memory/560-6800-0x00007FFA7D0A0000-0x00007FFA7D0AC000-memory.dmp	upx
behavioral1/memory/560-6799-0x00007FFA7D0B0000-0x00007FFA7D0BB000-memory.dmp	upx
behavioral1/memory/560-6798-0x00007FFA7D690000-0x00007FFA7D69B000-memory.dmp	upx
behavioral1/memory/560-6797-0x00007FFA7D6D0000-0x00007FFA7D6DC000-memory.dmp	upx
behavioral1/memory/560-6796-0x00007FFA7E700000-0x00007FFA7E727000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\whiteCircle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\eventlog_provider.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\KazaaLite\My shared folder\teen .scr	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Emotes\Small\SegmentedCircle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\LegacyRbxGui\IronSide.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\km.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\es.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\EdgeWebView.dat	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\LayeredClothingEditor\Icon_AddMore_Light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\graphic\gr-indicator-ingame.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\graphic\gr-profile-border-36x36.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\Locales\mk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EUA891.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\Trust Protection Lists\Sigma\Cryptomining	setup.exe
File created	C:\Program Files\icq\shared files\DukeNukem-Install.exe	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StartPage\Tour2Screenshot.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioSharedUI\RoundedRightBorder.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\DefaultController\ButtonL1.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\PlayStationController\PS4\ButtonOptions.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Controls\XboxController\ButtonY.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Settings\Radial\EmptyBottomRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\MicDark\Muted.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\gnucleus\downloads\Registry Mechanic.exe	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\families\ComicNeueAngular.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\StudioToolbox\package_light.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\PremiumIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\Controls\DesignSystem\DpadRight.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\Locales\ca.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\AnimationEditor\fbximportlogo.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\DeveloperFramework\AssetPreview\close_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\TerrainTools\mtrl_grass_2022.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\LuaPackages\Packages\_Index\FoundationImages\FoundationImages\SpriteSheets\img_set_3x_13.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaChat\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files\morpheus\my shared folder\teen .scr	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\Cursors\KeyboardMouse\ArrowCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\PlatformContent\pc\textures\water\normal_08.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\TopBar\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.115\wns_push_client.dll	setup.exe
File created	C:\Program Files\limewire\shared\teen .scr	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\families\Nunito.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\msvcp140_1.dll	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU5A30.tmp\MicrosoftEdgeUpdateSetup.exe	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\limewire\shared\mp3.exe	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\LayeredClothingEditor\LayeredClothingEditorIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Lobby\Buttons\scroll_down.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\fonts\families\Creepster.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\Trust Protection Lists\Sigma\Social	setup.exe
File created	C:\Program Files\Kazaa\My shared folder\quake3.exe	Mantas.exe
File opened for modification	C:\Program Files\edonkey2000\incoming\ilikeyou.jpg	Mantas.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\localizationTestingIcon.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\content\textures\ui\Settings\Radial\BottomLeftSelected.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\ExtraContent\textures\ui\LuaApp\icons\ic-more-my-feed.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.115\Locales\bs.pak	setup.exe
File created	C:\Program Files\KazaaLite\My shared folders\keygen.exe	Mantas.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	FreeYoutubeDownloader.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	FreeYoutubeDownloader.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\SystemTemp\msedge_installer.log	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	FreeYoutubeDownloader.exe
File created	C:\Windows\Start Menu\Programs\Startup\Scare.hta	mshta.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mantas.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeYoutubeDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WindowsUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Pikachu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 8 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
552	PING.EXE
7680	MicrosoftEdgeUpdate.exe
7100	MicrosoftEdgeUpdate.exe
348	MicrosoftEdgeUpdate.exe
4888	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
2020	MicrosoftEdgeUpdate.exe
8084	cmd.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 17 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
6500	WMIC.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2560	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\Elevation	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ServiceParameters = "/comsvc"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\ = "Microsoft Edge Update Broker Class Factory"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateOnDemand.exe\""	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\LocalServer32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CLSID\ = "{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CLSID\ = "{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\ProgID\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine.dll"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\ = "IPolicyStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 677686.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 521735.crdownload:SmartScreen	msedge.exe

Runs net.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
552	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1996	msedge.exe
1996	msedge.exe
4812	msedge.exe
4812	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
5560	msedge.exe
5560	msedge.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
4676	taskmgr.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
7656	msedge.exe
7656	msedge.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe
6808	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6808	taskmgr.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
672	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1656	AUDIODG.EXE
Token: SeDebugPrivilege	6008	taskmgr.exe
Token: SeSystemProfilePrivilege	6008	taskmgr.exe
Token: SeCreateGlobalPrivilege	6008	taskmgr.exe
Token: SeDebugPrivilege	6088	taskmgr.exe
Token: SeSystemProfilePrivilege	6088	taskmgr.exe
Token: SeCreateGlobalPrivilege	6088	taskmgr.exe
Token: 33	6008	taskmgr.exe
Token: SeIncBasePriorityPrivilege	6008	taskmgr.exe
Token: 33	6088	taskmgr.exe
Token: SeIncBasePriorityPrivilege	6088	taskmgr.exe
Token: SeDebugPrivilege	4676	taskmgr.exe
Token: SeSystemProfilePrivilege	4676	taskmgr.exe
Token: SeCreateGlobalPrivilege	4676	taskmgr.exe
Token: 33	4676	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4676	taskmgr.exe
Token: SeDebugPrivilege	2560	taskkill.exe
Token: SeDebugPrivilege	6808	taskmgr.exe
Token: SeSystemProfilePrivilege	6808	taskmgr.exe
Token: SeCreateGlobalPrivilege	6808	taskmgr.exe
Token: SeShutdownPrivilege	1732	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1732	ChilledWindows.exe
Token: 33	4824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4824	AUDIODG.EXE
Token: SeShutdownPrivilege	1732	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1732	ChilledWindows.exe
Token: SeShutdownPrivilege	1732	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	1732	ChilledWindows.exe
Token: SeDebugPrivilege	7460	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	2696	Bootstrapper.exe
Token: SeDebugPrivilege	7460	MicrosoftEdgeUpdate.exe
Token: SeDebugPrivilege	560	Solara.exe
Token: SeDebugPrivilege	1232	Solara.exe
Token: SeIncreaseQuotaPrivilege	6720	WMIC.exe
Token: SeSecurityPrivilege	6720	WMIC.exe
Token: SeTakeOwnershipPrivilege	6720	WMIC.exe
Token: SeLoadDriverPrivilege	6720	WMIC.exe
Token: SeSystemProfilePrivilege	6720	WMIC.exe
Token: SeSystemtimePrivilege	6720	WMIC.exe
Token: SeProfSingleProcessPrivilege	6720	WMIC.exe
Token: SeIncBasePriorityPrivilege	6720	WMIC.exe
Token: SeCreatePagefilePrivilege	6720	WMIC.exe
Token: SeBackupPrivilege	6720	WMIC.exe
Token: SeRestorePrivilege	6720	WMIC.exe
Token: SeShutdownPrivilege	6720	WMIC.exe
Token: SeDebugPrivilege	6720	WMIC.exe
Token: SeSystemEnvironmentPrivilege	6720	WMIC.exe
Token: SeRemoteShutdownPrivilege	6720	WMIC.exe
Token: SeUndockPrivilege	6720	WMIC.exe
Token: SeManageVolumePrivilege	6720	WMIC.exe
Token: 33	6720	WMIC.exe
Token: 34	6720	WMIC.exe
Token: 35	6720	WMIC.exe
Token: 36	6720	WMIC.exe
Token: SeIncreaseQuotaPrivilege	6720	WMIC.exe
Token: SeSecurityPrivilege	6720	WMIC.exe
Token: SeTakeOwnershipPrivilege	6720	WMIC.exe
Token: SeLoadDriverPrivilege	6720	WMIC.exe
Token: SeSystemProfilePrivilege	6720	WMIC.exe
Token: SeSystemtimePrivilege	6720	WMIC.exe
Token: SeProfSingleProcessPrivilege	6720	WMIC.exe
Token: SeIncBasePriorityPrivilege	6720	WMIC.exe
Token: SeCreatePagefilePrivilege	6720	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6008	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe
6088	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5292	FreeYoutubeDownloader.exe
4872	Pikachu.exe
1528	SecHealthUI.exe
1268	firefox.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
224	RobloxPlayerBeta.exe
5780	RobloxPlayerBeta.exe
3312	RobloxPlayerBeta.exe
1820	RobloxPlayerBeta.exe
1376	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 192 wrote to memory of 948	192	Logged.exe	82
PID 192 wrote to memory of 948	192	Logged.exe	82
PID 948 wrote to memory of 816	948	Logged.exe	83
PID 948 wrote to memory of 816	948	Logged.exe	83
PID 948 wrote to memory of 3312	948	Logged.exe	84
PID 948 wrote to memory of 3312	948	Logged.exe	84
PID 4812 wrote to memory of 3632	4812	msedge.exe	94
PID 4812 wrote to memory of 3632	4812	msedge.exe	94
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 2232	4812	msedge.exe	95
PID 4812 wrote to memory of 1996	4812	msedge.exe	96
PID 4812 wrote to memory of 1996	4812	msedge.exe	96
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97
PID 4812 wrote to memory of 1588	4812	msedge.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Logged.exe
"C:\Users\Admin\AppData\Local\Temp\Logged.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:192
- C:\Users\Admin\AppData\Local\Temp\Logged.exe
  "C:\Users\Admin\AppData\Local\Temp\Logged.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffa81e346f8,0x7ffa81e34708,0x7ffa81e34718
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7fa4c5460,0x7ff7fa4c5470,0x7ff7fa4c5480
    3⤵
    PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=248 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10264 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10672 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11056 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11132 /prefetch:1
  2⤵
  PID:6528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11540 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11772 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11844 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11892 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11920 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11976 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11988 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11996 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12012 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12308 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13028 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13152 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13176 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13244 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11964 /prefetch:1
  2⤵
  PID:7336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=11404 /prefetch:8
  2⤵
  PID:7648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:7700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11932 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:7352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12260 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:7680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11553144195414322078,15538541705254610667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12888 /prefetch:1
  2⤵
  PID:8156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1656

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6008
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /1
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:6088

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\L0Lz.bat" "
1⤵
PID:3032
- C:\Windows\system32\net.exe
  net session
  2⤵
  PID:2028
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:6088
- C:\Windows\system32\net.exe
  net stop "SDRSVC"
  2⤵
  PID:1888
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "SDRSVC"
    3⤵
    PID:3924
- C:\Windows\system32\net.exe
  net stop "WinDefend"
  2⤵
  PID:1780
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "WinDefend"
    3⤵
    PID:2328
- C:\Windows\system32\taskkill.exe
  taskkill /f /t /im "MSASCui.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2560
- C:\Windows\system32\net.exe
  net stop "security center"
  2⤵
  PID:5196
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "security center"
    3⤵
    PID:5688
- C:\Windows\system32\net.exe
  net stop sharedaccess
  2⤵
  PID:5976
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop sharedaccess
    3⤵
    PID:3240
- C:\Windows\system32\netsh.exe
  netsh firewall set opmode mode-disable
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:5724
- C:\Windows\system32\net.exe
  net stop "wuauserv"
  2⤵
  PID:32
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "wuauserv"
    3⤵
    PID:2612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" echo tasklist "
  2⤵
  PID:992
- C:\Windows\system32\find.exe
  find /I "L0Lz"
  2⤵
  PID:5344
- C:\Windows\system32\xcopy.exe
  XCOPY "BitcoinMiner.bat" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
  2⤵
  - Drops startup file
  PID:5176
- C:\Windows\system32\xcopy.exe
  XCOPY "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitcoinMiner.bat"
  2⤵
  PID:5228

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\FreeYoutubeDownloader.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5292
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  PID:7000

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6808

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\535a1763429e427f880662cd8e0db5eb /t 6848 /p 7000
1⤵
PID:1224

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Pikachu.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Pikachu.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Scare.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5232

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\76b6d942f88247e1b1420f9ed6e75558 /t 2064 /p 5232
1⤵
PID:4028

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CryptoLocker.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CryptoLocker.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2872
- C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
  "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2588
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3864
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3536
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5228
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5976
    - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
        
        "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7396
    - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
        
        "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8052

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Mantas.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Mantas.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3020

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\WindowsUpdate.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3840

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CookieClickerHack.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\CookieClickerHack.exe"
1⤵
PID:2812

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f23a9e301467457cb2ec0552ad5ed183 /t 6464 /p 2812
1⤵
PID:5648

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:1732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BackupOpen.html
1⤵
- Enumerates system info in registry
- NTFS ADS
PID:8008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa81e346f8,0x7ffa81e34708,0x7ffa81e34718
  2⤵
  PID:8152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:7784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  PID:7960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:7576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  PID:7936
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  PID:3180
- - C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:5648
  - - C:\Program Files (x86)\Microsoft\Temp\EU5A30.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU5A30.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:7460
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5472
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6276
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5268
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:7088
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:5500
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTNENEU2ODUtM0JDMy00NzU2LUFFMzktRjIwM0JDN0YyRkM4fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQTYwMjI3My02Q0E3LTQ3MkEtQkM2MC05ODdCQTkwQjhCREN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE2Nzc5OTM1NzMiIGluc3RhbGxfdGltZV9tcz0iODUyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4888
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{A3D4E685-3BC3-4756-AE39-F203BC7F2FC8}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:7128
- - C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe" -app -clientLaunchTimeEpochMs 0 -isInstallerLaunch 3180
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1836 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:7596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6968 /prefetch:8
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6548 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:6448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1128298414028230302,2297363632493089812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
  2⤵
  PID:6936
- C:\Users\Admin\Downloads\Solara.exe
  "C:\Users\Admin\Downloads\Solara.exe"
  2⤵
  - Executes dropped EXE
  PID:7772
- - C:\Users\Admin\Downloads\Solara.exe
    "C:\Users\Admin\Downloads\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1232
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic os get Caption"
      4⤵
      PID:2608
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic os get Caption
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:6720
  - - C:\Windows\System32\Wbem\wmic.exe
      wmic cpu get Name
      4⤵
      PID:2652
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
      4⤵
      PID:7796
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path win32_VideoController get name
        5⤵
        Detects videocard installed
        
        PID:6500
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
      4⤵
      PID:5752
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic computersystem get totalphysicalmemory
        5⤵
        
        PID:6896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
      4⤵
      PID:1572
    - - C:\Windows\System32\wbem\WMIC.exe
        
        C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
        5⤵
        
        PID:5616
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
      4⤵
      PID:5772
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path softwarelicensingservice get OA3xOriginalProductKey
        5⤵
        
        PID:1656
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
      4⤵
      PID:7164
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        5⤵
        
        PID:5344
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\Downloads\Solara.exe""
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:8084
    - - C:\Windows\system32\PING.EXE
        
        ping localhost -n 3
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:552
- C:\Users\Admin\Downloads\Solara.exe
  "C:\Users\Admin\Downloads\Solara.exe"
  2⤵
  - Executes dropped EXE
  PID:7500
- - C:\Users\Admin\Downloads\Solara.exe
    "C:\Users\Admin\Downloads\Solara.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:6732
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTNENEU2ODUtM0JDMy00NzU2LUFFMzktRjIwM0JDN0YyRkM4fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyMDQ4N0Y5QS01OUMyLTQ5RjctQTMwQS00MTNBNDFBMTBDRDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTY4MTcxMzM3MSIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4948
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\MicrosoftEdge_X64_132.0.2957.115.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\MicrosoftEdge_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:7284
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\EDGEMITMP_CE31E.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\EDGEMITMP_CE31E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\MicrosoftEdge_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:4608
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\EDGEMITMP_CE31E.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\EDGEMITMP_CE31E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.84 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{28B088B8-AC20-470F-BD91-5F918AF1D640}\EDGEMITMP_CE31E.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.115 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff75b81a818,0x7ff75b81a824,0x7ff75b81a830
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:8080
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTNENEU2ODUtM0JDMy00NzU2LUFFMzktRjIwM0JDN0YyRkM4fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins5MkYxQzY2MC1GNTA5LTQxN0UtODFGMS0yNzJBODgzNzI0MTF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzMi4wLjI5NTcuMTE1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTY5NDcwMzM2NCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNjk0NzYzNDQwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE5ODk1MTM1NDIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzcyNzJiMGNiLWNhNDUtNDQ2My1hODk1LWY3NDViZmZkZjQ3YT9QMT0xNzM3ODI1MDg3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWlKcFdjZUxjQ3NzMVFrRjhON1NsRE5zSFA5Rlg0aEJPJTJiYnhDZElHMDltZDZCVW9lNkptdkZwdUVLSlBwTmc4VEJqaGx2UUZXaHdsT1ZmSkJnWVJkc0ElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzcwOTgzMzYiIHRvdGFsPSIxNzcwOTgzMzYiIGRvd25sb2FkX3RpbWVfbXM9IjIyMzcyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE5ODk3OTMzNDAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjAwNDg2MzgwMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI2MjQ1NjM0ODMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4MDciIGRvd25sb2FkX3RpbWVfbXM9IjI5NDg4IiBkb3dubG9hZGVkPSIxNzcwOTgzMzYiIHRvdGFsPSIxNzcwOTgzMzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjYxOTY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2020

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:2596

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:7636

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:2008

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2584

C:\Users\Admin\Downloads\New folder\Bootstrapper.exe
"C:\Users\Admin\Downloads\New folder\Bootstrapper.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x128,0x138,0x7ffa825846f8,0x7ffa82584708,0x7ffa82584718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:8024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:7944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3048 /prefetch:8
  2⤵
  PID:6360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:7252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:8020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:7332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:7528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:7544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:7532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:7540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 /prefetch:2
  2⤵
  PID:6404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:7840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:6280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:7996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:7536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:7592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:7448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10128 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11276 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11324 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11704 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11624 /prefetch:1
  2⤵
  PID:8108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11804 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11808 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11680 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
  2⤵
  PID:7352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9992 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
  2⤵
  PID:8116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11356 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10964 /prefetch:1
  2⤵
  PID:8184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:7556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11560 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9692 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7572 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11340 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,6693771258111028094,7184447658015319131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12204 /prefetch:8
  2⤵
  PID:2276
- C:\Users\Admin\Downloads\Bootstrapper_v2,14.exe
  "C:\Users\Admin\Downloads\Bootstrapper_v2,14.exe"
  2⤵
  - Executes dropped EXE
  PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7108

