lumma | hxxps://github[.]com/l4tt-byfron/Electron/releases/download/Electron/Electron[.]rar

Analysis

max time kernel
522s
max time network
493s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28/01/2025, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/l4tt-byfron/Electron/releases/download/Electron/Electron.rar

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://delaylacedmn.site/api

https://writekdmsnu.site/api

https://agentyanlark.site/api

https://bellykmrebk.site/api

https://underlinemdsj.site/api

https://commandejorsk.site/api

https://possiwreeste.site/api

https://famikyjdiag.site/api

https://termyfencdw.site/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Loads dropped DLL 2 IoCs

pid	Process
4476	rundll32.exe
2844	rundll32.exe

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	166	https://sourceforge.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=90925581bf7d416a	3

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4476 set thread context of 4460	4476	rundll32.exe	130
PID 2844 set thread context of 4584	2844	rundll32.exe	136

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000ca4bc2776971db0163d0ffaf7671db01fae28a0fa171db0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "6"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-590766166-4003350121-2036565200-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2900	msedge.exe
2900	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
4772	msedge.exe
4772	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
2136	msedge.exe
2136	msedge.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
4588	msedge.exe
4588	msedge.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4588	msedge.exe
1920	taskmgr.exe
4912	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeRestorePrivilege	2772	7zG.exe
Token: 35	2772	7zG.exe
Token: SeSecurityPrivilege	2772	7zG.exe
Token: SeSecurityPrivilege	2772	7zG.exe
Token: SeBackupPrivilege	2704	svchost.exe
Token: SeRestorePrivilege	2704	svchost.exe
Token: SeSecurityPrivilege	2704	svchost.exe
Token: SeTakeOwnershipPrivilege	2704	svchost.exe
Token: 35	2704	svchost.exe
Token: SeDebugPrivilege	1920	taskmgr.exe
Token: SeSystemProfilePrivilege	1920	taskmgr.exe
Token: SeCreateGlobalPrivilege	1920	taskmgr.exe
Token: SeTcbPrivilege	2140	svchost.exe
Token: SeRestorePrivilege	2140	svchost.exe
Token: 33	3768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3768	AUDIODG.EXE
Token: SeDebugPrivilege	2532	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2772	7zG.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe
1920	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
3556	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4912	OpenWith.exe
4588	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 3788	2900	msedge.exe	82
PID 2900 wrote to memory of 3788	2900	msedge.exe	82
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 4696	2900	msedge.exe	83
PID 2900 wrote to memory of 2400	2900	msedge.exe	84
PID 2900 wrote to memory of 2400	2900	msedge.exe	84
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85
PID 2900 wrote to memory of 1340	2900	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/l4tt-byfron/Electron/releases/download/Electron/Electron.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbdd4946f8,0x7ffbdd494708,0x7ffbdd494718
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16232100056897413394,3289547633346199134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4912

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Electron\" -spe -an -ai#7zMap28868:78:7zEvent9774
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Users\Admin\Downloads\Roblox.Electron\Roblox Electron\Setup.exe
"C:\Users\Admin\Downloads\Roblox.Electron\Roblox Electron\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Roaming\msvcp110.dll,GetGameData
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1184
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Roaming\msvcp110.dll,GetGameData
    3⤵
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    PID:4476
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4460

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1920

C:\Users\Admin\Downloads\Roblox.Electron\Roblox Electron\Setup.exe
"C:\Users\Admin\Downloads\Roblox.Electron\Roblox Electron\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Roaming\msvcp110.dll,GetGameData
  2⤵
  - System Location Discovery: System Language Discovery
  PID:856
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Roaming\msvcp110.dll,GetGameData
    3⤵
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    PID:2844
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3556
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Electron-roblox-executor-main\Electron-roblox-executor-main\code\code
  2⤵
  PID:3064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4912
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Electron-roblox-executor-main\Electron-roblox-executor-main\README.md
  2⤵
  PID:2388