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:7112

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5828
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955B87F1-8672-4A19-99C8-218418E7D0E0}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{955B87F1-8672-4A19-99C8-218418E7D0E0}\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe" /update /sessionid "{8AA5A808-A7BC-43BA-9D23-54A331CAB636}"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:7328
- - C:\Program Files (x86)\Microsoft\Temp\EUA891.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUA891.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{8AA5A808-A7BC-43BA-9D23-54A331CAB636}"
    3⤵
    - Event Triggered Execution: Image File Execution Options Injection
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    PID:3952
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1464
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:7620
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:5904
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:7880
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEFBNUE4MDgtQTdCQy00M0JBLTlEMjMtNTRBMzMxQ0FCNjM2fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7RTY1ODk4RDQtMUM3Ni00OUFDLTlFMkEtOUZBM0VBQjRBMTVFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczNzIyMDI4MiI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU4MDg5NTY5NzAiLz48L2FwcD48L3JlcXVlc3Q-
      4⤵
      Executes dropped EXE
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      PID:7100
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEFBNUE4MDgtQTdCQy00M0JBLTlEMjMtNTRBMzMxQ0FCNjM2fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InsyNTIxMkJERC0yNDRDLTRBODgtODFCQi1FMkFEMTJCQUZBNDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUyNDY3MzI4OTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTUyNDY4NjMwMjEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NzkxMjI1ODQ3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJkbyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMjA3ZTgwMzUtOTliZS00NWQyLWIyYWEtMTg1ZjY3MDljNDAzP1AxPTE3Mzc4MjU0NDImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9UGxBb3ZYY0RHQVpLYzlhWEE3OWh5cm9LTFJaMWRseGNlQTVIcUVsVXZkc2ZvSGl1UlNnQWNKJTJmeVl2ZEU4N3JzeERoSGVlYklpNVBqa3BCcDlHcE5EdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NzkxMjQ1ODU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yMDdlODAzNS05OWJlLTQ1ZDItYjJhYS0xODVmNjcwOWM0MDM_UDE9MTczNzgyNTQ0MiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1QbEFvdlhjREdBWktjOWFYQTc5aHlyb0tMUloxZGx4Y2VBNUhxRWxVdmRzZm9IaXVSU2dBY0olMmZ5WXZkRTg3cnN4RGhIZWViSWk1UGprcEJwOUdwTkR3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTY1NDM0NCIgdG90YWw9IjE2NTQzNDQiIGRvd25sb2FkX3RpbWVfbXM9IjQ4NTU5Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NzkxMjY2MTI4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1Nzk2NjMwNzM3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PHBpbmcgcj0iLTEiIHJkPSItMSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MTY5NDE1NzQzNjQzMTAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIi8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTE1IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY1ODciPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InsyNTRCMjExQi1CRDYwLTQ5MTMtOThCMy0wM0UwRjc0RjlBNDF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3256
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Drops file in System32 directory
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1876 -prefsLen 26921 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd161bac-bb08-42cd-bd68-d70453a3dc68} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" gpu
    3⤵
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 26799 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf4c31f-c1f9-48e5-9abd-541566cc354b} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" socket
    3⤵
    - Checks processor information in registry
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3352 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57dff08-fd0c-423b-94d7-448b6d2decdc} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:1820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3748 -childID 2 -isForBrowser -prefsHandle 3284 -prefMapHandle 3304 -prefsLen 32173 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983a69e6-0a1a-4abe-bae0-0f465b1d6e9f} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4608 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4544 -prefMapHandle 4540 -prefsLen 32173 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73736e56-d34d-4ce4-acaa-60a08434610c} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" utility
    3⤵
    - Checks processor information in registry
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5252 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fe08d9d-387e-4bca-b556-68dd8f08d77a} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:6780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b2fad1f-7485-4652-a7f9-d0c611422061} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5612 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01af1817-547a-440b-a14b-dad9f3cd3d36} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\6a038809-46ac-403f-84eb-88c45ef691f9.dmp"
    3⤵
    PID:7720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5388 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd8f7989-d521-437c-aa0b-58cb41db99a7} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 7 -isForBrowser -prefsHandle 5484 -prefMapHandle 5288 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2efac22e-0c10-40c2-babd-c494efe2d884} 1268 "\\.\pipe\gecko-crash-server-pipe.1268" tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\7d5d52b5-d630-49d6-a05c-391a911278d5.dmp"
    3⤵
    PID:3808

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:5780

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:3312

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of UnmapMainImage
PID:1820

C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-080ad6451df24461\RobloxPlayerBeta.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of UnmapMainImage
PID:1376

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5040

C:\Users\Admin\Downloads\Bootstrapper_v2,14.exe
"C:\Users\Admin\Downloads\Bootstrapper_v2,14.exe"
1⤵
- Executes dropped EXE
PID:7660
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 7660 -s 2464
  2⤵
  PID:7096

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:5772
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDQ1MEE0MkYtODNDRC00RUY5LThBOTYtNUM5MjQ2QkVGNDg3fSIgdXNlcmlkPSJ7NEE5RkZEMjItMUY5Qi00OERDLTg4MzMtNUJFMkZCNjlCN0I5fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OTA2Mzk3NDYtQjkzMS00NzgxLUIyOTMtQUE4MkY2NDY2RjIzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNSIgaW5zdGFsbGRhdGV0aW1lPSIxNzM2Nzc2NTc4IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODEyNDkxNTk5MzYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTkwMzc4NjM5ODIiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.43\MicrosoftEdgeUpdateSetup_X86_1.3.195.43.exe

Filesize
1.6MB

MD5
83f7907f5d4dc316bd1f0f659bb73d52

SHA1
6fc1ac577f127d231b2a6bf5630e852be5192cf2

SHA256
dac76ce6445baeae894875c114c76f95507539cb32a581f152b6f4ed4ff43819

SHA512
a57059ef5d66d3c5260c725cae02012cf763268bd060fa6bc3064aedff9275d5d1628ff8138261f474136ab11724e9f951a5fdd3759f91476336903eb3b53224

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.2MB

MD5
59424c76dce707ae9be1c22d3792615a

SHA1
eff79ababae89ff5c6547826241d6da9830bed33

SHA256
56952f66488eb973dd8dd593068ae19699bd018ed67dbeffe7a33efef4b0d1aa

SHA512
c820c679ae7b2e4f119a1d5e6ea2aa2f04bd614fba1f1a8c15284b1248f82b9eac4661ca63ce26f2258e8c7a0cafaf6898052ae8b2dbd0e17e92c1ba9db20eee

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
82KB

MD5
9f38582024e5074d6537608b15401335

SHA1
ab59cd4d03f15090568ea547f23aa95a3a205804

SHA256
6bdad6e30c6c78a265f11f4ec6408557c550a5f5644d92b42c12c7bf14dee443

SHA512
e3a7b257415d202bc6a14f33cc78365c266ea41cb4e40fd1233856e866e5d45f2198a5d114faf2a93dd5ca103ac044495f86d19c39886171929e1e74a70b8d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8e08d2d8-706d-470c-85f6-0efc9ed97e02.dmp

Filesize
4.3MB

MD5
e47792a8cdefe3583f72fec523d3c8a2

SHA1
7a22708b34993a8b752cfd27c33acd31e770dd1a

SHA256
95dc945def7361d26d42cf94a2b87d6e6ecd88dc1e4e22a9b5372c9cf1b1bc06

SHA512
70c51a97ee82cd9fa8a5f1d1f54a744b11a75885d2a2ea46ef1ad0af0fd7ff0ba5acbdaa663edea9c622b9b570aec9f9c21cea037b8b98a3e0f14a93871145b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63af7b2048710d6f167f35d94632a257

SHA1
812c8f140a72114add2f38cab52fd149ad8bdcfb

SHA256
15aafcc88226b6178e02a93858555ca48fb205ae317815ce31aa547555329046

SHA512
0519b7dcbce66aecefbd2aaea6120c0da213d8bb3e00a7599bf2e390bee3f643baf952cc553766f8c2779fe9fa303570a56a8c846c11e2fcf9c2075c1e41ccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
17ce65d3b0632bb31c4021f255a373da

SHA1
a3e2a27a37e5c7aeeeb5d0d9d16ac8fa042d75da

SHA256
e7b5e89ba9616d4bac0ac851d64a5b8ea5952c9809f186fab5ce6a6606bce10a

SHA512
1915d9d337fef7073916a9a4853dc2cb239427386ce596afff8ab75d7e4c8b80f5132c05ebd3143176974dbeb0ded17313797274bc5868310c2d782aac5e965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ced4aad7256ce749edd2ba28023150e4

SHA1
c825c10448eb3b94e532b3023ae199c925ab1602

SHA256
c4458e5a2c81ec9941dae0361a0fe791dd6b9cb26dc824259ab33f450d31bafa

SHA512
30d4cab4d89a467b9a0c9395e0d30095619800682586ee3616ae1c0f146b2beacf264245952bc7e9d5bb0fc14290cdb2dd6a00f4b9b8e28aa338fd98a9a365e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9565e8d53ff019d032e50651ab701347

SHA1
07e1e76a9a8f909faadd01d6120ba969b429fc8a

SHA256
fc2728d3c0909041d5325c1acdb1cd591ffca0621bdda3cb3f218f6562bc8065

SHA512
944463bb205aaac639b97f20c4b38950cec6f19b01350e75cd353815d9de367c74dcb7a64596162072970f7ce9f6acc5aaa98295ca152e2e2d58690b1d72d63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af67194d4c78bc317f62cea14caa3c8a

SHA1
1de9036e4e1702035ae1e3842894f8abaf80d31e

SHA256
d7f7b981b180ca668b48b33a793f433fa481a19301b2faa7ef6fae8f14cef046

SHA512
acbb8de5c31bba801af6afd7429f5b9295bd446380f9b10a3f8c9b8d36413429430b7889db295bf2d69f97e839c4dace1d83a3d352b4694fd101f1bc8091bd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33a60df0-4a9a-458e-9c23-66b9ac6b74a2.tmp

Filesize
25KB

MD5
bd69b318b68c04608d060b02638b4551

SHA1
cb83192414c4b3e51abfec54703a508c7f2bb580

SHA256
6fc94cbd9f656b8523956950d51e5382e00b06d95a72325e2573a2cbe0949306

SHA512
3f094224ade3cff87c783a37081689855a26114cf3a962e8c38f3e463a121461086dac51ae56f91d954369657d767c1f67a3ba9be9e90164f522177ecd661c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f82df88-5d78-482f-adb9-75b0769a1e7c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
86KB

MD5
311df804254e49f42d59aefbc02138ec

SHA1
39cc9fcbcdf31000821f0834fa2838cfed53b4dc

SHA256
7512dc9e7b239faef8da9106b9b75673478d759617adb3af9acd919ef87ad212

SHA512
ab673ce16fd989fac6e5bfc59cde8b7d21c2a9e072e81a09b84dd941dd567491e93b307c412b7b2f2e56f6166bdb1d458a25c69b5de7fd9cf04a69f8523eab92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
155KB

MD5
f58ab33f98dffa842edbff8ef1391c8d

SHA1
7a1c23c3e84a7c68920fb44ae2a61da6303d27f2

SHA256
3eee5335b9fcbc91d0f730966eb41fc52a61b195a0215586b2101b6bbfefd2e9

SHA512
a5e71bcb88f1dfb9529578d0ace0dc10668168d9fd8c79e69403e0ccd21e0760179572f89994208cf6eb90d5101cb270ea891bdc47c6ad57609abbe9feb21ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
18KB

MD5
1c65922c2df6f4844852390d5e22e5e3

SHA1
3d42bb20f20dc0d14e0751fa2b32ce3b20e8ae35

SHA256
d5dcce04b2e8e5ce64887c1f4057878c6edf54269f79b39bf248fcac0b2299b1

SHA512
4db897487af920dea686d25b8ffa95ffe0f2b41ae2bd2fa6ed9b8a8e1f58c655a8791b53e5b1baad92051eb4934800fe542b51377dbaa3d7d911eb6698b04f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
66KB

MD5
06702fdff4205590c1caa29b580e9620

SHA1
966017a8f488ddc3707f7d2c22a6c7eb51f58f29

SHA256
7586590346cdb9520dc3cf7131e5662b3c4407d2624ec22dd0e1c1eb9725ce36

SHA512
7c39333eb130eba6c9f57c50b8b6fbebf90c3cd49bbd7a967c6d31f7b997ea085770b84caf4ae2d984898a445535a20777c671e382e2da01e21e1c40248d322d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
62KB

MD5
8db9e3d59e35425c9738ab4c927fbf7b

SHA1
e69219212b3ab89a85c15c43915107ad9605bd18

SHA256
10fbbc6d547c070f1df3554b1d6d9972c0a680ba3c43aadc962f9548dc0a2f2a

SHA512
5d9e0fd889ea5ea5c84b085d6d368a202f3b7d397f921e45a6571df37f2f70cb6af82790ad817421af0317510db390d5d1581462cd85da45441c37da7ada7baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
31KB

MD5
befb4d1fef667b6025929f89799508a9

SHA1
ba9d70abccea852ccf8b06d9bfce323a98e784cf

SHA256
a715efef0572b88933579984309b85825a1305e3f358874bd868e8e8cc69f878

SHA512
2210d93a925653cdc6432225b48bee1c9f51c5c593c7b02f88e462b1f726b0de147c33e1a4d6ab650f78564a7aedde136f46455224a81e62ed927bf4ecbe8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
20KB

MD5
bc9b04cd87d3223d73540dd3db0478fa

SHA1
9678ea03e663a2d751f83d33c964774af42cbbe1

SHA256
29f3cc09f4346ea6d9db0106f5c3c3f7758471c35a2ac581c81219502c12513f

SHA512
b2b975d3d41209fb5c879cde22936a86ba81551dea3e943a4d7dfe9110e5ce012ca2b54e0a3749014bc141bf01b84e74e8b0be575979afb3ec294434bcdcc691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
123KB

MD5
9e951e6bdabc8f9cfee0ccb3dd65c27a

SHA1
2a48a392e1212af6811190536a6093682ed05c40

SHA256
99a9883bd72699faa9bc6320b693e0ddef1789cf854cc224e349667a5fc4a84c

SHA512
fb5e5c8cfa4895be29ea2c64a14846714ff041b794e8893883b7bb5c91689629bb9234d34f11ce6e414ce5e53cfefb71d05524a20dfc5dbbcda0f6a78bfe43fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e7

Filesize
52KB

MD5
34c2f0724bccaad344bdeb7e65b90e3c

SHA1
18ff77c91ab90a2f5178c4207de029fff5721985

SHA256
89b86b492acfb2b3e4214e43c5b3822f7c9752faf8565c26e6c9be3f52efb4fb

SHA512
6cf6ecb9e3ef9e4754a2955874de216215e06a126719616ebd289e2eacd64cd65c9a019c8db7f6cbc059bfa605db160980f745aa4e4c6829e1e1eb5a410f4abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

Filesize
27KB

MD5
e713b979a2788f81ae227e3ef0167fbc

SHA1
ad2ae538de873d0a2af9059e32632988d4d98ebc

SHA256
4872e54ec166d7ecb16857c4f81b14ba5e5f2103a5c4561a40f5f8f5e98de515

SHA512
55e74cbedababdfeafab1f7c3388dfb177a55d5d8563484ac14fb4915432e237fad2ce0ccd3bb677d91a969ea5df3939b44679a68e45562d9280fae094502eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb

Filesize
23KB

MD5
64b98f55f67dec85559273ec790e9fea

SHA1
f8754712f265dab71814931239640a8ad8e77509

SHA256
dafc69368255faee47481a29fef6f8f58b925313131d879bad09a4865b9ab1a1

SHA512
ed8cd5406fce708b7bc33bf7f6710c280e410eb1d61d557093c92000c6111a8de155fb7383cae98d9b0253b560fa4fab890c8b1b02c9eaa534534cecc9bac8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
195KB

MD5
d99b3ffb3cac476ce17794c7789b4192

SHA1
323c24027e71199bc84a008112889d1ae9dac84d

SHA256
94a09320cfd78af78ee8992a78dbd0832cde0ddaa61b563ded3975c1ba7514c2

SHA512
49f6203fc6cfe8fa005f12ae3a779aa3c4bdedfdd9c83cb42c580e191400ed597e87cfbca5222a9ee2d8995a770d5ec5cbe3eeb86be780ffd586ceefcac14fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
75KB

MD5
9a69713e5af978e8048a621b14803525

SHA1
015e653c6d1cc472598c8981fc804e88d2f4dec3

SHA256
70a4a750f8e494ac43eaf81f6e97a4dd110ac80e2c7d0d5cfb11b5bf613bea04

SHA512
56d71369cb398affb8f8392320781b3289aa11d5a91b1251024dc969974645504f59f7185d84bb8a5a73ffe09390a46f52baf91bbcb65dfa9756b626abd23fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
26KB

MD5
13d1b429e99059f97e58fa10dd69f8b5

SHA1
174c7f299158103127d50de82f1086c3b66e8258

SHA256
1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40

SHA512
30dbd99f1abe8d2a9ddf73a93ed199ffb2b55903b5bc2618935a64ad54706f054fc9b46a80ccd1cab4eff3f5a607b5b599f5e02a2e89c990e10b210e4f16ed9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ef

Filesize
23KB

MD5
fc03edc2c67353b7608b593ee05565c6

SHA1
72106071998b0ef5f145ea4f9d53459e52a33e9f

SHA256
14be4114dcfde74652f19f9ffae8c9bb50707e9e88bd2b1fcd86fb50224109e7

SHA512
444759b488bd8724b40429e1b0e05c5e11a4a1b9a2defc03cde8e9156e237510a943c4d24fe312e0c7a5fb3929f47222fe1d44027ec242a58087a0a57be388d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0

Filesize
145KB

MD5
129ae654841b8e7a24d81beaa62e9e53

SHA1
4164f6ed4fa6a027a39316d1c6a22507c4afdbc2

SHA256
364f7889796b25fe8d28abb5e7f721ab3b1c12ec38c03ef41b334c2099c8bfe9

SHA512
4e4e7dfb10fc0201ea17229fc9c5545bc8536f3dfb2765451718d0775df4278f0a9b49aaa422daba83568cf59b951b5547e84ebd896434287dff331fede445e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

Filesize
120KB

MD5
ed37fd6fc47488ffadaa5da07b1a14de

SHA1
5eec6f9ca1ef201a55e08584760629c765ece31f

SHA256
8ec598ce27d788ad7673c84ea68d616957326d1212cfece634dee28f7de530ba

SHA512
2ed34ce0aa1f5b218172fd941d4625a8278b2adea18e1279b35498af95ce43de3cc8ca03ffa9d3ff21c585059c513ea8256304e1f46ea2037ff445232fd6709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f2

Filesize
1.1MB

MD5
abf8c79cb852c461a4f5c1695ffa33da

SHA1
540c8293450c6878812906de58d4b2dbf430ebc0

SHA256
df527fc88a4fe6b7e17a56148c8771429b751750fc0c82ec59c691e770d4c149

SHA512
9031298243f81e06e43ae802142b91f5f1e44cbd643a0d783b0e743ee2c982f7eebf43d6140c6676566e7201df1f1525920d26c9059adabfbc61a6fb68a9d136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
27KB

MD5
1c5a50d613afaa9b95ee3e65f34ad30a

SHA1
cebc9c151ecc0f2cf869334fea03d26a648bc991

SHA256
f0d727496f154f333996cd21d95508447823e706b1b6843adbb71c63e4d6ec7c

SHA512
086eab0af83a36a28fbbf331c21cb0233569843bbd4fe58d23d9b95124f64d0e56efb521830806d8e871d55024b32deef37d83e2be1002356d83518d44ba9517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

Filesize
25KB

MD5
e753801a1884c54848181d6c54a276a3

SHA1
d4e9a1b4b2ca14f5b65af47909161d0ade0b89b7

SHA256
976426517653c12784aeaab6a6fb083d7ddad4157010b536fe93894b32a8cff4

SHA512
fb7cf07fe45104394ae7eb5a1dff76fb2d65be089ea7b34d72c50c2f70449747f9cc7eaf26feb1a27c4c5785c8b968f163f4c4c7e3e90fd8d9dcf0250ce4189e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
21KB

MD5
1df4c58bb92cbf68dc41c0661de8309d

SHA1
42c06c56baee832ffac4f78997f374d5503e9281

SHA256
79fbacd3c251f6fada1a166f4be754b3b774740dc843b5e5d3c62080a88b4c46

SHA512
d011bebf8e6034e8222fb4c2a92bb6254ca03e92c93a5a3129a2421404c10e078beb295e6c3bed5265db886430af9aff39abd0b4572fc91e938c124dc8bdffba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

Filesize
16KB

MD5
61e4576e6aa91cd435fe92f085fb0a3c

SHA1
fa21a6bad3a461c8f0e27b75913c8f1cbe0b2b62

SHA256
78d8aca4e50e6ba58890b68f8c3d6e562ff0b16516a0c3df56be18b69dca6aa9

SHA512
b250c2940f7ca24b763bfcd4d39d0022d6441bad54c415b9848ef949f8871f219289f044301de03313bf8cfa53bb2797c5590acc1b32889b0641f7a13b710bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

Filesize
53KB

MD5
8193bd8199d34acf756cf8b94cd00929

SHA1
0c37e7bb6a1b35908e0e58b5b4e9fe7feaaf353c

SHA256
e0c301ad1705bfee8151c3fc572f6efe050cb1b30ad73afd9fa77e5a5488e2e4

SHA512
80eeebcd513bfe59b94a60ae5f255e42fdb604541667c043dda58b6bc7f89894e770e94a9e4012f0ae314e895fc8bb1cc281ed6976525d0e889ca95663d97e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fc

Filesize
568KB

MD5
0bde65bf43bda53307da5044d057f718

SHA1
accfa5c134bdb8365d7e0af49480fde342613558

SHA256
0d4a0e80d36e3d542760c00de14d5f995bbae8955635bd9f3a81c8ede1060662

SHA512
1e45a09e7e3b06172977f57c69996078c935e72808ee7dd0e13e57cb2175372a8591c0d7bd99ccb5158221b1af3beb004e6664af441d172d08589ab54f84309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe

Filesize
36KB

MD5
880b25d6809c88aa4e137cf140928c7b

SHA1
79a2ab9fbebec8a4d624d2d623752d1ef7d41c1e

SHA256
f82d82e5ff3ae0aef2666a1e6b93baebfa3dee82a48ac625fb9a4f4e2446b2ad

SHA512
75a339cf5e3697197f97e14988af7aa0b49bea09fd996bbf3bbe8eb332946ddad4aa9ffa150b4bfeee7e6cf345e7110100adce4f1f18b1cd96dbd66741b7bffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000100

Filesize
82KB

MD5
9b868f836f114a0b2349ed2a1947df71

SHA1
530cd75246b3641a65be6932585174750c3e0238

SHA256
7ed3f0ad4ab03284e23467c43d16955d606b8bcb0fc0a5cb1995a9b27f872200

SHA512
44e7881bd8fe2f55a5843cb7cb61190a548d79f3a29a7e72d3eac42d5cdcd2c5e8ff0e759f299943b0c394ecca1b931b4401785f3f23cb2e87b14878cd5754a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

Filesize
145KB

MD5
62b76d3f3256f201b1fbf591ffbd34ad

SHA1
ef181a2d06b3051f068248ac0c2435c05e60d106

SHA256
b1e6b2fd2295ac82d4b305e0cef0bd74f6cbd4ad66ef0fbe04553c3fec57824a

SHA512
414b397aa4778b120fdf0289d845f8084b04615946965a4cd3788aa6dfaa6afe0137854905ea526799859a67d76a4ef91122e5912e396ef55c04da25342e6054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106

Filesize
106KB

MD5
d28b6f0cde2419c0bf6449034bc7e63b

SHA1
e0c18f3bcaadb7d7d0ada4632d92462f3df9bd68

SHA256
8f68f60983635514aa0704304264c83d5e410391986e5f7fa6073128672e1f09

SHA512
576400ddee5f7a58048d6fcc5851135660de5aa07f949d012c771ed7021235baaf711b06e633a3be547d5e49bcf3ee59c066f5bd35bdbd559a8e483e29214509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000107

Filesize
28KB

MD5
1752326ce45c039f4c5e81ea24c27c35

SHA1
4a22a9151c3c94d170cd3d23659e8e1a5a6f0070

SHA256
13dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad

SHA512
7ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000108

Filesize
29KB

MD5
2ac2b5166f553862af507d4303dfb564

SHA1
23fcdfb88cbb7d2d6121cfb4505838e22d9d411f

SHA256
9f2e931ab7c045678dbe0c6f1765a6dca0a2adc814bd56350445b27fa9cc9bb0

SHA512
6749e71b68dede25a8d54c0b2eb75e942c336626f3629363a768f446778a228623a3a9fac7df44fc0971ace89a37d45e17ad03d9239e8403eb1dcb8ce6d98936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000197

Filesize
500KB

MD5
01a7f07731269aa295caae25fbe26db0

SHA1
f01eadd543a237b6ddfb4c412e5590922af6ac79

SHA256
176604e484cb8193f85dec1c55db390301e17d4067d7f357d41b71d811182ce0

SHA512
5ae99cf3564579930217135782a3a4700b327813b620928c7c918f4f7f6605258090f75bf80b9f4beed2c71e0643f82fa5d60cd8e5b0f85214a4c71f0486970a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000199

Filesize
36KB

MD5
9a56f4eb7af045f304951ceac625d949

SHA1
669b2ef84c7cdd419c9dc893899f429fead33109

SHA256
0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b

SHA512
91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a6

Filesize
187KB

MD5
9c2f1c3cc27434fe2f0cca387a9469ff

SHA1
b16a4f039658927457505fadede55c36afb48316

SHA256
c5a282c7bbcf50ccf29e2a3efd99a502446d8431576d75cb665e1e51d752f76b

SHA512
789f9e1b9189dd8fbb6bcadc33e6517aafea56c81c8fc5e06a8be5c826c078fec5f385961d00cea9fdd3df0c7b6c9ea3d3db68e4d731279d1393dd4e2fc45bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
4fe66c9a925f8407122cd0ec06023443

SHA1
8be9b6c8945d7c87698f5b836d9991e81c79a1f2

SHA256
ff6cd63d43fc2db84719090f1aa5740286c4036818bb534569edceb431ebf627

SHA512
b314d6c9f7ffbb6c58f4c95d5221b058b3eb4be64af9e1d6df7c0a96910b7d8f30e702457caaa7d720b34df3df36166ce217b0818726f763e7ffeb338680f0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
bc228ce3c8f6309eef72af5495484690

SHA1
f717a3656575afce7d1318b0a3b5c0c4d84c3d9e

SHA256
6a63fb0206925c2a16463fb207b26e3927a57445f28e1fda13218ab6e68c0975

SHA512
149087650043dbe8dbf460ec8cdf404ed070e0725e8224bd6e60bd9c8b0c37ec9f0f6b7c78d1a358052cd4167bc64fdfde2b75822c113cc040309caf9afc0976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
27f4cc84ea8ff22de94b74ca6f65b51b

SHA1
d4df4d61ea8ddeffbc4267307843fda89bccee8c

SHA256
04499645d1ec2887b8594746e628b3a28cc184921710dd29ce3fa749870c1d82

SHA512
6166f072b7b6dfc47a159f68797bbd72dda0ff38c5ada0aac26cabfedc8d411e422fbf01db7c95bdc916e220239139cbecea4ae374f2d06e1edad564f0e5257a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bf1fa4635394f80_0

Filesize
29KB

MD5
b04261d1ec4f0d0a5dd43ca034d013da

SHA1
b462814d10631097cfdb215dcb44b98c903b15c4

SHA256
100b9df303ed0b44b6e624f8a74fd5563cb2ff4108e4cfbe1b7f00dc7bd5adaf

SHA512
b5e5bf16c1e79df65927bb166b040e9eb138bd898104725542ed13fdd22e20bb7719ea2b037d7fdab03d386c9aba248203930ed932183ced4b05f3f23a917dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
4d310fa27c6424c3ecff13b778272303

SHA1
b39615559318ba9965de14346077fabe07d6f26f

SHA256
28f65e2955e1a465965d74bc0779900173f66e21bd0ebaa0034f8f724f501038

SHA512
56e5a689f801f0459da968d731b80d70f49a2adda11a9b0647344062c5867b4d59b02747890bd9e8718a250175c5f20117ec2c5a4696133c926ae7e0c6b81c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
cf2d26901261fcfc8de67f1ac26e4d2d

SHA1
6e8abbbed8196ad485a7a5071227ca9a4318c232

SHA256
36e9d561a48661aa126dd33aa7dde2baf24b260bacf239f0692aba6e576f3709

SHA512
287ee726b1fe8a203b1d8104489c1740682ec4d62e12418c861f40d180287d75d1be8d865eaa72d59aa96d6cee5381d7de7c23e79e51cce5a3b3e05c7e5cea69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2706d8cdbf00fd1a_0

Filesize
262B

MD5
45a41ed249788cb59e6f83bcfceed999

SHA1
2628dae3e9b4b9248d9adab89410ef0a139c8450

SHA256
1b270e4795f5eb65e620cf773f829f4593c2a77aaba3667850f2bcf72b03566f

SHA512
a9b749efaa70e23ba1e8cb0e24629ff9c8a5679e1c55786a3ef4607558d6eff7f56ce3e93aa82e2a86eaf9d2f87fe8e35896d1cc83f0c08ad90c150ccb5fdad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\288cd79ce6414b4f_0

Filesize
294B

MD5
3977a9a94f08b4a0649cda5187eff53f

SHA1
7b446abc7b35008110eb20374b6d4b691ac9737c

SHA256
6684c95e9bb9880d35be3f0ed7aa1ee8354661743da41b103b631324a6cabd59

SHA512
47fd632c4858542f31597594bd92b1716cb0f7bdbedfbc7e6d25d8440a00bbea82cace71e96e18fe1a6e960802c13caeb6f1a52f69baf0a8690e359dbaaa0107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
e136e1164cafa938bd3afb54322e003f

SHA1
cf9cc18181e483800bed1d2951ea549dc0d3a8bc

SHA256
cbfd953da5c23b208affad9e18ece1c720be59bee566dcd8774e2991d1e7e060

SHA512
b816c14ceec6c583b500bbbb8057ed402854a838d4ce3d911e810496379b5c301447de48690812d0aa018250d7b3c5dc5c00b992c77adb9a8d40026eec538ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
39194a6f89dcb7ded09e82a43959786c

SHA1
0b9db9f6bbcf565c8153107c8fba2e676775fecf

SHA256
a7fac1584e6807823b4635d1a37deb17638e63cbf8929fc7e4bcfceec4130879

SHA512
b45a6d78378d13129d407eadfc09af8049c7968e3406494ea2faf31dd51fb9ae7a3aac7a258d6c8c3acc8c484567441e7bffc676e2fac6a4273123841444d1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
44bac06739319d18a93e0403e4cf01a1

SHA1
f438ff9d7bcdc8c9be67b3b5d3d30646777a748d

SHA256
e203f1aca2acbb824fedc9609a69b289463b3e5f27249a93cd9b89841a3b4318

SHA512
aa501953b070d9661a084bd497a595468689490c2e0f81d4a223630d3e151c3eb4fe80a04fd8476f4acbf5cae1c1f3eaf59f9ea4a8d5312297c3fd86e683528e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
e7cf53d8c5a391c93790fd967ff3fe25

SHA1
6c6eb3c1a80540a6254a76e566c18847f190772d

SHA256
be4262a3e9415013fa31838cab4dcb9333382af43aa98b0166ffec7dc74eb5b5

SHA512
8478089172ff90e59292d5b52ab5e757d00e30455da179fb46e5a7a51f1d6b9f7c8b9287af8db8e594f44ac0758e8f0cda98d0e0ed6ae4c2993ee8ea561502a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
c8fbbdf9de2697ae02ea7510ed5a8459

SHA1
e846ca6fdb01e8d2185e9698a222127fa634c704

SHA256
a5995a0c1ab98afa1ab80eff84b63c12f5c42c23f1538996b45eaee81f60a61f

SHA512
502d55681729c9b38358aa9b20d52b93a0f6be71fcbad537b69408bb8396a62b17334b48253c37249224f8cc9f65080b75c7f087b1c215a353724fa5cd011bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
36cadd824c02caccc8d630eaf92bd558

SHA1
339f3a540b20ab8c01b867b1b6c145c65e6c69be

SHA256
465a9b454f4e7d43ed7cbae2062c77fb516fe7cf4a17eb1f6c1dbeae3e26f8a2

SHA512
f94ebfe185acb9e65fcef1475bd5f16c2ba7258b446fbac05323f8b0dc2089f4f3e11b12e5be074714d2b4a09ef0dd3ba34da5783efa7f63c5836d9356de1e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
a10bb3e93433707d9fbb6d2d09abaaec

SHA1
13f4f0946f2207ea1725f5f7de61a40f29d2f326

SHA256
87e84907ee363a6ac0ce8dc48b89f3844f3f2a387d713071d415140d61b44d7b

SHA512
7875689199668d6b36a95d61bca0d8be613ebbb51c3c3fe357a19ff2ccb51d8d16eb342ace7dadf7a04debaf293d4b0d96e811c9cf9d8ecf80d4f3f5042966ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
d1497ab0e994aff0b7de7107c03d2a26

SHA1
53001d1a93f070e06bcbe08e24eada72fa9383d2

SHA256
e611d29e2aa04f10bf1fe5cf701cad72d0f09abdd7f0d4bab1deffed99ae2315

SHA512
0dff8c5ec0dd41058cf0eb4d10231c2163791cec3af7146e7aed9ebcc38442d6b6097ec2b6afb6255512f96f97edb19b51ac63f9c1a933df76df62735cae6a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
66946c5b55f226b3bcfd919bf540191f

SHA1
9bbedca31020583094a85a3cae33675691a9454e

SHA256
ec788d787f6154e242b047cb45337328cfac30fa1d6431ad889972b4c7288b1c

SHA512
35a67c88e30e9caf4bc55de3d473e5a5654b299908d478adff817125f75594c8ba007c8aa155d204a0d2995142d7dd955dcaad36f4347e52dd18f725c2f997a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
c0773fc29153c4429d9e5edb21fb00cb

SHA1
4a181590f5fddb7c17250c90dd381c907769274c

SHA256
99415452f4cee86d856a3f2b7eb58179c93a09b921384cd3834538b51bbaf098

SHA512
3f26d66a45e72aca84ab85e1f0e83403a4e3aec9979f17ee81fe2152e6393c3b268b724ad56fc6d51c79e72a24c53b283224b391f5ab5c2158a8ced4abfa294f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
65423e11963e23e35211468f6574c679

SHA1
7977e2878bd848f190ccc52a7d805fa593c9b229

SHA256
1f23aacf9cffc489b35d7bc7f94fffcd23b56361bc3b5eebd35c304fc1ffa8c4

SHA512
e4de2d3f8f6f7b5baa47d440a352c439aaf7a7be37f881f50428c2512cb52d058baff169bf2fec0c2055daf62ba92252b746b469ca007003cfab7759b1bf7071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
2KB

MD5
b4ddfb1c1de9b3e535833d2e9fccd15d

SHA1
6f707bdf6e2230ce95ea58d4332078c7b6648a69

SHA256
4e0cfeb83be913c7ad38abf5a8e5e3d39e0daee805c889d3bd5744103b99f255

SHA512
a17a2ad92ee70e9a2a6158116d57970fa59b4e094716ade1ca5043208ab0b1a58fd550b2eeca138ffd9c4896882bb68576c1c359c3074287544d8fd14ab8bf59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
6KB

MD5
bb8f3882a50268a8626e48b537174b97

SHA1
a1dd4ff7574e1f1db71488e7660bb1b07a7a42ac

SHA256
9fe745d96dd30f02a04fbeaf874756bef497677506608922cec031fd3d9b775a

SHA512
d3c0c437b541af1ae8577d2905982af9eb76af2dc848e64e3b31e4f3a884316b3ea7ab6005d911fca2d4f211a5e849af71b9a241d41e14087e6f7c786471d087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
b00021e6c6249bbf67e1e7ada690cb77

SHA1
75f93b343a70e147e5383b853fef1a83228d19ff

SHA256
4253316a1625cbe3f5cf1412313ad36e87b3cd8692e5ad6f8ee9a08fb303e95e

SHA512
5210da086746b31c2d4af272a6796689b16cc67b905d38ec0deb0a024e258d3fda28a211c5af939a6d5ffe86b6f1b4e65e9388c8c72a0c54f01d0bbdb637888c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
3e615949429184394da4949f9eacddcb

SHA1
a142d21f9a61bed509bc12c8d806fc503b9d9c0a

SHA256
7abd624c65667a531dff7d4451b6e544d308a485410a01dd119d7c8d90e1f267

SHA512
5f1a274e9988659dd57f75fc9f46cab14d6597e36d6fbc8bd3a851f172f64c6634645950d2d00074aba7505e8843844f4a42f84e151c78582f3986e138a82f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82af833e9b5cc26e_0

Filesize
2KB

MD5
b050968b37a20c8c00a8762430959154

SHA1
74220058718daccc04dc2280dfe0d9ed9a885b99

SHA256
5e3d84c409fefc488cb17aad70a8144c88d6e5cb20aadd83f2d218eb2fd59b33

SHA512
46b46335368c39ae2b9d5d2670c9cf520225cb0cc5f4387c43e482752e02cdd676b51989146f7157ea69e648696833842efc0ad42c4452aac18d0ac60c56aad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
6cbdc89c947639328b36e82d246d390f

SHA1
3c35d92f8fe1b79f22af56e779e16ddc2b7acd3e

SHA256
65a4151705a4f660cf10a9957344b144fe4749489addf48a8cca469bb74421d1

SHA512
cd960cce251c90bf4a4cc4b8c2d67c9c0b87e863096ed81e211133a6bc7c9156b49b808d7de9c9d37119ec06e172aab60a30df999f28ac90fe94e01d13553ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
586ac024f1b0b9f33f820760c7c83265

SHA1
0a3f1aa11c0bcf140f5e08259456c8b532745a66

SHA256
ce8421348a91899592019d47b8bb403507cabdcbd779dd76bf7b08279177b18c

SHA512
12f83ad322b61ecdb2cfd1dabac706034865f6b70eccc6596f04c98422281d2c9b911c5404b246ce1610a9913a6e46344d29696c9fe43cc654361794d7733d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
fb56ee8506a3c69cdbabc622e1c891a8

SHA1
e45fc47fd6c446c2e6ef0f8a10b167c59bd909dd

SHA256
765f19b93eda3f29996240092e4c4cf8866ed1b26824d96229e3f29f4162ccee

SHA512
ed71d29a4421fc69b26f0cb7bb0bd42ea418bc0dd10dc53ddad89c4c6d4d3ebebbc11c1234ca815b82aaf4dba26cf89d0179b8599432e765da9fd8a730b9c69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
80dec6db7b8e7c895d145ecea6bd33f0

SHA1
a12d7c36fab40718d8976ea59ee1778fcb83695c

SHA256
3ec3c97fd7bd55fdb5a8fba3c0320c7a2e86c59dafb152bf057191a4cd219be7

SHA512
d01a8a7869a93ce3691b9173861287c3b80e472f5951c7b8fd3cc2ef7a3e62fec11980ba72bf063ef487f912f90a76276f217d721ee1e48a798301d032a76ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
523e6135ba0e853928c3563f08039d8e