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4444

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Windows\System32\@bitlockertoastimage.png"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2140
- C:\Windows\system32\dashost.exe
  dashost.exe {9199131c-d138-4a03-9a9bbce593facc3e}
  2⤵
  PID:1980

C:\Windows\System32\ARP.EXE
"C:\Windows\System32\ARP.EXE"
1⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbdd4946f8,0x7ffbdd494708,0x7ffbdd494718
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3021762346668108406,16032256904944741542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:2748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3768

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2532
- C:\Windows\system32\wininit.exe
  "C:\Windows\system32\wininit.exe"
  2⤵
  PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
ed0c9a623c9976626c2e3ff0d0beb149

SHA1
83ffc8a99e98b97ab8dec4773b8089c75d1e0655

SHA256
283b08da525caa94e9bbff89cdf7c2d82fc772d26f2ff9456263552aa2fdae9f

SHA512
731a893e4c2eb055d2cd209993c518631c1df8ec6e601c3676c3c1917e6f3b214fcde4fa0f30867561538d889130ee0242c6d75d9facbb22a61b4422e14dac16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4324c837-8183-438f-b77f-a92180deb739.tmp

Filesize
11KB

MD5
49bac28c83a129670e497ca590d3780d

SHA1
3060f5dd5b579fd163df994065848030a7090d16

SHA256
5f40fea02873c62d7318524b4b3f28074ed9b4088bc268377d69fb3a92de73f9

SHA512
2cd14c94a2281a23df889069501c1e694dec6bda7bb4437fa9db740196d86345e4c85b3c24f9fa83040db2f5b6436a79b6c9bf9c3e428873227881feca7b3ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f95c3a95e20ffc5db992399d5fa12aa2

SHA1
c02f52127fc3bca6e59101b1f0265180cd3019ff

SHA256
6abc81927d02d83ebc4ad36f11088f1046307d889524e5b753afcd5a2efddda4

SHA512
83622e41274e726fe4f019d8150d27f732a2c1158f0e65cd420589e8b1e5f2acfaa242cd2fd9dd4d0e5b3c7e45f455e8eae0370ef84d5c29e63844da66c0e845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c11ec0c8e803f5a563c2b75e7ee2c81c

SHA1
078b929e5004c90d578ab9e4d8a76d8d14716c68

SHA256
67a4b4cd1a1cb362d05d6fd52aca388938263f07b5f469949ee66c84e6590668

SHA512
d60417e3a10ab6faee1519e6baf4d33269afb95e2fad49421c543053c05c4df6bac728315d716a3abe069b27af1fa268de15f0f68a84541cd8bc79e3b0013190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4a4ecf0f-cefb-480a-9660-7d32512c4aa4.tmp

Filesize
10KB

MD5
c74f884f1a2f499f2583d98521820e09

SHA1
a23fce444b84933bd40fc42847b1c5a4f1246cab

SHA256
b0a8b2879c9f60a8663e54cc32dd5541669f9c29a8593f2bfa28c90e63da6625

SHA512
a408843e52f15c46c553912f0d2f64abf24567ce2642c9c8841f3e09809d53621524d396582fed900f01ab0d0d09dc021c4cd626d22a60eb63633b4b0453dd1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
edff034579e7216cec4f17c4a25dc896

SHA1
ceb81b5abec4f8c57082a3ae7662a73edf40259f

SHA256
5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

SHA512
ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
65KB

MD5
39f8af070c8b8d348724398133d262ee

SHA1
98ca486574e814c5a05c3a0aaba31cec91c20fd8

SHA256
5ed8f6f0266dabbd61227aa887c5aec5f2421fd17cb4410abc9a24bd428a1c3b

SHA512
d4a9751b4bf7ad8abf82a4589403be92a197d58739a873461f571c1f4e1c54872615fa355af6b68708410637482ceed7beb940a7441016069561b2f56c51a4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
37KB