SHA1
bd044e1f2e11cbc4594e7b7f77981189121e57e2

SHA256
233bd6b60ae62f5970b886a5b3eecd368170750b8b481ff829dbc77a8666aef8

SHA512
5ce02d696110bb4308ed7113ddcf2c73f89d200164d956d175f0eab0eb39b1b500a6e361c045d8a97244017d3adc58edc30b26c7e7f4a83defaf661911c7f111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a14127131539b362_0

Filesize
289KB

MD5
8499bb9efb238d9fe75a4de32d915f94

SHA1
13820c6b02171be7a3f88d8bd128a95b5e7c8c62

SHA256
f729c673adea7fb48cdad3c3d7a66caa2954c04fdfbfddefc6f943f4fd012d0c

SHA512
a34323880ae926683934fd5229adf81df6a4216b8ababf072e08de8e7e9764a3fe4e29d27250d3c12984c6692512878fee6cdd1f728271784288bad4222952dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b52cc673651f7a88_0

Filesize
1KB

MD5
3eb7ad0f12d47a575a83382b5bd4a4eb

SHA1
04f46d0ae65324a5e0fc83b98feeeb1ab2b8a726

SHA256
90a828850a03d6f7acc918c2727d659ca2ec87b3aa450bdf04c374d2bad27140

SHA512
8ab01e0ff411e994cbee769b3e7299c41b3839d3577dc6d63399e3983cf50e1949ff94ee751f97052b9ed3aa7dab695f7dd803b31a1c2497feacd4b57e30bc72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
a5b8b1ada0c96c0ab526c4173c24bb40

SHA1
9a86e2450da9f08541a2d35ed51d57e518708f11

SHA256
a19d37eb86397164c474012829ebace761a0ca5ffc1d91a43759d5878aca4197

SHA512
b817c52b6970b3db3429142c4d7387203ba673f55e2d73e1bf7b0721df1a105e96a25f823547021510a7baeb930b853922e98588e0ff9abdff82bb7e9e29d1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
fd3ed3a1ff8f1b783a06f9b78faebde9

SHA1
c1244766d34f4d6274ddd1077a7e2cd4160d8eed

SHA256
500494e28f30e2b9e3b76fa4ac529d0e0e7e3ad5fee10f52e859a94c6c04ffcd

SHA512
1eb500aedf846b9d826abddc3950521c856f42860043dded9f6aec759ece77b5621de72461147a2c291d297aabf170267d1c1d5949bd51ef30be98b0058bb098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d09e0269bfd67b3a_0

Filesize
74KB

MD5
96102d0bc41a97aa6d1f262970e662f9

SHA1
3411d278bbc8e51a242494c40d6095c10f3c983d

SHA256
9a0ec1e520fd34378bc759d48f973c64949a1288f66c8ed574bd27c741aa455c

SHA512
07e33bbf71f8269ec3f8dcb9a225a6043f4c90a3abd98c5ad7d40ef00beeb8507ffbf30b91590eba694c7e25464a71930bd961dfa1ed1fab24792d81cf5ce72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

Filesize
2KB

MD5
66b5dc50580407f78542e528376cdc28

SHA1
83a0738675d60a2308d601bd01b68aa7a5375722

SHA256
65f6d93d33b7c97d9c29e259a82b623a8fe566fd166f12970b7dfbc214b5ce55

SHA512
d08eb6cfbbf15a0356c323d15e460300be18975bf9a496a772da97eb89089eba7686e1e4eb894d7c004de67a6ab100600e4550f3b2ab718e92c196f6a951e45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
45bad2ff2f4ebe8e35bef31a3b0abed1

SHA1
84d568f9c1ef2d2772109f064606d4030ddcd69a

SHA256
2c9e564696e211396eb17ea1f3504dc84d15fe0f2bc409218620c2b64f41936f

SHA512
19d452c6cfe65df1c05468af90a09f095bfe0ff66590ab72085d995ed8ebe02cbcb3d4666c1bb92c25403ef78d21e631d9e1f35bbe54c5edcaa6ad28c1da3e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
3961d9561beab522dc70e8834c2db534

SHA1
57f47e4ab0a7949eb3df80a1925a259d944579eb

SHA256
24ccdcb5a3d5c6f755c1c63e3e8efb4787c8ee15a8304319839d98698daeebc6

SHA512
7f3f8d3aefd2e31da1ed1a8390cec9663b9ed8008d89b32dd945e560da6798c4aae4cfe5900571ada2a1845aa5e0d893949a2b3650a1b524f80b22056dbf0266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1d30c94915f0cd0_0

Filesize
22KB

MD5
6057b50ce167a0d22664f0452da1b68f

SHA1
64381f97e030d7edf89e182e182e34eda2daec36

SHA256
9b131d8dd08da0de95956a11f555b66a85815e10ccaf27e29a736637dc0c6116

SHA512
5970f7f07875746811262521258a6f260e575e38f79a516da0753b99b900b2981a2ceb7b76433bb0ab5d6ca19cdf9970dd64d8f97e5a6d03e5d02eb831feb600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e31619ae983a8664_0

Filesize
175KB

MD5
412e49a196368557f5a005e1305c8819

SHA1
eb9e6a7a7b285aad2e6f174c94a10c836a654211

SHA256
1cec54bd309324268a1cd7775c529592a6c87f0c088129ef86371e9acaed7251

SHA512
a115bbdee27a35876105c0ad054d704371cde65eed0f57cf64be6af6b91734524cbc49c0d663b29a655674a40605bcf410c06943335c2ee2848d8674f4760dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
47KB

MD5
d03890d0c53bdf54b32ae831823941bb

SHA1
09b5b017a29266767aea1518292fb9acb87800d4

SHA256
c30b2e53e20bbb5a64294377e46cdb3bda73af7b2a409923836b950152ca7d46

SHA512
340a0cc83db646c5bdeff6de9c5d9af1c77bbf92e343c17c504c79791318b23ebcf0d792e56b9a1541cb423886b316875d4850c809df8b2a348b74a5fe91c1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec9462a9e5e4a8d8_0

Filesize
198KB

MD5
1db2bd8b6ae99e0361b7a5abdf7c91db

SHA1
c9491186b78f74d7d2b489e603ba123da9e61afa

SHA256
69392a63d13ae57446e4e7258fb5c143f5dcadb967a9441eb8b00e705cd6e6da

SHA512
9d3175971bad173253672bcc5555abe27b2910e806173ce38b83be0294a791edd900643bd66011d9bbd3d9d07c825ade0c536beb6ac80b02ae81c7878dd1e730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2076e2a98754e97_0

Filesize
2KB

MD5
02d5a9c4221b89b1cedf8d21e9de8425

SHA1
fb56f9d200e58ef811529d4ba3e93c85a1468656

SHA256
205819b14b73831a7d4b351443074e7cab82af701cb961c1ebe62c0ff216e970

SHA512
ce918ceeaf3b050b61bb19ce90822ff6634cfd7c33a9280b2a3ad06412dd0cb6943b8c63d5b11350290e06513f2cd836456743c311ca8da1deadb21648e26ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
2548750e27feb9c66a961cd447c13e7f

SHA1
b54e79ffba9af31e7aed9ed4bd3c18b01e350b89

SHA256
5f0123cb788f9fb4b48722c7acd711d66eac129143dd693dc3129d2aca2fb4b0

SHA512
f71536bb283d4570b935896f98b20782406c9ef620f6673d2860719a277d3977f86dd6ec00bad48a746de1f488c0605d9b3aa4331aede22382b5e2f700f4649a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
d20727cec1f173ac2d5656313e342b5b

SHA1
b26e2c46de935dc4de04384e6ca09a7bdc92a36c

SHA256
1119ee6034c47167c3083c2cec4ce07c07b3e284843711f74c8305706f7a5f98

SHA512
e872c3c99b2825093d157e7cb0a88cccbb0fff6589b97d2bbf8c73dacbd705e4afe455ff886ac1e132a4f6fc3a978c413fd3ed4fb9a57e92e9f607f8062103f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
11KB

MD5
26265e24d29e9ad3f48aa53eaee53545

SHA1
c93c67e71ddb684b819fd0aafaa4bf2d10e5e6e6

SHA256
1cdd404383d0e37d1549b07fe4a0c2412b89633f854c419824eff5a57beaa1e2

SHA512
a0aa6de5ae45a011a64daa026cb3d176ed13d9283fc98671594141bc5b37aeb535c3f2acc2d8bbe0205ed8870b9c770dc12a14e5859172e52c52bf4d8d91faf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
604bad382438990a9b455b5149a6d4d3

SHA1
153ce7c4d4befbdccfb46c44af2ad0a9bd1931e3

SHA256
aa012cb28ff6cdc9f414c924e2807a160bb2ed40872b809f2be090d1b51941dd

SHA512
7632d2cbe65eeb6edc08c5ddcc243372c67a8fb42881622467f7099b03c67f56671195a4640a62e21cc7a7c5aa7ae394e6bb4266395bdad5cb00a54560c30c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
5578f1403cc3d4f7c0c3d080d85cc7f7

SHA1
b0ba42c59a4875dc335e554bcf9dd5d38ca533b3

SHA256
821ba331d88755dca0f23927c1565f496f0bbe38b8f9d97927a5d0b018e53bdd

SHA512
e303bf8a18474ad258ece8f1674ca7ef4a8f73b660f93ee730e47a96ad7ea5135204bf643ea7e3ed091f19f5e93088665db67e5a8378f02ffb546933a950d18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
23cd730d5d93196fefa95fee1051fc61

SHA1
1e10508c2a7778648fb8bbd0f96ccdbf8e7e251c

SHA256
eb59a2fb1650b334a7b923dde6889a7dd2e5c0c7c1de648be8cf98d6df6f826b

SHA512
95fad3e87711ea5261efb5e3a19e3a02efd5b2d35f0d6f40e2deab4ec0deb4492961c4d4c47811e13200d3451ea78474dbbceb0dc1c02f4a71e7f1f68f843863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
ef2728b2cc5a87b8422b1368f782a6ac

SHA1
1a364d1a3185e21afef18ee17a2bc792cc04a5e2

SHA256
0099432b4a747b36afd3d987f76badcdb67421d3cb051257bcae7f4c1c018693

SHA512
ccf550233d575b91fd4386a55b0b723a0dccc091d5b37800c5d1102311dc8ceb2c3d7426c9d0c4485ee22e637a8675073565adb94b997e545113c7d5c717b614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
5456e889f23c7e3c745026cecf9fc329

SHA1
67be89ed439a9c37934e5c6c4397fa13a4622f60

SHA256
10abcdd5510d83438458207221bfd8aae38d75bdb48370cc5c51a9140ec29ef0

SHA512
6fe845e3b4d3fbd56630e782e99d7ba94a8d829cd045f1d61e3a7e341511408d72c86ef12235a23dc53054449a8f8d61d69381943325a0292f65c7a7ed4abe75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
ea49437da1b0649ae94558de7e105429

SHA1
f2d3162d7a5d02cda2eeee5c92c7dd3340f6ca91

SHA256
cdf520725c0bded016f32afbbbd1366ebd2d437e81cd47b181201d76e9d6cc26

SHA512
718bd3c0b1092d732e87790bbe922cc3674f6461b506637eff2cebc5df652bc3efb0dc282ecfb88c28b3c4db9e21d9e9ac369618cfdfab74e68f91e371639e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
77c80cc0171ec7c8861e46f192ea79b2

SHA1
bd1165fbe861554748f86dc2293cf004897001bf

SHA256
79ee26d43e37208769ea50775d4d8dbd7e389e57f3a13a5736faba221ddbac14

SHA512
19b497488ac23349ab342f2079b208756f4f1c87dfbadeabccf8115281cc16a044ed86ccca645d46d04ff3dd4ed63ea412a55e7372d6c910eb195a2e7f45aa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
870a668bf3df821ef943f08b516b0da0

SHA1
72c00971c83412d89a539806becd7fadab13d211

SHA256
03a696d970c35a39cc820aed900428242a2439d58ca85839d4048d7cf51255ce

SHA512
ddd5e6cd48c2da64f20a736c2bac26a0ed9952d43473860e78b87b90d0c17cb71da54a4db02b65001cc366bc86f48318c918eeabeb11361f220321d058b5259d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
fd2be8dd3e75ade6d5bd87ef7deb1d1b

SHA1
2fb3d50b337f0713b97da5493f92a0f0e14ff38d

SHA256
ac63b378eb151eeaa7e9459049864433739e6738197b364aff3c91efc5741a95

SHA512
0f88b7a092600893c2e09934f0ae4a6526663b2f8431e81893ae5e2ad3a6258a684edbebb6d49ae5e463521e386991232dd826727e7788a440bea12fb6bc64b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
9b41b17732d596d86413b780721751df

SHA1
a485bdedfa6f4a74b69911363ead9626d30a21bc

SHA256
09b9fe549acb2522d3416ac7d34cb3508cdb10899816e187b8d7d4bea561deed

SHA512
57c1a28759da794f7b4adc8f81150d1ec3973873a9f615e7f6c1208adc52d0dd8c30665d6691a37c543bf66c5c49afe141bef1367df9c7d92a0339e56327990d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
463a567b431f8b25ad86185ed32be11c

SHA1
bd466a8122e0119726c8723d19c3519edf4c23a9

SHA256
e5baadd8f70eabe998124b8bdbc2a0eaae75c73c116e2ef168e7ef1323c53297

SHA512
cc9ac393e9ed26b424a70f4993976e37c711ff09ea2341711141ac239bb081a4619f7f6237c149beb1563b597e394e778a1bde81b1f08972c3245a2ea4f884ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
28f1921ba286728ae9bad9b4713da5e8

SHA1
b2b782adf6d60227764cd7e7e04502cc61eaf5d7

SHA256
a468317775a1d9941362e7f855cb85a3390872deccfee75f723aa6426bc8a836

SHA512
0a3794c1f5c2beba81b20e2e52a80d994716c150f2498a713789fade76aed8db33e4661e44e3acf7576738118e62a3eb82b3ebe8601da51cb8b2a78c5dc6ae61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
60aec0f2d4728850f3fdb42777c0eeee

SHA1
04a62b7915739d615f6cb534131cf362edd3daf4

SHA256
dbffbedcd8ce59aeafdbf765c6b40c943a2a4ae5e7b8978763dd2dc39c78c9cc

SHA512
16756d7776237ffe6514b8e71dce97ee0a6f77231adff3fd25ab37560804f131ee9458c97df66d91a98bbaef0b58fd2c4ad358dc93525ec184e534286b33b7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
b140e960c29312928bbda8a6d965a59d

SHA1
c934d97cfb97428b6fb05b6a2838ed2c9b8d90ec

SHA256
874e96ae14a0d0221953d0dc13360f264a02a1d1fb61d0c3125a9be7c8e56e90

SHA512
f3f91965c356a5f76435e4d150f36551479f2d6236ed4cfb4aafe59b71d5d345489384bcd51bdc04521042927e44e29fbb9eaaebe8a055ee50496fc1cd99ea36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
29KB

MD5
90a313049b66063f3c5dc4de242189cb

SHA1
864325e319a73cd7a4609ea397b28263774085f6

SHA256
68b6af4268a326b3e552245158f539572017dd62de38b3aee9d5f5b5d49cc3b5

SHA512
633ebce19f876b148de753b1ee0312393f8e911d69c709e0edce2ae4b7b487a259a8b13fb792c34eb751c2ea1b1abc9e7abc900dc932424f16f9fa41b07abd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
40KB

MD5
9704672cc1faca8c3f79a79d57296e9d

SHA1
73aef908b261a61b98e46262134205aab60f6a06

SHA256
632cd5234a9f70defe74da66b848f876c054ddabd74151c550bc63923d237b9a

SHA512
8630ebf9ea737264e99684ef3396d5a03592d7c80d609d0dca44c9c8465aa34a8858c1df6569854d1d89f24a80fba00283959c374448bfb9f3f852b2c30bfed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
53cd0864590537efd72e32a44b261282

SHA1
784f6716728cc78cb3fe1d464729d2762d4504d9

SHA256
45f2d1211117eff249bc78d8d53223779454daf2c2189ed7c1de5b90d07c8b46

SHA512
4ee504c4ffd0d2d3fb08f0e93c41556750254d38fbb63efd9503bec6313a17354413d6d414ad883199476bf943746b9e115e156964f94101e2b4a32daa0bf6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
26KB

MD5
d30b76cc0f618e902e493840f3cbdeee

SHA1
6b58fc244c9dac290012c0cd6f63a8cf18be9294

SHA256
bf5906e5b6553444950484be8f2e3e85d9114e7d03c797128c540043fc2b9ebc

SHA512
5b80b0f2796b9c382fa0a13fb71500feef8ef1277bdeccb294329b3739bfbbbcd4e6a10b343c1d957c6e0e3d16d0849776b83e46b675df9aa54a3bf99f298f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
36KB

MD5
ee253d39c62c7e5481ad53682aa14735

SHA1
7f827d803c4fab19b75f99f7f01ebb63e055f670

SHA256
8c24365832fa54e149c0d2299562176cc7dcc6fb4041c9fea12545f0fe82b603

SHA512
3b9b58289b1cb4bf95ebee26f10c7298cc81a85e256e7e114e2761f18c361f8157038fece0b873df87f4f43655d93d74b444bbd5db30c87daad966b52a93b6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
a50dcd76481ce6ee6d0af7f4ac7dd32f

SHA1
20c207cfbfe417323be2a6df0f9ed7d8de9914b0

SHA256
530875641e2d5fde16853f58faa4212e9f8c545080cbbbd38e9ac41121c8d381

SHA512
ba8d22d7aec1be26c4c9935cd3fabfc12f64a567ec144e07779a31e2067d5d79a3f7bf348c009793b38d0563b93e46e7d9a2eb0710a1b5dc47eb0a8abc159cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
f49f9fa0ac4b32ec980d40190ac13834

SHA1
d99f18e41871defe20d1d2daf3756fd00eb0492f

SHA256
ddc22aa1fbfca13d6e062df9fdb1f6d9dd5d5e5fe4fc8a99499424a2bbbcbde5

SHA512
90ffddafdc2f38eda762f2e6ab3353ac0e955ec7d5a4484e0f70a8f7c1aed28c7c2338c95dec302f4d2199a8d8d3a6a2f0dc1dcdde2752f763c85c8e5156e6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5945aa.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
1679e54c9197f0cb5549c44c20976fd6

SHA1
90c390292841e12cad6430715c880eadc4457498

SHA256
e2b095f065294f43a2ae7f3782ec0557779fefcf4acb777affd51c4fdddaa980

SHA512
e1584740e43fc93cdc13810d9fe1b00b717a42ea0b7d15912ab80161604992498eec202df94ae7dd66a8247d32861217f199958ba2978434b98e010b9640eddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
848ef94303882f3e2daaf4534c3f878b

SHA1
a083e1089217430f8ab1929f6d08e30461e7f1cf

SHA256
2282a3621f344e8ac55e589b2badf8c41ea184d2eb90a0c8b430ee289771f26c

SHA512
96cb5b51223ea6a9671d83575f8ed79a931a750c3605d8d4a8dfcb929516927ba1f41b21a0f94232c5b513d832d733155759e6746773b950bb9ed02d3ac98f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
e99a0aefb8dda69d531e6d4c5584054f

SHA1
712933c07649fad41a94961b3d8115c088ff4f74

SHA256
99eafef5933b8688956a9fabf195786d2eabc7daaf30675f2b4b97a21e65b0fb

SHA512
4b54b1fcff46896be89172954266d416c4c3e3c1393813a0b60d8e4bdb7973df80dce62b51b7d3f1c5060e7ef9594a65410a2d4882391be247d5bbfd8644728e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
2892ac156c7801fd7d209d527421e665

SHA1
d0d418fa3ca49b53f26cc8af481eaf36cdae4861

SHA256
75042044b6ba9719fdb3ae9e4ef230fe02b111fbef2e770feff7050f08d72ada

SHA512
1cd28bb5901e76b84fb0788a101ffe1630b84d9eb5e1947e2d08dfdce9d580113b139a1ce63d7db9ba6438ac00d70b74357968b6719154236b9801f78adee3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
25KB

MD5
f0b90759f1fe116dc5a7d340ae39c221

SHA1
dea9cd85d11617cd7eb5e71ed450f727fcd9a3ca

SHA256
fd9a8d8aa3aadbe3068e94b65760f010270a664606ae7facae9feb7d1c9adcb4

SHA512
282a6703cc7c55804dec87873b4b2c352af548f4784c7e5b8b8651c88a58650f239b8f9c05fc96c4454799ecf7286450c933052b8ed722e77bc69aef6911a6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
25KB

MD5
9257deb008ad20adfd6ecdb2531846cd

SHA1
dfa74c0da85871c1b07f135e006902f7ede22643

SHA256
ecec5c919986732a020c8d2386d2ac9e25bdb3c90a47eda6f22e8423a0a78b1b

SHA512
0813dfe6368447d4439bed7923340716d0861f96bc2fd1af68c7e0927cfca3e73a52344f87ec5fc8e5468b52de4c45fb8cafa75001f139be5395b934c956c1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
450aea3fe091835d275b4f8dbdfb626c

SHA1
9de4517511f213f361493c017ad808f7b2e5c2b2

SHA256
e6f17e2da2aba98d3cdf9991c1752005e964edcc84ad6ffcd4bff728509a4969

SHA512
9067029783ac8c694b1f840d5101f5f52e8751900cc980210751177d84d1befa4539101bb385782eab6dc9b74a86048591d155a8f553cdff4a2b50dc870a47f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
36730bd04038ee2ab3b515875ae94a1a

SHA1
3f8afad0867b07c8cbd49051067a2c9ecaecc335

SHA256
f7ecb0ce236b04277e2104a9a088f9e7d8961c52c17ac70fe99d58408e89bd43

SHA512
97c546ed5bc6900117bf1c2cce0f8bb55a394f4793569b79b7bee2bf1eb278f85a9b158aef6dc6b7e34d1e613ba61deb0e40bf1d4f9af0adb220d36f40138776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
0c50fbf54f3d7f00e5917e7b4b26fe3e

SHA1
e947bbc8a18a42e1555081981410253250506f7b

SHA256
0fdfa809bab2f58860b7f5c691baf3281f9ac6a2ed70ef46b7f57a64abb38be2

SHA512
8ba0b596bf44606170ccf8c6196d9b3603d6097e1021af13adfdf4f1835256cc500d62bb9e9c2d77a766c586d0050231f97527c6f23a57c25300f929e60e8015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
4aa9067f7a332f0ca3293ebea0846db0

SHA1
20cbda9db237036f282f238c5274726e440b87ae

SHA256
a9f0b6a99a6049a5d85801ad088efd0e1e1d8397ddef45458c5e2873ba17edd6

SHA512
2433d23b396cdaf6aeae28aa6e1084a907b4e63eefc7462c170ce60c613a20ae53a0bf6b32d7671e988f11aa050eb5256289e619f4e5cb25e21d6231f64257ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
57975548159905ab1b4de2c424016551

SHA1
370c330b6705a5772a2bb1283f1f1842553bf506

SHA256
cfb09f7568aaeeb225c726aa96784118a7bbdedff67986beb28b72a10420ec86

SHA512
f5ba436d4d4d0f7dce233634c735df0343058a02e3f9ee2f35fe41e413b8a14da8fe47f8d33f5ab68dafbb7948d7d9802efc8f6336f40e4392c3889a0d664469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
d030135e1ebaabf53d3a81faf6c8e91c

SHA1
a2f786c4bcc25291a74388df954e7d74bf84f02a

SHA256
aa69b4ec886aed0b4fda53acba65bd7d891e22dbf1981446cfd232a7cea3a75c

SHA512
c153115d29303f7932f34ca7b3535cce304cc05b834e04865d9d3b3c1acd8a060751ec1c04606b55f8d0e77530a7f293eb59c6a9a6b90f97d707c9df6165e4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
25KB

MD5
f1e4f8c21258d583e963dbe379cf3d38

SHA1
d618f4bc4f50eb759d1a6b7dfd76e56d3188fafe

SHA256
0034cf6dfc4d58c37177572e9982336988e98d4a754dc3dd4da93c8103e52ccd

SHA512
4b58d2c4aac91775e95a0905834922087759ab45fc6bd0797c9af486bbe14f3499ef6e090358c269afe162c51adeae82b4ae0513ae29ecc624295ac60467caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
935eae00074ce3fd471831a57914364a

SHA1
ae78a083bdda996fc7be638dcce1dcd435e22e1a

SHA256
c51efd682742efc9317ac458b6dde5466d05f3f930b51fe4cec9c5819fe404dd

SHA512
9b697dca2e515fd6bbc4e0c0cda2e6dfb37b85419d4ab479844e1a4f03945b8efc86cee9205b112bbcc6c9b327edce62f732444e141033fc2cb29b27d08bf7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
58eccfa0d60bdb45ec27c7c9de67d618

SHA1
43d3b065b66a21f0ed08607c599f0efb7027039a

SHA256
b54d91935a4019f5af8ea14ef249433c2088b168b694f202ec89db96b7498475

SHA512
728d967999fbd7d04cf48650ad81d73602b45852f6271f23a505b6ed8c4a6596e7341091801adf907ebf78fced100f2a874332041b8eef71527e2e730a25ff9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
d9f7077fcecbaab3b48d4a24af77d7e5

SHA1
cff7bc6ec1dd9ddafc443c7934c6150aa6850a7e

SHA256
ed24e9f1eb612ca8bf122e8ffc82d1623b51c0b35d58dce2189138b5254de1af

SHA512
9e526861c803c7256b9871e66861131b77e674132744d1e78b649201a740823e98c45b23f7905605d8e5700c42a7c639a5ae1a75a4ea308b5509a5df21b0d1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
2850d8d4ca09bd50e842e7370c4a602e

SHA1
e70bff669a8d3f3e81058a84b9c3c1f9fa349ced

SHA256
aed07c3f99ef71c809ebd0a1cfed910b83e87c7d6fd4a9c7442fbd75c1b0f88c

SHA512
054c181aae4e56d98eafcf27871803ca0b6a582e170f9bbcf67e693bcf34b7b695bf59f531d542cbf4f8689d443a9fa3a55a2b983b8949eda4b17a54b4d3ae9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
2c4ef98443990572a873709083d6ede7

SHA1
fdb845d3b733381cca85b343bc1009eb9a6e2b7b

SHA256
58c2a9d9e4892b7e025843e30e9b0da84ba7817000d949db2e339602d1f5f9c0

SHA512
35976baf1d7d017902b62b0d2021dc9da42948605fd6ae8142e490450524feaa27d3b8c8dfb4603a86b715e7ebf6c76e71474dcc033ed9a122bb3c653948e131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
0a8f1e9a39034a946f0b0c9dc6dcd8b4

SHA1
e12b07fd4f764685eb44835b2b69f1fb3127ec01

SHA256
f0b51322433b2d90ceee3d8499c4170cd6fec954f2d206c0a25390993a429c3d

SHA512
3b44a60f525dc04bbb868b3ac1f1a785ba7eb780c8edfbe2e12b4327902e82a26bba737de009898320f50ba96cbd76633aeaef4efc17cd3f1dd9028cf50605fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
7f8b616e6a9c9703eb9369c6039bb8ce

SHA1
5a42a11f0e20f467c4dcb3a635db4df9be30a92b

SHA256
73c232a09b239941b914d0c665c609738522f0972b448eed83e32c3438bbbe1c

SHA512
8c1a3ffdc9e66fa2cbf3a59a7a9ff857b1d3687df544cb8fce8b5c3dc994f7855515b8982e67eab06368dda2e446efef4444b050005af3878b00ad5e58fec80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
21d215f4ca18f0755ce27c5adaf0b7bc

SHA1
7d5332bd668e38554bfa3d54d2ff1782a3b6fb9b

SHA256
9c4f60bc95b311a42c5219fac4bee4f95eeed0fdd13f55c3b482a84007680384

SHA512
03b35a30cbd1356671a21f2756ac02a4318277e1270351130b5f25583b229712e33577dd3e8fc2d79ab10a4cdd25409b6a04a06c034a78c9ccdf77497765b3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e0f9b194d73455fa339881e0f3d2824d

SHA1
e8313ed9fbaf2ea9acf6e37b97708db13cf3b511

SHA256
6aab8b9ab3e5ae11120bdd5917d94af4d1f1c28db4957a3a9129dcf55a89b043

SHA512
260a5c0cbdc3d258a593235f806b14475def1e2a22864482bc29cf41e84c223b012ea5969883e92dbb1a6607c00217f66f117af751e2f8a5b3a650c4eb3ceadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
d39c399095095cb244c243530954014d

SHA1
eed84611e04857a2ee234fcd45d576f15495c7c0

SHA256
3f7ec52c07fc698a7f052cd89b16d7330f2f8e92af831a4455fcbd7c121408d7

SHA512
6dcbdbfd57702647019352621cff5ad66cb776da7977f80930c490f6c9876fa81c2c94235c210a31352d2517596d415e41f397935aecff4ffe79299a59f59b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
9c17d8b8bbd4becb65c19112da9205d9

SHA1
a1b0402084b2440ab1360c1b50cd90a7bf539594

SHA256
343ea61e3dc3d6b8fb4c07361ac3077587fbceb23591bc11b56d8a0e91a028d8

SHA512
2dbea023e15e5fb5fa4b49509d31b4f305e36192950e67e842525a8ed10dacb9bae35c9ac51b04db5a399a90832f3334349d8f48fcc99cd2eae8ef20ce95a9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
7a615d225a008983192736aff5b47970

SHA1
515ad0f88e8125bb8c5fe68f96dc887964b819cf

SHA256
b4d65ab7f3e8757b29edda7fc4276424dec90cdec11de289fd99120251e1b179

SHA512
e3e521476586a32e8df66374d34919c7578fad59433cfe6cc29b9b86ffcaf209f200683ab222c31254c6be50c2a0c04ff0242aec77102f2d21e592ce689e881b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7207964667698d5122ae86ce12c8b52

SHA1
732dc451291cf2e7081ce6bd2732137eca36a4b4

SHA256
303605f8ff3333930b66a90b3daac83a6adcdd2fcc8bbc759ed1bf42d433c691

SHA512
a5911603fe1477c37ee6dbc05f8b3fe175adcc57d5494650745c1271afc205995e2e051caf6593ad654101628488cf54d21f85e17fb3551388395c818ea73e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80becb50910ecda22c5961233ed00aa5

SHA1
c5ab2aaca1f5e4521c4ef35dedb58a1a7366a5ca

SHA256
9bba0a2aeb819475cf1e92a8d622f96cb4f90a91baa55ad761258932843318d8

SHA512
d4bdc82f5760621e25880f6a5814c4d7dcd79b1b65dfe065d4ea42b21faff9a2fa8fe21f386c6201ff081433e6c5ebf2a0b5e07d39836e12d398f3d5d3c63e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
20e88aeee223e8fd5e2b779b08b49da0

SHA1
507bf97300652111cf3db94a508dcac0de87dca2

SHA256
150ce9bdba69d97ce6f6a71388ce5f070c5fe7cbd97d5750b5ab103bdd26b213

SHA512
94039f459645623241e7c926f5293bcf3e54cd59d8bb2a137dc766b538f77847994996b32fa545124bc5f5b0e524ebf20a1bfad12dc3fe9180851df8c92d386e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
34c8bafd8d5f23a7cf1143e8c05457ee

SHA1
d086ec2f8060676e593bafddbb4d3f5d3ed44487

SHA256
842fbaa24cac46aeeef0330306c2810c0453428dba47a0f4b47dc9c16c7de7c1

SHA512
c7e9906295d6daedeb3a85748e41caecea6519e242fa786f40c5ae1c66c7b9ac02e16390cb59ab6acbcd6658e29b63085bf7097c8df8a2aa4c10cae9745c2d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
79c67758a71d49e850783dd7d4c088d1

SHA1
26e8e5b6c911fc950b82b2b97c42fe52de9adbaa

SHA256
788743521f4554935e22f33c6b6d2788b74ca1ad3a495f989ebfce707724107a

SHA512
1da3a14e861c93e23f4e5e59748a65e0dc82533c77aa17d67de18d5a43e43ae9caf5d6da5c13b20376b85704d3ca04508c729d6a5490ea4bf50d17207a199bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
7c1690aac6641a1f2b763510c3f52a6e

SHA1
accd383e4511dea6a1735129b94282018887e0a8

SHA256
592ca4ddc2dd5d4ad67e1b2dfb897b38a20ab93705ae5981f0eafdb7b1a647ea

SHA512
e0e04087fb732136858c644d0f1dd6d6609c27776d1292c2ce8bc3b40f66980057ed9444b2bc9b735682addb45c87950766019eef52434bcdf41e87a938b0679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d32b5230340cb39ab06ed7af8cfa06a9

SHA1
295f004223f523a703387acb87e625d470b5cfb3

SHA256
6088e86e355cffec7929b792062849aca353eb82c089e43adf597f6633b960c1

SHA512
52a485d0a4120f768f67f411954c3bdeda1bde88a2ff84b6a9094224d4971b61f0e54776cfe3043119afb33f57f034bd8dfb7b8339f0029737e75b9c2c7573fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b40ad720427e04777979355b184abbc0

SHA1
a80f6b0f0abc77278daa12a23ac63cb1934215ee

SHA256
8e6097e6d0fce3917c01a53fdce7c1e1af0d6f67b8be6466a74e112562caa8b7

SHA512
3a93779c42f9cfbdb15dd6499c33766d6e9d8ed41aaa503faa973b4eb95314f6ef5d3cfd21088a8d061ba72637e61f5201113adf114170d380c31704ddfd7e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46e19e4e1a6856c9b03f44fd0650f4b1

SHA1
4cdd3f67e528ccd271f186bae8ccb3298491c8a7

SHA256
cdaa45c255052178f027e1dd60b469c4ee320c54d7f958cd095e78e8100e2cb9

SHA512
d62accb400774e5b7e107288110a8bcb3681b245d516b5416216acdd1e32b48509847e9038f045ee00dc27e16714f59ea8b336249fb0dc29b5f1fd89605f99e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87f20632df69751c35473a5bf775d551

SHA1
365109f5642eeb8d2792b4e8002836b7905ab118

SHA256
731cf9a8ed7b91cfcfe36376bf453949e4b2ac7d5282b7e36d74c04b7a809888

SHA512
41a1fd5fdbc4ff1a9a55363c31233a26882fac5091caf5ef0f1c8f8ebbfc825169db62491f271b163446e58ddd383f87a057bd04c3ebbe1585a949bb8c468a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
8619b9c239563be98f745d805fc2a198

SHA1
f19f234f53255e00bda272745dda89fb2a6abe57

SHA256
0f4911ca55279f5fed13b97a6f87ac835680dd7b78972b88415d1597bce24fcd

SHA512
14daefbe60cae9ad840e35abf7fd011beebbc80117e512cf167daaece52d44b8dd9a985e8d578ecc337764807b5b50ba5215faab1d7784d9ec50ba275fe79a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
b29c24ae359f60d31949eecb493e0a3f

SHA1
2200a21d5dce5a5122d63bcff99e6afbddd70b8a

SHA256
055b76abe8223d7277440e5339a01c1a516d0eaf47cc1d333d091d44e681e94d

SHA512
78fc6e0be6cfbe09a7685cc5a34557eb1ace62cc1477a7978dda187814613ea5a9abc874ebaba0cac580c85e3d7f3dd297b5c3a296950c092894fee6921368fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
8aea30341f4c8620018fd010ed96adb0

SHA1
a87ec9faa44e2ee80f05b89c9806c4d0652fbed8

SHA256
ddbbdaba293c70c663805f9447c8fd308e1cca086bad470b35f22b66200b094f

SHA512
190d6ee5ff423a0bcf96a90153e6ddd843624e09a2449d93003375819cbfd3e9f176abf270b4bc756f0d095c6c8b199c506d3e321c4f4d339b2529bb2e8b95d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adebd031790399eba06c27354edf520d

SHA1
fd13166438469365ea5ce8868ea264aa5e50b908

SHA256
c6d2a1e1ca0943b234af4d44aef3a5fe886c630be89640a84c1f25c1576e42ca

SHA512
435f5f6395de42af89ef6b17cb37d17e353b1e743019175cc7419c2d483969c7a15141bd76827e2625616f4629bc91eac3586d9c0e3fab2a896ed40a787f147f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
fabe79a7abc25999201d50a022632d71

SHA1
c40f8cd336261e1f606a8d7782ec887cac43a322

SHA256
cbe88a364385ed55014a483c19257f61279dbc4d02da9cdcf4efc3e37f7cf918

SHA512
bf1f1b84fcfae0522b43a289b564844e02132151ae9c77e7b60b123e809f355f85be77fba00cf352fb49116a5d71ea05c894e666e140b66b68aeab0bd245551e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b8d5a6329bbc5edf31844f6bfa4ae972

SHA1
1014d91ea7a8867459e7014a725794728d75793d

SHA256
2d90e12869f60c869911a3030ea58211b6b0da7c53d396769f4b3dea0c406309

SHA512
d6b4a08d7188e48b3ec2dbaa78f1ccc23334f43266602c677ba5c52d54554ad02e5ffc32e852de47291e3f1291dfc34db62d4a1eb5f631aad0a0340d30e5f7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8ade2f3a82060e6d5b1e97b275213d86

SHA1
a13c13d850addf7c1c1d58c583255f77b40b7834

SHA256
fc73beb5ec396531d7267cd4980e720590ae4c7c34b6bc63bcceef59730d324d

SHA512
51d989a44462ffea680e4bd9b20c46705793236712d11f0400e12caaac3512d662a41b4b49e7e309c8e752dc7738eda080451b74736c6428541196dd7bb8ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
15451d2a8ce5798eb0a9cb6832990561

SHA1
a1b30811a3edc949a556d35e26189b01569baba3

SHA256
dde121ccd3a64da94710aa5884d4444961591405b3bb778cdfe43ce90ef906ec

SHA512
bb011ba0b74c5e6e27407061c255f0e6e1950804ccd70757a69d1a00858a28e1cef1a4e55b0ae404e26b9472afba114726df3dfe61170cdb53c491bb022b2d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
05f6e46ecbbf72ea283a0f7bb83feeb6