MD5
a58a0d65593e30f5b5841501dcc3bd53

SHA1
d6373bc35fd162bbff80c7932ed534cfe3e28191

SHA256
70e07a6b45f4ea1fdce555c53559e44346aba3471dfd5de10c5e57744d59ed63

SHA512
be32c72efd0a30d6096e13e20e6f91a7f447587b080151e8e4c47e1df47890e6f10160afdd03058aeca23f3abd3f48dfde534ac2113ea370b0cdfa65a8ba1d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
96KB

MD5
5eb8b3939f2db3174d59a1f0cedbca68

SHA1
5688402e1f7369f2b05ed6be81f738b6d1290eab

SHA256
c96d867712ec4b040628693956f8071c04d28e1a33123398e1aff91aa64ae68e

SHA512
76c026afd554d9b7fe1da09138d2ecebeea4a7b3a59a8db3111bdd6c93f87f246d2ca0ec1adc20aa577836a6e67e16367003aff1b7f38feec3df2d0ebc97d88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
19KB

MD5
16ea2a01894c38666bc185757b4f1b74

SHA1
435bb15c8de2e0ef76512618ab291da1b40776a4

SHA256
16e88923203a6b50f5a1b4c2c52001720833d07f7f0b1ce1510d42d66c40db11

SHA512
e333308b517a4c647cbb36b429224390a5c1afcaedaba81a7c8d68d88bc48c60a348af07956dbf3de8c7bada355e27128ce10ba3a0aa764bd6d807dd531025d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
33KB

MD5
eb6cee9f21fc97e8a3365a5f4896e264

SHA1
e37c20f7523fd3158c185f6d0ee30181d9f5f52c

SHA256
2b0fefa3866116c3c497af0a9e68d13d0e82f79c396d324c33e96c6831c616d6

SHA512
0b9181b66120fce71ed2a3696abf5910b62e132f8e4a815737eac3150ad0aca870b06c08e1c35d9dbdf5ec98fdb161be747867a66a5ccf8c7b38d1a4215be0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
53KB

MD5
353db2ceb421ea244e5d8760819e0528

SHA1
0d63273f5e2944f319557f4647ca25371f64a759

SHA256
1906482c5aa6bca34e6f798304954bd5234ac201968bb34050b25b18064bd9a6

SHA512
24228b5725db973031d5b04fed9ad5cb80823c666f604586e227f79bf499034fc06d13b068ce899a801d3dd79104da52d3589b31fd0aff8213fef45ea72ab659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
19KB

MD5
680ef1ad7c0a429925904f42c690b60b

SHA1
b330de9c76576567c454df8b99db1b695a41705d

SHA256
241a54171e7e0c871716b4e6fd4f3f9eef99726f9b971aa5edb604982b0d7882

SHA512
aa6649cfb919defded00a2e2b53a52eb9814912767154a58e6e3e6cce7e1002d988b6b26110622170973a1a62078adece59783f0dfc40005c389154210af0fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
156KB

MD5
e9d27ff9efc45826d0e6bd44bfc47409

SHA1
1d23e9e7ec7b23c063975f516aa308e861609b9b

SHA256
bd9be40448468759647cadb7e99d0ea50079ef572f45beefa90ab0d2f0929891

SHA512
49ded5e321acdcc4cc5bbd384f32d3636067999a9cec906424c80dd273904837806ddab6718a1b94c0e8c04df6a1a45450b844a88c61102e78c4f6c8ca662781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
113KB

MD5
94f81871790f99d3b516797b0f789d27

SHA1
0f7d3f60af070ff5fa232384e0752d0060361bfb

SHA256
0ae1b3e4cf6fc205c584df4a259d35332dc966210d29bbdde6c07a056f420dbb

SHA512
58282a08a62717d62f5e8b2145aa85dc61d683f5db1de74b21e574d8c29704ed8600b7176f899e1035583df68b8e5ab70d866a9fb8edb34f5fb0a69f0eb78934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
16KB

MD5
31ebd80c40a8da79bfd1fa1e5ca93af9

SHA1
c822d149b1a6d510a0b9d141f465a2190552c2c7

SHA256
325edbd56da8748c66aa230b596ac2a554c42ad90b8d63146cebe71708a4dd02

SHA512
1106b7360b298e11cd86016925bcd358679b20bbe8c37fb28aadf51c06c6b439b3a264ab6a069708845b24da4d02f114a644f6a4291e46e370088740ec17490e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
129KB

MD5
6afeb0fce25416318770fbc385526333

SHA1
60603910156697423f7bbab4698a8057127d547e

SHA256
9a3193545a3e2cc4d9428820c7a55233fe9639b7171e35f8404c4ce5c447938c

SHA512
2e24717e8dd93dbf11a6fc6e507329e8570591338f6e9d5161db5a2b397f5e8485407ddd4fb19ec982b387afabbf80c0150104ccc6a27f91cead3f604bf781b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
18KB

MD5
ce4c7d1372a2686ca61a83a53cc53481

SHA1
1fb11b54ce19ae72cd5cc13c0fe28c9f6389a9c7

SHA256
326a1140babd8fbdde8633873c0fd56acb5bd4550f9b285a13d0a1bdc3810ac4

SHA512
79d4f9b24dc9d4b4897b4df65e3a28960bdf64c72f04d0ac565b73c18b5b8b38f6235ad9f28f2c24b698946c56084d7cd9050fce48a78a8c4ff1bafd7d2da7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
29KB

MD5
79ffcf947dd8385536d2cfcdd8fcce04

SHA1
a9a43ccbbb01d15a39fac57fa05290835d81468a

SHA256
ffc11b830ad653e7a9d4257c7cd7a8056db5e7d7e89439b8fd67d1207b1729bf

SHA512
3dc82ecb2abc8c567434666a9162cc188de669927c3dada6392d8bd97d5e746f1ed350e1a02ec016ee2b1dc8a9cc5c71c553f2ef1293d6793800c276560859a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
66KB

MD5
f53b6d474350dce73f4fdc90c7b04899

SHA1
b06ca246301a6aea038956d48b48e842d893c05a

SHA256
28442a56b016bfade0e368929138aaaadfc36156734e8ec7a6325b3e58fddc25

SHA512
7f275614052ebae8876ad28fc5d48e4f63ed9ebc610ed981f81377ea3ba4c49a2031ff771deb12adabcf33d4789ba35354c1e52524c067a9e7ce078703683f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
52KB

MD5
03c150147dc698910bf031d9ded3958c

SHA1
090c3ff18462519638bbaa1535f133105759a634

SHA256
9056a8fcfccb3c593bf37dc60472a60f5714eff1d4e8e0c7d4e6949b858f0d32

SHA512
0cbd18bf4082a223ccc69ce01eeb062f4b2011466243003f1fb85312ab5a148bdb107bde97f7bdb1f4f88e0cec8f08be91abae6e01f501d79b8014b9ea677029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
20KB

MD5
47dc65492ce82ca6490241a545bab45c

SHA1
809c24b668e2383016f8ff2ff4270c028917be6a

SHA256
f1afc64f56109bcfdc6b4a657fb60d5a49455737fbc5c97995d890ba1696b33e

SHA512
403f8cf0a1a4bf704c14bc767340e70b746afd22d7c645817aef1a3b6240327574bdd3a89226a5c534f40adf241e83ada064e385c7c956cc8437bb650452816c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
48KB

MD5
31a2fb03fda5128f277eb054f6e33165

SHA1
ecfa1072af26f42629ff96770af1a322dbd3075c

SHA256
333dd1d27c0fe34ee781418c1a916f0ee052b7429548a198af724d272c943a42

SHA512
f346c9c90bd4b40f72dff9b89c6b2887d977f25087d66533d259e4f8475c677fec8a272c8c94bf3a9b866c5b1c98bd392f4703b91902d87a96a1ab1e554bd012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\08213a1c88801a2a_0