SHA1
1fdc70a008fd2ea45a6172f806efb89b19657729

SHA256
621be9f2c31db7f00275d5fefb89d36da338ac33e159e5920077df83501838c4

SHA512
832deb9fffd871cda1f220a3e80a3a35cb9762244dc30f6f9147b497f753c01fc3214157b2a9ebd2cb912096f301803569d2682152662501fb7c1b6476ddac4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
9871189b1ad8b6dd9b7a00db04090f46

SHA1
6c47c25cc7b9bf30d8d57fc52f080b773dace27a

SHA256
ad7a35dc2fcc5ce86ac8adaf1a2b7cfbdc18d62400b023c8a31c2d2081120f8d

SHA512
810e84f1101d820e14d638ed8ddb97b570fa695c6373e4e83c7274e7c62da79d2d8e29990dcd7487657e9564e26682b547dd4bcc9fb1866989fd297a8a9505e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
a12eb006dfa312d29cb0fa6f303f3bc3

SHA1
88789e73b09c21f25b46c5f6f91061b1650690b3

SHA256
824435b1552268b0b84efbb0b61ad132114d8e7205cbcc42a977c813802518d6

SHA512
766e6e9a9b8e0395945867efa36ada08139baecb2ca80f9cc3921f1d2917a83cf55293effab582b4369e200bb2cfc0adc56b72a40022844b9d432977e9890e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
e27c7509421431d03dfda9c4c9425b23

SHA1
227ec4437086309a7e9fc1ba5546647d8e30e6ef

SHA256
f84f12fbfa91ff9ec74040f6bc915d1b4eb26280f5a532feb9e814f16937cdbe

SHA512
3a26baeffab8e238a9a2443f28f06c253904a1645d7733f07656261ff0f5034d71e28ce38c0ac6a50391ddc68e36393d7909f1c52e775f379bbdc0df89f6404d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
a684baac54bbab453d86ced41681c7dd

SHA1
7077df7cfc3516cb8d89b2dafd3eda999b0e535d

SHA256
c67192868eaf322d535083c4bf3926118dfca7334b6fc8da0eebc5e2ac606b0c

SHA512
1ad1c4a5929577acbd00c1632d3a434006003126a65eca65d24fc51d50e73914f7a6ae810bb0b1ff05763e6a3d96d45c4517b76617468cddc691085e282b08c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
3ec8aac67195a7bd6f2fd2db9bf549df

SHA1
fe535844f439ab930a3e6cca95c1da7c9162017a

SHA256
3669bc7e6be10b4788a4eab2e9eff50b443067399f877c8967865e18c13a856b

SHA512
9ac86fc80aa9d7bb21bd64c746b770cdc819d7435f168ebfd1d79316cbe5f2b0a278b7d12017463f1fbf1f667c3cc599356a2f27710c9374db7bb231aaae11db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
1f78505fbbc9ae0afea6c0e608d126d6

SHA1
614d480762986f17a2cb69891c4caf2af29c34d9

SHA256
601d1f9e7bb51f0cb6e1ac2603be70653715d08ac6224f72044356568738daab

SHA512
6c4fb379fc1eedf976d50c582c36d95aa618c44b70b9a3296fc8e5f9e3489091881af276e1629fb921387e9f2c06937f2c4b579f3fae845411a6fd3f21a5fcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
734c120a560295d15837de0e3ce31a6c

SHA1
0c331c8562b9375d457a1f16fd9aae4da14d92f2

SHA256
23daabd81dca5190d1d661e518a2c355cd100f8ac7aafe83235119227690721f

SHA512
4ef66cc411b343cea234091e66b35bcc5145dbd8afcb5dd685239c1f26435d9a0e6a33581ab5de926f3bbecadde618a2b39abc236745c5bde2bedd7abdf5ab84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
fd6883f381489ee50c1dcc9e093f5267

SHA1
df2e712ba809252d6dcd3ce104af7a4dbbde3da3

SHA256
27621790c50f5913bc348e05b5fa92d162221c7d343dde730b657409e072f12b

SHA512
d74d5aa9ab751cdd5b8616899565673f8ef00d7556785e597060f11b9558259dadbc0c1eede73a51a9e54f74d903614da6ca96f5908abf8c59ade783c2969a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
0fa8470441a53f2d237bee98176e4f5f

SHA1
da7c321d01e0e084e055f819127a581aba62fd0d

SHA256
799929e89eb04c5a5c8f44cbfa2d6bdbb4dabb00a31ec8f23055839e2528e63f

SHA512
4161f160de28c2e61509dd03eb518ab52e6e169c211a20f1d2d6ac2dd30d0fb2f02841d8580016674d7624a6514d2b504d8ac9868939827b709d4b9688f0f546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
ad355b0849680222502fd00ea6173349

SHA1
9e10115c1e1bf6cf0f1184a0294ba6605b40f492

SHA256
61ce8fe2feb34437c5ad111b2ec0469f95a2600bf5ecbb51132e5ebae15bb092

SHA512
6dc6a46246e6fe4ab427d0750e89261351b815ccfc21fc3b4b0ff74e1915c454160e4ceff8724c0e8fd7a042deb7e21c7755e98b78cbc4eb38e7034c708b29ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
c338b4963bfca9b0109d983fe4dc14a6

SHA1
64be5cc7aed8621bcdf42fcdbb3aae2482e4fff9

SHA256
fb86b1a74a58ae8c1babfb536090ef85a701495231e3554bedc7ca5945dcb2f8

SHA512
25c5dfbf75e63bc39877d9be293a28ddeb70692563e1635bfc23a8cf3b0d74a5c7536f8b2caffdae6bb61fef7962c200109bc37bfcc342448850bd952f1f917b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
e2dbc734ff148f2af11e140cf801c378

SHA1
f0591a2d2f8a840e528ca0648d381db6c558e8d8

SHA256
7ec2fe23890b864a8bfcc57c5304e1b6c0609e78387bb8ac11d844f22fe10bbc

SHA512
fc4717876aaebae5cf969ff2db3d3224593af48d9e11b1a650a6a9c8f2d1bd61e0b3f357fd45b8a7daeeb5404acfa8344bfcdec7c1e990db3633af8bf7c7109d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
83cf8e36379c66614287347113f258fe

SHA1
2eb0b79ee59bcbddeded56cabfc2b35e7c5331e3

SHA256
86b10c50a4991b8ed5e366047946c584d410e3ede83e6594f65f862d5ede8541

SHA512
14602a785a45d3e7a1d3fee6015074e601e7d21a0b63c8280239142b42ab91aa53e95d7a74b24bbc215cfcb9ef909df51db2082da52bbeb2479cb5087c9e1346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
4d1f179d0f92f72737648b488bf34ed0

SHA1
ac8d212ca39f8bea84a6210b03d48d270248519e

SHA256
f5874f8acc159cbee1d0a95eb1bb280d0ee8f7d65623dd46427f09833b310a68

SHA512
d819516d58ce1950b50e4facbe10f5028e5e1f5892fbfde7cd4394835fbc30cc6a38ae9fefe1d24ce99ae5471c054f476381e626ce9d7f3d3a3f064cb59520b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ea1800b6248bc240b81ce458492f6828

SHA1
59f11405706bf27758913ba141f212b3ae919ddf

SHA256
059057d5e053205d6de141608c2dacc2043025f6d75aec2bac6e0518fd1f4c5d

SHA512
d5fc27e17e2941f97964c3bedf3a5b1aa66c8b99639e3665965a410a65b82d11a74eb38d3f248f03688c41ed9ffcfd55e41aad372a89a96dbb8178bedfbe054f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ebfb0a6d822858b7a38bcd9559bd32bf

SHA1
86378807647722802e40da4d91eb5e0fe484e4a0

SHA256
2e7824ad4317dd879a5744b42038cb0868bdfce5cd343b318055e03d083bfcd9

SHA512
a5e080d2a5fd153a170f03879a60060dc128d5185d7ef3669ae72513f43b9253919fa4ab43c61e86da02d75fa4ebee3ec0e36608c7c8832a3cbf39e98976c919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
05612fd2bac2050f7285e9ac37fc64c8

SHA1
bb1c6f4a7f32f73f0890e87316e123925c1b8a47

SHA256
0291ca123a432039275ff8fa445fd65250eb1b1448c763198325692e78536b2e

SHA512
2a80ebd3b3212bdb14e35611d7f005e118f9858935ba41af29b1385f2cfe2cfd36bdd468d3783cc36a5fd64ccded3d1f89141089f5342661074a298e726bcef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
d5509c8d6135ec08710617c128e85754

SHA1
9b1925ca093f47ae8cead408cb3afdd1eb05b14b

SHA256
2dcda94af22e4fe2987caf3dcf66ce0551f0bd9f4f250270cda727d08ed960ef

SHA512
b6638115e6cea552dca8e9cca4b06a29571a7a420ec2dd69f017661a71cdb588f63b405aa331ffc7c4a6a0aa82083d56b86b66cf9b43f235389e34b27d7185ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
957c693e5afa70fc63503f10c897b99d

SHA1
c1073a2cbb376148c35bae88e22c77851008b25a

SHA256
fa8a576b3559796d229dbff1d8dc597339ee674a3bfe8da524f65808b5f8c571

SHA512
4f68ff9113ec0fbe0b6ee860c8c006a0bdffbc12c65b6d1a2d8811f615e37ed206e2dedd41f6aa22775ecd721db0e61225a1c94880639875b03aa42fb063465c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
22310124b6957b614855a91ca0ea9384

SHA1
373f2fddbd492041ef87677ed810c8f91d927810

SHA256
958335148b74f6d94d8049089142fcdcb6c8eaef5e87ccc35d5995c4ef03b649

SHA512
1fe982cf60d7ab5dc034d6f60f619fe3b66506090ac94f45b00b6e74b8d40a89a6b7d7c14da4dd8c73f95f78ab22c43dc6dfb5953aed014a41a162f212bd63b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
8adcfd503b6e1ff243240f1161724787

SHA1
138592b0c0d957f02cb1459a9adf1d5872473183

SHA256
a560cf98478335d5bbb45f0f1c0265634ac19ab35e9e7c71ca805bf0a58734d0

SHA512
8c9cb9189c67a135b2493060803eee8bc223c714ad07d572d1fc0414bb17c65bb07ff80fc54a91da7484b4b8249cac78e5bf5da008f62cd72e86958ec941f8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
fa3604fe33713484de7a4067f65bcc56

SHA1
78681c940801c4d75b9903328e67f56b18f33ed8

SHA256
3f88277139a51bff17016337ae43f2117d04c8471b9b7e7291f2eed2d7c1db1b

SHA512
e1a69e7a8c31675f90cd21c67f28bc47edda3e89e1562f2e9f0ddb717fbfb1b87ca19c088a93eb00f19e3927b28aad16bd8ef3cc8f4a36bf5f413c633f12d1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
f4ffd4d6097905d69ddecaf41fc6b7c9

SHA1
85424f98d1e2b3d54236818ea86c88cc4181c399

SHA256
063888517c660d50f8efe69e98d114af6418094623206cf9a90025a2087b10a1

SHA512
591e15ba0ce70b6eafdda5a1e7de024ff3f036f1c43c15c7cfb13b9a1cc4cdf375a24536d623879b8a54dc594abe8549d8f5419a644a97c0143d65287b87993c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
357f96fa8c01dedb4c2da223879db371

SHA1
63edc8e251a66d8984c05764db034dc8c980b680

SHA256
b4501207fcbbeb4cd1596876ff6480aefbc2f68264e2a64e7fe85b7746f22ed2

SHA512
24aae18d12c4659550dc9d43f10e9f98fb06d44d684d34933691ce61c36aba4cf4c1948ea903c3c3a69ef36d1a82b96339a6acc23783962eb38a48c5409ef387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
c65e919dda87a81dce5e1afe44e68b11

SHA1
3bf8438ec436664965ceb2269625820d9e9ad5a5

SHA256
2c5f3db2c217dca6d47a9d7d89eccbd3651e9ef478a864cd22cbeb6dad36384f

SHA512
c670bd1eabfd0f00839471f2f02590fdf647ecf5c7f4853a4b4795f112f1789cde946806dc46573c4c14526421061593971549e0926c1f08e566de8b2ec7a6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
72489e8fdac9569aa44295c7f144610b

SHA1
d846ed51b8effc12676ad4f93539fac319bd6c62

SHA256
1bd65abf5c225046c7e63d860513ed37e0edf84d3f0950489a26ed5374ecb507

SHA512
4f92ead4ec8b298c45d22a310b5b35c7353b32d138e14d706b03da6052fe7c66efacf98d9556c8c8f8e934787313e45cfe83f947b4cc88a0a0cfef2b7db50618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
e0e905801561dae746e47c308fd796e3

SHA1
ce79b8da9fd2f951e6a4a91be4c7db5b10313ade

SHA256
6bba61fd1c06290c1039fe35976568a9f8e39f6e2d7c1d7893c916b3c29556f6

SHA512
ad85fc3ef3d2ca1298ab3f251b561db9e1111859af2ea35c2d6283db6cd10e50c28b3574fd80179f11bf2ab0cc8b9f36600d3fa19c116445364d76c1e72fbd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
e9e0930c5e1e0c2a59a7b7e893d9e6ec

SHA1
2cfd17f7f198d544ecb78779317c38eeee4f9040

SHA256
d2775570ef529a47f3e74680e48c145ac913d30618d465cebc346a5398c1c701

SHA512
0a888f174d961f8ea61929506c378d78d253d6e4f6c97915d3eadd1508540612e4522971137d3b98b418157988257e2b1b9cd232fe3411dc016c2a118fdcb282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
9a77dc87f183a47c2465f347142b371b

SHA1
74759cf8cc64abb015264ef5beb2d689d65cf7cb

SHA256
fe938684624cdcc81b4d3c0ed39b39414cb43172f6b0310c782fa495dfdce9d2

SHA512
3bf86df1cd2d565314838ed338d6c968f8a49c43a797f9f475848c288e8780f4764307850c9066dbfc48bf76e118bfc9476c838322de40cc8b46de8d252f90c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4ebc7c2d5245f0fa18699d843e588462

SHA1
6fc265b780f752684e29bc745c4d4104688f12ef

SHA256
baa7ad330bd012e4abf2e7b808ad7bdc3c8cbb8d794b9cb4de51bbf8b49b5023

SHA512
475b7c6c8a1fe7b7f151f9be81e126a0317e01e1484eba4057aa957f167071fac84fcdd2ccd38c75f35f4bf4d0671029f5f3e9610c9ccb68c087b10bc3fff791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
fe6054f7d5947c8a001180d02511a214

SHA1
0918c9e14fc2909893a5e1680d8c072f63ddb4db

SHA256
c3b41a737960c684d5a3c48952e20f3896bfa8f63053d90b4a13e2c38d6f2355

SHA512
d73bf688a989c796bf35f215c987d9fee21adc0a287c916b97eb28b3a7f0258e89a05714d99777af2ab68de79fd550e3f28620fb345680b10258cb0169b2353d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5991ea2409b1f448fc1554b3fb405c77

SHA1
f9bf04b1158fc354332947cf765df8de9f543eec

SHA256
452e96108379e41d0487c2ccddae49eb7a7b8e87fd6029adf0bb7b6f4a4d2672

SHA512
fb5b23d908a96c30f4bce11517ec48d069b90025661320c3a30b7cf7fa1abaa26fe5533c38cfc8d059f0e06a2e7f69c63e5212437a01c535d889d97d15c3e824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dc35b6fde659660ef77a262859fa0545

SHA1
80cef0b63ac409cf358913661179947f4677ba3b

SHA256
dc38556341efa824205827e06adec19cf9b9dddb7db26a4ccd3e0cadf5e2cb24

SHA512
149d641f449b0405c775a28f1204426b543d7193bc901771dabb46f6931a68184c5cbc4fa95e6cf275a2f6d13b9e20d3bdc812f1be90fc19232c117fd0b22c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bca01a9f0535bb9a7771d4d41711b93

SHA1
d7c54e70c533fdac449a5352eca7ff31d82b5975

SHA256
6c839deba2422e0dcc2f55629e7bf1153ce7a601668caa34dec9b602d7637a18

SHA512
ed89e45ac72b45c4bdce8b1b658ea76a141a132aefc8243b6e7b9c7d1e17d8e7698fbcee840ab30af6966075f8cc3afae5eae450973b15978f0da7db860ac7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea4d32829b7b9760e84bd6a872885b95

SHA1
4d95401b054f215ed1c12166dc3d9e7e4c77eff9

SHA256
b1536b8c729b8d349041d4bf4e5899d5eed28421ca9ca84aa91e77c9f4e3d9a2

SHA512
f0dd91d71dea075c7504006fc92097e8646932d23f11b6a4774f0cc8d4321edeb161cdf6e59528a909c1a1bc26040e1bc44f4a506f5c3b19c1498f2a7f17194d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
504a2e3caf2ef4bfddb4d75bd159b0a9

SHA1
05565f4aa6e8aebd9ff54b4dc5ae58ba83a9d937

SHA256
bc56bed237f2ad427265c73fd601b25e739bf2d105f6d0debabb064dff6b54d5

SHA512
f0061ca80adb3ce8017d4fe4c1a85f23f86fde4604dba220d83d8190937d1ce9405470ae445930c3bff78bf7b38158ee92879391652daf5658a85073b2617eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
996a5875dd2490b77366036db6286cbd

SHA1
3e0afe7f5cc93d5ceee55fa6b13e5947f9a14b1d

SHA256
d8e3cdb5308e9ea77e57d813f24de61ac31ebdd7ae098073ddf238ea35182a40

SHA512
ac3d03516305b5e262a96d2aa63a85f307472443b4844e2c1487413f3af940a3ee09ab62517e9b4887af6472b83c65beae037bf19437ec095ed7b9f01e634d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
6bf5d1e676edffa8ad7d823f7bf7a162

SHA1
e7f78f9f209979444d22d15b549834558fb29ce0

SHA256
8eb7ae7c3a9c166776d17f7f864e30d4fc0ff40ab1e98cfae40a10e4d8e94477

SHA512
98fac989c0d9f7f5645289f16bf77ecf7d6cc56f185b5d7b4c2f24f8bdaf0535e8c5c80cdb3ab0cd0e4af317f29c377c05c3ec5d24ca06fbe3b6091b5e7c30f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
af255f81eb3f712d195c30ef640370e3

SHA1
73ff7ba2953faf46a63906a3ad3e5b723a462be6

SHA256
e2be5ffdbdeb409c1fed193678b2537780362ad382a4905f560108f7dc201049

SHA512
995aeb9838a40e788311d5d4daf36f7b5b68271e7e060c0489e839782ec187c4fed0605966fbc7d18dac21eec4a9ef6c47c754f052ef34b97f154f6b5f727e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
f058d9b8b4a4adf15f4074acd22b6764

SHA1
6a2b8244a6b92e85ea36d5680b7add6a340ac4e0

SHA256
c6383b1026162d2213c3717b1b91007be0cc74b76035d32af0f6719c30699066

SHA512
209961a3dddd9917d18a3386eee881518ed1d3e990fe60256b9236c72da07f8a91904667b0cd2ffaec8f7a15933f7401796a63cd3fa3b0a93e3c6c46b6a45423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
84be38f32218225ced89f6fbc6d2818e

SHA1
9191a105970fc9ac8fd0d985404a21d5f2bde1e8

SHA256
0374e296f61b058443a03a955f5de0bc39891885f25870479c916444cdad0c2c

SHA512
4264e20966d976199ff8112497e706e501f0287c844af9d7f4fa118d9ac5cb03ca4edf885fa3e9f6510ea3c33e83eeb530bb513d96ae6de9c540783cfdd1a5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b87ae0df6ec1507f94826371edd0f0f

SHA1
e6602e75387e2d244ea672f7ed347815670c21ca

SHA256
1eb16301de4902ba1273422afa8cfe96e9e6a7465b7ed666b560139b09bb360c

SHA512
99d4f7727e858a5b71437b46107517ddc21f1b79636047627ab66d01c74d0704d02f676716756669a47c283b1b0526c4c9e9892fd5fe3507e2ba1469ffd08cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
82404521d98231256f8f560397024dcc

SHA1
e7765b25f31189592b31bd3e1df1ac160e5d74ec

SHA256
daf33542b72d1d6774b8e6f3141b9ef5001b80220f280d9ab67ab144de740540

SHA512
62e819c2ebd7c244a9260f18a08c4688aa42ed171cd607a8d1db67223532c34791769ef6780556fea103e9109a1ac0cee1a3145b3a960c5d228ed23086c6415d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e27cc5783a86df2b7116c193a36e7198

SHA1
2df20ca7031b04eaee9359a5eab4f65036b40cbc

SHA256
494e8f6b8ae2e1f0b4de3fb04457254ce3707fc9630c6c7a6bd285b6433fa3db

SHA512
27efc93bb718baf1b3c65aec6dae4ed3090c7118d6aa574f2da273f6c83e4713af73861144f3b4956d1d159a7e27f0b229c584c4fee9b6179a1b124b513779e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
a6fc14006b5041de11ea0ae7a9cf9396

SHA1
5db25940adf4ef2c5c2f28089ebb9ec9131c6884

SHA256
cdb7db118e02121b457f0631e015e23566ad98d3ed389c746b63ab8d5724cb65

SHA512
05003dda7e5ed0482e77293d7f308b043d66a18a4c922a6b652343053b922e2a36e5f3e301deaadc39d53a58ef7c7d99023a1e4b939b0872191fccbeb3ffecfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
435c6505f52ff9b880aed1e8cfeece4d

SHA1
77e5cbf03b6192c93494bc96356cfa0bf14d541e

SHA256
76895e03c15dcf969630fcbe58c7a9074f87f407950cfbcac8ad95398462f84f

SHA512
7cd8e951b32955c773c6e758958a5bf843e7501700a0ff384dee49374295459f4b6773363c7b0987a3b19bd1e7568ba9758c585e190595f2e479a134a6b0d72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589e8d.TMP

Filesize
1KB

MD5
7e511eaa1c8a47d4b77e2c54bca066cc

SHA1
b7ba8b6130f24441e7d625b5db4f2cd9d04ea94c

SHA256
f5e202b8cad60e7b68630a6df5ebd631235ceeb5ede926f3262c9150054cfa72

SHA512
f4643fb84d4ca32eb9ccd656086f6c9f2dd8a094c54a919a5ec001057e1b47c4fd2d7438f86b1246cb0ebe7667ce11d447ba46d4ccbaecc79ca75b0b1d0b52a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b53d271e-9cf6-4dda-b88a-c392e9a92a10.tmp

Filesize
13KB

MD5
cdc5fb5710d6d9cbfbd825ccacd19d94

SHA1
80b778f69924a02ad697225df05cb836438c4632

SHA256
036068cfaf66b9d29abfeed1355b53ecc1eba906da9db1f1da83417a4f5eaced

SHA512
d68480013b42f82e81365d78131cb33d1c8d49e83b2b27959bbfa04da47986c6d4f185fe699951cc86e75e62f9e770a533874327433e20983445437d5d0856c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000016

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ab9f7c3df232665eadc6a16dae366dc

SHA1
02f92d84220c1d3db9bc242d132410f9100eedb9

SHA256
88926cb21a8b67b832d6713c3ccdf0fda041b75877273af78e7eb6eceb268863

SHA512
092059d62fe0911f1e3790402f3903da7ad8631d61c7fd250d74dfd5eb8afcaed0eaae87fe67e9c17719bf1f43ea3097f06bd6cb56f5bfe4a3e1907cbf9ed966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15209b544093dfb58ea5e1276551a735

SHA1
d94925b96790ccf573bdfafa819b183031c46591

SHA256
66a558f56fafeab29995fd23e874e6ac6c98bcea2be04f69c1e4bb0c1fc748d0

SHA512
853ac3c01d41a9ef659682fca852edea8d46a66e9bd12ab93bd4c7a2e55fb3a38c3926cee125995b0a7c95c48d987044babb916fe899b90caf13a42d86a36417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
671068c4bc641c441a94997d2ead946a

SHA1
590126ba346b0c6b2254e59da269249b8bd4f818

SHA256
64df7bfcb9cb05c1c2da9b8ed7d59fac1d89a38157a59b0edc46bd230f8043f9

SHA512
77ba2c67ecdc211c0e7d0d9bfcfbba5da75a2154a043e164106c3f4e50c41e35c3529ae02152e1f24b00d4be7f08d4be86299a5b64da114712d916ade957f24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5391f459634bd331ce024b7693fccf36

SHA1
d00734aff4b787f7097d4889b896f4538eeec3ef

SHA256
fe8c92b99ea3719d23988b4a737b3cf3b7f39d3588f5a25e6ad7383d29080978

SHA512
f26067137b74d17b8ae44c30ead9940aec2d2cf71f56171c302e2bcc1bcf2ad9cc7a686d45f720473068758a7ca2b5a23e3830012fa421521173ce1894dd6584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1380cef7cc3b39b56e886ed144b08d91

SHA1
a40915444b013f4696d05f8c380cef84affb91e4

SHA256
843431a7d6607b39ee9d0e79c771df5568c4fc6a647989ab35512b760dff47dc

SHA512
e65f4dabea2ef474aeaf6e5e54447198aa7a385a9c45e58eeab5c87d550d1dd34554add09e2a2a88a5213403da25100fa7b2255ebc18a707a13d2db95bfe77a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bde093ce79bec2c5285ed236e41500f6

SHA1
2bd0ff8307881be0efb1d5250d5ff73d2e012ea7

SHA256
b95b618ef6789cb0fe743ebe3137140ea3ce980559af5558152849ad7b9b92ca

SHA512
b5343ffd559765a8016e9927bb88af1340d8f3aede1946b74b7e02a0a90b581f53e264bdfd785b4b2d25421d825b5e02d4bcf396fd60983480400e8ae53ac570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b61679bb27577b88f5d69180274fd32c

SHA1
079993a01aa9ee314227514e675c0a5c539ad5cf

SHA256
936343eab2659dc4b92ba8a5a6d2fad6ff5dccc80dd02b12df27b9ddb81133d7

SHA512
36f99a7b9dab7aa9663e20724eafdb8e94d00156b189f87d9074fb06466c42cd030a8c9f71dad7d3fd7930e2d46dadd76f513906047b706170075e2c9390b406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69a24c41010dde2112b13f985a5dcd32

SHA1
9f1b5af84f0c6040a2f271f387f20bc0b9fe6ce3

SHA256
0a5cec253c225958d11890da2d34722ea71a90e6e5a84e9e44c90cc7c110d39e

SHA512
18354139b6ce15889113023b1ccd9d24247eb3e8aea66998e3430a4b4368c348690c9a54d3b05ea4330528ac2393c2a0cb4cc722d19df58a7d6c6f3c29634199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
24536d27770a36cd96bf3120af912a32

SHA1
a57429452ac6e11fe9f051fc59cbbd579ef6a06e

SHA256
2eb2fcba95ae4360c9f72f08ef551ed1b427132738fcf6704ebca610c9c74559

SHA512
14f04383c0aeebeef2f245bc1e76a1491f89d2f91c1a1a50e591bb277e611367929ed36e6a3cadae44c135f54794637c2580978cfb713d0e17cf5169efe5a976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95c00b464671e1b0baef9bc1b9bb9688

SHA1
7836d7b9d05906ae4dbd14d821dce81ecb2c535a

SHA256
c6835498058768712d996318effac575551e0dae8e605ac09a3e0fe78b92af47

SHA512
0b0bc0ab544dd23dbb3cb70b90a09beb9bf806394e07e66991dac037151dd773b3b6e6688f7c2acfd257bca041552595346e536a4da5548034cbeb277e24ecdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5feee9021f9ec9158cfcca028907fdcf

SHA1
a2cc7c4a9ad7ffcc57b48cb3199373cd23798cb7

SHA256
1513ab206034dc8d45d5a5c455d29f1f5cc55bfcae83713accaa86de4f38af1b

SHA512
62d24332d6541813120540b920c5e3552c230e677f1877f5d46a3caa555cf5cbcc07efc590a384b6ae62306637063e8e02fb51c701a358fe561217b601457d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
d2fc8e601a24f9f88aa2914c71ebb405

SHA1
7af778c42cf067149147ff20b47fc0a892f97fde

SHA256
972ea4d47cb295dc24d75ab5fbb5d7081762f7df3e325578a7ba0ad001bf18f2

SHA512
04b3b674f33184b1eae404f0f7cdb58a91fcb491958e57479c4fb5aac0eede17f1f22ad6621105f7de5ae11191fe3bd12cf1067f25384d06fe58f387914c1aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ysnifzz6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
43b473ef96e47e4abd5663d30d4a0c00

SHA1
001f4a8b54981f83b73aeeff4c8c51b8deec8be7

SHA256
60a509e55422184796a1c2ca7d989d1b096ec63fc92d70d59e4c3c25072cb3c0

SHA512
1165c3e6d49d88143d3c7f36d7bc59bcbe776cd3068ea96af8ac2ebaa68925658bc838b8a029371c8972241c964eec5246f7faf5deb89643afab45ab102c42fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_brotli.cp311-win_amd64.pyd

Filesize
732KB

MD5
0606e7d1af5d7420ea2f363a9b22e647

SHA1
949e2661c8abf1f108e49ddc431892af5c4eb5ae

SHA256
79e60cd8bfd29ad1f7d0bf7a1eec3d9abadfce90587438ea172034074bc174ee

SHA512
0fbb16af2523f374c6057e2cb2397cd7ff7eee7e224372fd56a5feada58b0cebb992a9889865d3b971f960ca5f3bc37ff3017474b79ccc9b74aa4d341b7e06fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\_uuid.pyd

Filesize
24KB

MD5
aea6a82bfa35b61d86e8b6a5806f31d6

SHA1
7c21b7147b391b7195583ab695717e38fe971e3e

SHA256
27b9545f5a510e71195951485d3c6a8b112917546fe5e8e46579b8ff6ce2acb0

SHA512
133d11535dea4b40afeca37f1a0905854fc4d2031efe802f00dd72e97b1705ca7ffe461acf90a36e2077534fe4df94d9469e99c64dbd3f301e5bca5c327fdc65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
37KB

MD5
4b5dcc46170e4ac810a59ca5b7533462

SHA1
1eacf60fdfd427909b54f83518612a4638930225

SHA256
704cdcfca773ac658b8f84335f29630707c216f739f7fa5970b1be57f13a5b82

SHA512
c2e5b9b40f267f375234be9a562882faa1a0e82f32a951233464d27879d0b1620099bb800de3e96be277bb3bb44ff421a98a2f0c125f28652c2b6415d0fb4dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\aiohttp\_http_parser.cp311-win_amd64.pyd

Filesize
203KB

MD5
a7b4711c5ba1866745485abe14101ac7

SHA1
c37158cbd0fe67f8acd61596f63cf62bd2985431

SHA256
6688f3dd5b7efa8008c5ba776f32cecf5b42887b1b9ee21555ae3e0d4f13d2e0

SHA512
f952ad3c21b649e13e64540713a61db6d49b394ca5d62add7a5fec2186a8d27131ba038d449561b77670d3deb2358a8254e4e205ef20228e27b1eb8234d0e843

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
34KB

MD5
2f2a2b2343549e990419df0977e3fac9

SHA1
5724b63e32bda7d36285f79dc9ad57fc97ba5415

SHA256
9569b0b501a0235388d075baa4c84e5d571169ac6ce3ae9220cde31a5f208b94

SHA512
a1b99dcaf01666c3ab9755d55001f3a18344cd70c386ce1b2233b5c6b8248b59d95804b450f9ee9c2f51d6293c4e748b9347540ae3f247418a1673bbd6ef466a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\aiohttp\_websocket.cp311-win_amd64.pyd

Filesize
23KB

MD5
aa40ac7a7d1d9a10da426701ea49508d

SHA1
bbd083535e20ea00bcc40de7b9e625ff5c74851e

SHA256
b892cbaf1a5b363fb66768194cd4d466916e81981bcb63c2989277114a4b0c10

SHA512
eaf14159f5f1b70dcb5e6416804f306ec5f4c235abf431a27bc421861117be8c6ec5326c8c703c4c3764b771e5dbac37e6b93ac05f9a632bc83788c476eed8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\base_library.zip

Filesize
1.7MB

MD5
df673df8c5f4b100f5588b8cf1834b68

SHA1
dc82a6a581fc4ad98ef94046753a107f3079e2a8

SHA256
61f8ceeb90d4321ea6b9593627ee414acac0de654327e703c679aebc8c520c6f

SHA512
6836c4bc80a15b89401006d1b061a7ce7c1431b742dcc903bcf027713bf8886189f88e8937dd13bd2c5e21671063adb09939d1c1fcf2db755d8935abd846dc3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\frozenlist\_frozenlist.cp311-win_amd64.pyd

Filesize
50KB

MD5
34c2dd52c9e920e035444d6cbddeb555

SHA1
3ff99987b968261e88032652917f137d4a6a0493

SHA256
55814d323ee1ec6cd6145ae8f43dbf44d9481e3592aa17b5a17010f7e401ff42

SHA512
8f0be0a3e2588bdeff9f5c4eb728ae43a58a19b91596adca0c931d5425a591178f13dcef68b1b949a2c805e1b9963800397f661688fd3c299d7084efe45adaf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\multidict\_multidict.cp311-win_amd64.pyd

Filesize
45KB

MD5
b92f8efb672c383ab60b971b3c6c87de

SHA1
acb671089a01d7f1db235719c52e6265da0f708f

SHA256
b7376b5d729115a06b1cab60b251df3efc3051ebba31524ea82f0b8db5a49a72

SHA512
680663d6c6cd7b9d63160c282f6d38724bd8b8144d15f430b28b417dda0222bfff7afefcb671e863d1b4002b154804b1c8af2d8a28fff11fa94972b207df081b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI1922\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
65KB

MD5
0edc0f96b64523314788745fa2cc7ddd

SHA1
555a0423ce66c8b0fa5eea45caac08b317d27d68

SHA256
db5b421e09bf2985fbe4ef5cdf39fc16e2ff0bf88534e8ba86c6b8093da6413f

SHA512
bb0074169e1bd05691e1e39c2e3c8c5fae3a68c04d851c70028452012bb9cb8d19e49cdff34efb72e962ed0a03d418dfbad34b7c9ad032105cf5acd311c1f713

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI77722\lz4-4.3.3.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\kWx9jHgPM8\Browser\cc's.txt

Filesize
91B

MD5
5aa796b6950a92a226cc5c98ed1c47e8

SHA1
6706a4082fc2c141272122f1ca424a446506c44d

SHA256
c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c

SHA512
976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
2767c1943553bea64bf07272a74bfc59

SHA1
8ec592ed332c10e6fe5907874e606556b2b6a11c

SHA256
8a689e410dfdbe7a6498e47313ac2356ed2b9b66e5084e4ef7e92602cd56980f

SHA512
5b5b641120356eb66af8cbc7d633d8dff6ed01601ad888a086d3b89839916fc94542b442d6978ae53e1faac11dc2a4e23fcbb89b4bf9fb4e3d3a3f6bbf33f4b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
087a99008597a49c18e66ee538524aa9

SHA1
5ddbc6a0e3f2f863649a7ee4700415458d98d3d4

SHA256
2ec14e504517018ed0f44102759f0955acf68cf55a03d74b6f2c146a59fd44a7

SHA512
4285d61ffbe580a5bfa94e43c84d863f4945ea85ff5783c81e6c62722a4ea01caa695cd8bc51a80348c09f6e6e334d9fa61476054688c0426fc71e301992fb32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b9ce2705c072c52b8a04e34d67678cc5

SHA1
723bb8847c9b78f19b8aa8c2fa8d6f3145ea9b14

SHA256
0d040aee3e6111f9e3919151aba4773b627300a6013d8aa58227d58c82a24e35

SHA512
4589db1c6cc6e2659636a853f0102eab856d84fbf52f085c7e1acc9aa7034059e8e0e304207c7851c848b2783022c51e2b5f83514774b520ae5011febbaf415d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
96af4b3ae737890b92fed351dd0720b2

SHA1
f34cc1424ed9bb5beb354a78589b729d6a1bfe43

SHA256
31156a6b7f299493e8789f3215b95850409df8598dee71897ced1ba8442446e2

SHA512
51aea39f30e304df55ea5c014b2e75028ee1919543b2cdf255185f864242b46d4bc048d95d309de94a23ddc1308bdee99befa107c216db08ed425f8a329e1be6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6b2c2f8c9c3b7f9fa783c9f7e054d263

SHA1
039807b788e9b928772d52bd8bfd5944028c0ad4

SHA256
0a15d9962aa25b3129df1d5cf9a3be526a7625c2f7132e6b34c9f141cc342b6c

SHA512
3b12f6bfc526b13e187c3a496274d7cb8f5b59060233714bf0a4f55fe50109cb909dbfa963629403aca5f60e7e742aa0259302024d913b10c961043dc1c942dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8c2a2bf9f8f91637a5a8b533c534b754

SHA1
5c8d6e01d793c29a93e7be16854f1169d7104ae3

SHA256
0ec728de5f6c95b9e2a9a960eeb6571a19da00b78358d378ecfda720b5e62708

SHA512
729a54274bf3deef6a944cf93e18ca15b2243139cea52da64c7cbed2f2ee03ebaf6923de1c1b89f4f58f4e64d6a221f1bcc78489a4004f2ae454c8fd2ab8da14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
894d57b4b130d7388a6d3cb88883b60c

SHA1
4a871fd3223fd6ed1532307b9bef4f4f58ba8e60

SHA256
7a2214c5655968cce87a0484f16a2abf727b65e0e452396328c8284571948e14

SHA512
028211032bb1f67c2b16dd79ab144f95cf44b7b5da0b041603ed74ec94e24cdf891d7d923e34ee3961617ef25872a05b1026af545ba09e41dd8c38f11a76909e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\pending_pings\6eb28792-33ca-4b23-ba5e-f1b75eeee590

Filesize
772B

MD5
cf236830f62f248f41400be8b493db12

SHA1
dae2ddd5cf2d3b2208db39441fb98e96b1f4dcd7

SHA256
ac1039fdb1afd7b942804b7907ca567b09c7b7efcfcb1dc336c6d249bdff2c77

SHA512
028c1f5c4982288cc2f7d96e935da6baf77a510f2d2e7a43d15303b4663d0ac0402a42a88e05a798f1ea958077a5419f52398b355b2083fdfb28d83a40f879f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\pending_pings\90c8760b-a9e1-4bca-8fa7-9da12fdad9f2

Filesize
671B

MD5
d8e9847c38294ad8975759a79567a5c8

SHA1
e9707952fc095c880c62b3c7b1775e17ea910ae0

SHA256
6e663037768872b1bd35bddf256284456f2710194d1e4b14bf3924f9492de378

SHA512
7452bec3ff4db4c1ce0daf602aa1a23b65427d699dc9c2e1f4da1cb03dce663405002c649e6f8f6112a7d678ab6805d5c390baba87feee0a2a3d3ffd066eb51b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\pending_pings\dc5afa75-8a60-41f7-93f5-6e836411d9cf

Filesize
26KB

MD5
173e8a549b037d3f2042c4445316bd12

SHA1
bf8d42f3082228665825fde2a57d2a3e917740dc

SHA256
46b612b720b29fb1305471f3b1355d2261977ed31e7f8ef37787d6caa6dbaa4a

SHA512
59b6c57d20acea324d3664e7692a486025287614bd32932acf317ed6b86e14d29362cf6e68061ba90180651d952f048bd539e30156b8a7b06bf7a00f7b25afaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\pending_pings\e2141b25-c4c7-4fa8-83d7-ca4b6b1b033a

Filesize
772B

MD5
fcd4bcc98f78554feafdc4ef545255a5

SHA1
81847f34bf7998e75761e31397b774df0120c84a

SHA256
3f2517e3836e0e8824f0605de2eb4b9cb585308635a44799f92825d30a595f47

SHA512
fc1dc52bb51f6cfdd4ef476909a6d109fff9554b70800d61aec8fde1f4b42e8321479cfa938aa3dce400ce67ee9042718743c673aebb9a0b0500e462e8935809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\datareporting\glean\pending_pings\e8dbae27-560f-4e19-aa14-fdb795cf5ce9

Filesize
982B

MD5
c01c11d0eba2102de4c25cf32fb56051

SHA1
e3279ea0e6276f9edc8fb00dd823fe23ae5dfefd

SHA256
b43fa580d7e263b0e137e1ae1d61a4405b05a67d46e0d69e49f53c83db7ba8c6

SHA512
482b8dbc3a3146bea26ce66fd02113c6f1a4282bab4d8c1c7d932d318af3aeda0269c915c565fcc0aaf62b172ae158ebbad777fe86ff40fdd4f6164789b17f4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\prefs-1.js

Filesize
9KB

MD5
35d815b2345169a13cd86afaa84bf3b9

SHA1
6a6880130673a7864ad0ced52a7820649d39c1ed

SHA256
f6839b48e362e49dffb88e72f35dbbd3b16f5497c9b9fd201b96a2931e2dc46d

SHA512
758bd962a3a44b3f7d3b3adf27cc43f09af5e44b020b28c2ba62da02acaf979bec3ccd7bbc721389207075219941d7b5cc238ba8803bd75af4ceb9f4ce9b7fe9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ysnifzz6.default-release\prefs.js

Filesize
9KB

MD5
acef1726c29e54caeb0e1feb0b7d59fa

SHA1
00f9f69292f0640a9551daeda20de4a55bdde624

SHA256
276a7c79e037e33c648fe3fb36d1d658321895772519cf7a2d705a8bcb97c435

SHA512
44a8c47139317ca8dbb18bb1c53ad5e46bc4b03847071f3c26b6e5436b0f9352c6d41c643e5ed2000a2df9ec9100230b07d686a78d1c866f585468645a36cf81

Download Submit
C:\Users\Admin\Documents\sweet.jpg

Filesize
23KB

MD5
58b1840b979ae31f23aa8eb3594d5c17

SHA1
6b28b8e047cee70c7fa42715c552ea13a5671bbb

SHA256
b2bb460aa299c6064e7fc947bff314e0f915c6ee6f8f700007129e3b6a314f47

SHA512
13548e5900bddc6797d573fcca24cec1f1eefa0662e9d07c4055a3899460f4e135e1c76197b57a49b452e61e201cb86d1960f3e8b00828a2d0031dc9aa78666a

Download Submit
C:\Users\Admin\Downloads\Bootstrapper.zip

Filesize
14.6MB

MD5
17e276cc7ada4e40ef1748326799f0d6

SHA1
d67b0405d15474678635851b5e03d97ec6f205f3

SHA256
02f4d55a3bb2287d7af941d6459f3efd1469a300400bdd32748547a7343ac6e7

SHA512
9b5945089117c4b81f9ee62eb1164f94ae7d67cd735081cf434177a567bf2c1f4298b07ab53622509eb2c44c23526ac929bf19b4ec4d5de45034bd65847e84e8

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 168579.crdownload

Filesize
2.9MB

MD5
ec429587b94b0288039bf1492e3350af

SHA1
acfd0ea4f9d321a898fed79e2e8e41e04620625b

SHA256
c372c94338eaaa7ab2eb7c5b6d1c9fc5658ec62da7f5fcd04e2d4c72d900ea9f

SHA512
79090e46a9f6e2cc4728aa4cb5e48eab80d18151ae3257cbede4d685b80d40b56e2ef57a4ab37ddf90ccd67e5cd54a728f559fcf9fc32c6971bb88468c1ec88d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 570521.crdownload

Filesize
795KB

MD5
365971e549352a15e150b60294ec2e57

SHA1
2932242b427e81b1b4ac8c11fb17793eae0939f7

SHA256
faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42

SHA512
f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 677686.crdownload

Filesize
7.3MB

MD5
e16e648456a76cf6c12be47b86b4401c

SHA1
a033d9a48bf918dbba65ef29576dfdcb5db2194c

SHA256
3032ddec0e6152a0aa21929060e8fd6fc0a55c4d7d8c534fe6be24775dbc39ae

SHA512
68f335d81d20b8e5e273310148c011aaf8c2d42f2902da31653f705090f2c86f6a1c872c40e776aebd0c394abc32b87efa0213c95292467fa3b5ba0b8c9a6d6f

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
1455b9682550f15f25b44d09f9b8b0ce

SHA1
0c76a53076c028531ef3eee27c36e99800694230

SHA256
bc5e4b0b407468cae5fa1bbc2f95c7bc19d7e5bdd9b3d4ad2131aae8be247986

SHA512
08dd631114da14b79346629bfe50f5a5b8bfc886362e5a9c226217ba96c26cb9fe03f99cd8d9c0317ddcfc21102214b3cf74515c8d3ceb9c9a8d302ebe51eca4

Download Submit
memory/560-6777-0x00007FFA82110000-0x00007FFA82124000-memory.dmp

Filesize
80KB

Download
memory/560-6792-0x00007FFA7E770000-0x00007FFA7E7A3000-memory.dmp

Filesize
204KB

Download
memory/560-6803-0x00007FFA7D060000-0x00007FFA7D072000-memory.dmp

Filesize
72KB

Download
memory/560-6802-0x00007FFA7D080000-0x00007FFA7D08D000-memory.dmp

Filesize
52KB

Download
memory/560-6801-0x00007FFA7D090000-0x00007FFA7D09B000-memory.dmp

Filesize
44KB

Download
memory/560-6740-0x00007FFA798F0000-0x00007FFA79FB5000-memory.dmp

Filesize
6.8MB

Download
memory/560-6754-0x00007FFA85770000-0x00007FFA8577F000-memory.dmp

Filesize
60KB

Download
memory/560-6753-0x00007FFA949B0000-0x00007FFA949BD000-memory.dmp

Filesize
52KB

Download
memory/560-6750-0x00007FFA82130000-0x00007FFA8215D000-memory.dmp

Filesize
180KB

Download
memory/560-6748-0x00007FFA82160000-0x00007FFA8217A000-memory.dmp

Filesize
104KB

Download
memory/560-6746-0x00007FFA9B0F0000-0x00007FFA9B0FF000-memory.dmp

Filesize
60KB

Download
memory/560-6810-0x00007FFA6CA10000-0x00007FFA6DDB7000-memory.dmp

Filesize
19.7MB

Download
memory/560-6758-0x00007FFA6E1F0000-0x00007FFA6E719000-memory.dmp

Filesize
5.2MB

Download
memory/560-6800-0x00007FFA7D0A0000-0x00007FFA7D0AC000-memory.dmp

Filesize
48KB

Download
memory/560-6799-0x00007FFA7D0B0000-0x00007FFA7D0BB000-memory.dmp

Filesize
44KB

Download
memory/560-6798-0x00007FFA7D690000-0x00007FFA7D69B000-memory.dmp

Filesize
44KB

Download
memory/560-6797-0x00007FFA7D6D0000-0x00007FFA7D6DC000-memory.dmp

Filesize
48KB

Download
memory/560-6796-0x00007FFA7E700000-0x00007FFA7E727000-memory.dmp

Filesize
156KB

Download
memory/560-6756-0x00007FFA82110000-0x00007FFA82124000-memory.dmp

Filesize
80KB

Download
memory/560-6793-0x00007FFA7DBB0000-0x00007FFA7DC7D000-memory.dmp

Filesize
820KB

Download
memory/560-6791-0x00007FFA7DA80000-0x00007FFA7DA8E000-memory.dmp

Filesize
56KB

Download
memory/560-6790-0x00007FFA7DAA0000-0x00007FFA7DAAD000-memory.dmp

Filesize
52KB

Download
memory/560-6759-0x00007FFA798F0000-0x00007FFA79FB5000-memory.dmp

Filesize
6.8MB

Download
memory/560-6788-0x00007FFA7DAB0000-0x00007FFA7DABC000-memory.dmp

Filesize
48KB

Download
memory/560-6787-0x00007FFA7DAC0000-0x00007FFA7DACB000-memory.dmp

Filesize
44KB

Download
memory/560-6786-0x00007FFA7DAD0000-0x00007FFA7DADC000-memory.dmp

Filesize
48KB

Download
memory/560-6785-0x00007FFA7DAE0000-0x00007FFA7DAEB000-memory.dmp

Filesize
44KB

Download
memory/560-6784-0x00007FFA7F720000-0x00007FFA7F72C000-memory.dmp

Filesize
48KB

Download
memory/560-6783-0x00007FFA7F900000-0x00007FFA7F90B000-memory.dmp

Filesize
44KB

Download
memory/560-6782-0x00007FFA82100000-0x00007FFA8210B000-memory.dmp

Filesize
44KB

Download
memory/560-6780-0x00007FFA7C650000-0x00007FFA7C7CF000-memory.dmp

Filesize
1.5MB

Download
memory/560-6779-0x00007FFA7DAF0000-0x00007FFA7DB14000-memory.dmp

Filesize
144KB

Download
memory/560-6745-0x00007FFA82870000-0x00007FFA82895000-memory.dmp

Filesize
148KB

Download
memory/560-6769-0x00007FFA853B0000-0x00007FFA853BD000-memory.dmp

Filesize
52KB

Download
memory/560-6804-0x00007FFA7D050000-0x00007FFA7D05C000-memory.dmp

Filesize
48KB

Download
memory/560-6767-0x00007FFA7DBB0000-0x00007FFA7DC7D000-memory.dmp

Filesize
820KB

Download
memory/560-6766-0x00007FFA7E770000-0x00007FFA7E7A3000-memory.dmp

Filesize
204KB

Download
memory/560-6765-0x00007FFA7F910000-0x00007FFA7F929000-memory.dmp

Filesize
100KB

Download
memory/560-6771-0x00007FFA7E730000-0x00007FFA7E766000-memory.dmp

Filesize
216KB

Download
memory/560-6805-0x00007FFA7D020000-0x00007FFA7D04A000-memory.dmp

Filesize
168KB

Download
memory/560-6776-0x00007FFA7D700000-0x00007FFA7D81A000-memory.dmp

Filesize
1.1MB

Download
memory/560-6775-0x00007FFA85770000-0x00007FFA8577F000-memory.dmp

Filesize
60KB

Download
memory/560-6774-0x00007FFA7E700000-0x00007FFA7E727000-memory.dmp

Filesize
156KB

Download
memory/560-6773-0x00007FFA84DA0000-0x00007FFA84DAB000-memory.dmp

Filesize
44KB

Download
memory/560-6809-0x00007FFA6DDC0000-0x00007FFA6E1E5000-memory.dmp

Filesize
4.1MB

Download
memory/560-6772-0x00007FFA7DB20000-0x00007FFA7DBA7000-memory.dmp

Filesize
540KB

Download
memory/560-6778-0x00007FFA7E6E0000-0x00007FFA7E6F8000-memory.dmp

Filesize
96KB

Download
memory/560-6806-0x00007FFA7CA30000-0x00007FFA7CA5F000-memory.dmp

Filesize
188KB

Download
memory/560-6807-0x00007FFA7D010000-0x00007FFA7D01B000-memory.dmp

Filesize
44KB

Download
memory/560-6808-0x00007FFA7CA10000-0x00007FFA7CA2C000-memory.dmp

Filesize
112KB

Download
memory/560-6781-0x00007FFA6E1F0000-0x00007FFA6E719000-memory.dmp

Filesize
5.2MB

Download
memory/1232-6768-0x00007FFA82B30000-0x00007FFA82B44000-memory.dmp

Filesize
80KB

Download
memory/1232-6752-0x00007FFA7E880000-0x00007FFA7E94D000-memory.dmp

Filesize
820KB

Download
memory/1232-6608-0x00007FFA7A7D0000-0x00007FFA7AE95000-memory.dmp

Filesize
6.8MB

Download
memory/1232-6739-0x00007FFA85610000-0x00007FFA8563D000-memory.dmp

Filesize
180KB

Download
memory/1232-6738-0x00007FFA9A9C0000-0x00007FFA9A9DA000-memory.dmp

Filesize
104KB

Download
memory/1232-6737-0x00007FFAA54D0000-0x00007FFAA54DF000-memory.dmp

Filesize
60KB

Download
memory/1232-6795-0x00007FFA7BF40000-0x00007FFA7C0BF000-memory.dmp

Filesize
1.5MB

Download
memory/1232-6736-0x00007FFA85780000-0x00007FFA857A5000-memory.dmp

Filesize
148KB

Download
memory/1232-6742-0x00007FFAA1DB0000-0x00007FFAA1DBF000-memory.dmp

Filesize
60KB

Download
memory/1232-6743-0x00007FFA7A2A0000-0x00007FFA7A7C9000-memory.dmp

Filesize
5.2MB

Download
memory/1232-6744-0x00007FFA82B30000-0x00007FFA82B44000-memory.dmp

Filesize
80KB

Download
memory/1232-6741-0x00007FFAA3260000-0x00007FFAA326D000-memory.dmp

Filesize
52KB

Download
memory/1232-6812-0x00007FFA7C950000-0x00007FFA7C95B000-memory.dmp

Filesize
44KB

Download
memory/1232-6817-0x00007FFA7C860000-0x00007FFA7C86E000-memory.dmp

Filesize
56KB

Download
memory/1232-6816-0x00007FFA7C870000-0x00007FFA7C87D000-memory.dmp

Filesize
52KB

Download
memory/1232-6751-0x00007FFA7F930000-0x00007FFA7F963000-memory.dmp

Filesize
204KB

Download
memory/1232-6815-0x00007FFA7C910000-0x00007FFA7C91B000-memory.dmp

Filesize
44KB

Download
memory/1232-6749-0x00007FFA9AF50000-0x00007FFA9AF5D000-memory.dmp

Filesize
52KB

Download
memory/1232-6764-0x00007FFA7A2A0000-0x00007FFA7A7C9000-memory.dmp

Filesize
5.2MB

Download
memory/1232-6770-0x00007FFA7E880000-0x00007FFA7E94D000-memory.dmp

Filesize
820KB

Download
memory/1232-6814-0x00007FFA7C920000-0x00007FFA7C92C000-memory.dmp

Filesize
48KB

Download
memory/1232-6755-0x00007FFA7E840000-0x00007FFA7E876000-memory.dmp

Filesize
216KB

Download
memory/1232-6789-0x00007FFA7D6E0000-0x00007FFA7D6F8000-memory.dmp

Filesize
96KB

Download
memory/1232-6760-0x00007FFA7E7B0000-0x00007FFA7E837000-memory.dmp

Filesize
540KB

Download
memory/1232-6761-0x00007FFA85600000-0x00007FFA8560B000-memory.dmp

Filesize
44KB

Download
memory/1232-6762-0x00007FFA81E50000-0x00007FFA81E77000-memory.dmp

Filesize
156KB

Download
memory/1232-6763-0x00007FFA7DC80000-0x00007FFA7DD9A000-memory.dmp

Filesize
1.1MB

Download
memory/1232-6794-0x00007FFA7D6A0000-0x00007FFA7D6C4000-memory.dmp

Filesize
144KB

Download
memory/1232-6811-0x00007FFA7C960000-0x00007FFA7C96B000-memory.dmp

Filesize
44KB

Download
memory/1232-6757-0x00007FFA7A7D0000-0x00007FFA7AE95000-memory.dmp

Filesize
6.8MB

Download
memory/1232-6747-0x00007FFA82B10000-0x00007FFA82B29000-memory.dmp

Filesize
100KB

Download
memory/1232-6813-0x00007FFA7C930000-0x00007FFA7C93B000-memory.dmp

Filesize
44KB

Download
memory/1732-3816-0x000000001BE90000-0x000000001BE98000-memory.dmp

Filesize
32KB

Download
memory/1732-3817-0x000000001CEE0000-0x000000001CF18000-memory.dmp

Filesize
224KB

Download
memory/1732-3818-0x000000001CEB0000-0x000000001CEBE000-memory.dmp

Filesize
56KB

Download
memory/1732-3806-0x0000000000C60000-0x00000000010C4000-memory.dmp

Filesize
4.4MB

Download
memory/2696-4656-0x0000000000EF0000-0x0000000000FBE000-memory.dmp

Filesize
824KB

Download
memory/2812-3803-0x000000001BF30000-0x000000001BF7C000-memory.dmp

Filesize
304KB

Download
memory/2812-3801-0x000000001BCD0000-0x000000001BD6C000-memory.dmp

Filesize
624KB

Download
memory/2812-3799-0x000000001B150000-0x000000001B1F6000-memory.dmp

Filesize
664KB

Download
memory/2812-3802-0x0000000000C50000-0x0000000000C58000-memory.dmp

Filesize
32KB

Download
memory/2812-3800-0x000000001B6D0000-0x000000001BB9E000-memory.dmp

Filesize
4.8MB

Download
memory/3020-3705-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3020-3796-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3840-3797-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/3840-3798-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4676-1619-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1621-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1614-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1613-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1612-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1617-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1620-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1618-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/4676-1616-0x0000023DC2B00000-0x0000023DC2B01000-memory.dmp

Filesize
4KB

Download
memory/5292-3111-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6008-1591-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1593-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1582-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1581-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1588-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1589-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1590-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1587-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1592-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6008-1583-0x00000207D8250000-0x00000207D8251000-memory.dmp

Filesize
4KB

Download
memory/6808-3130-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3122-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3131-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3129-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3128-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3127-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3126-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3123-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/6808-3124-0x00000208E5C70000-0x00000208E5C71000-memory.dmp

Filesize
4KB

Download
memory/7000-3112-0x00000282ADF30000-0x00000282ADF5E000-memory.dmp

Filesize
184KB

Download
memory/7460-4459-0x0000000073440000-0x0000000073650000-memory.dmp

Filesize
2.1MB

Download
memory/7460-4458-0x0000000000C30000-0x0000000000C65000-memory.dmp

Filesize
212KB

Download