Filesize
37KB

MD5
7a4e06038ba39328db6d3386afe7f646

SHA1
28bc98c9b36205850aefbae2c3e1e275838ea61a

SHA256
f68dd08fe42156734a116a9a3aaf1a4ac55c8a04617f569cdfaba21d5a5dda55

SHA512
224d2455c34968eebacb6cb804e301a4fc0d55acb917b27a420cbf9699d26f0dd412464c113e9fa67ae90e5491785c7caa13a062938d7c381579556cea8bf3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10295dda05e8ceb6_0

Filesize
69KB

MD5
a6831f03ccc9fd998c8e26cad8ece7a3

SHA1
fc0c5974400ba67dec6cab1d4f25782c5432811d

SHA256
b4381dd532ad49f68be7eb37d7fd964bf7709ae4cfb827da6f5726c8949daa03

SHA512
77b47a06ade19cea0ac28e464a6b64e14ebd288346d01563b175914060ec29a8d2459328b060264f8315f385dd3e452a8e1f86d6c5249efbd108b600bc0ffc15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\111f780a2fe84979_0

Filesize
126KB

MD5
240eee2e6bf8d242c53ee16446fb60cc

SHA1
3dac14a69f6bd8265ba27b01770ebc36b1256e2f

SHA256
18ba66d27c47607aafb39bb59dcd8bd0243b01004cefca0902a744861f64724c

SHA512
ae9677fdb4869f5cfb1f82ec3af1eb95bbcd5f0dfb867e6703ac55bc6ef9a97e0251b3466d4fddcb0002f158553ca15cac737894b0145a639ee1f5df471a96d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18a421bca6e8f4ee_0

Filesize
361KB

MD5
cdf8c9a11ab46fdbe9ef14cd5b94935b

SHA1
d0d096b4cb3c1f1619ea0e36de010a53768dc65d

SHA256
7b0b81ec4359e346f5a8f60dc3312b9bde62e4bba07b6548676b87fd2b1b8ce5

SHA512
6e20f2e1529ee4399b86822bf9f4a93f757c7fed946571d46c70e7ee8898453b53caed075d7beb574c80620ed2a34fa6527dad5eeff222bf902be9f94a207618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\215d5e9aada1ab3d_0

Filesize
53KB

MD5
71b0d0cf58187638a8ab13d0f7c19586

SHA1
e2df15a7fd3049f824ff682c2e96fb969d60db36

SHA256
ee8588dfd1762bb84b5e8dbf67cf58cae19e7886aa3a818694af45578b9485d1

SHA512
f8698cb864b1b8ed1aa9b2fb03d56267471d3503acc6c16632c2213dc989aa303414069d5c1a30d936d2db19cc405791341fd996fcca6914346f06f880a6f5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2558f9ca079595d4_0

Filesize
299B

MD5
3d8789b376bb91123b93e5625d7f9f03

SHA1
8798551ecbb3abea0ec6d599796fc217727d31c8

SHA256
8c1992f499d0d7c9a8cfce5c6c3307332b021ef1dd8e60ffe02022c5cecb060b

SHA512
ec6d295755f80d7e589f43dac4b76adfcc75046a14e818ede315e42e7797d4b33c8138b4cc206ce0d0e09947564310156def452a05b7b2a6f41c4e755dc2363b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28811f070abd4a1b_0

Filesize
505KB

MD5
afab2e50c1e2ca836d2a054fbbe02dfe

SHA1
6daaf20e03b439b4c4da6faccafc8619f2413a04

SHA256
9e54ca46521e6bf91aadd2cec987d734966ce038b7e27797216c017b7953cbdd

SHA512
c261472afd4a4ba36692b2fc6cb240318d8c87a40a79bddffb4a059219279215f5bcd4496bbd2c58debba39b09a66994507c7dc5298e8556df8fd7c4fcea537c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d57156ecea205a5_0

Filesize
282B

MD5
7da98064189a483d46242891b6372ead

SHA1
1b7414c4b4fd6c9ef7470d7ad4d9506ebb6c9bb2

SHA256
059f2823b55899f403be11670a98f8f50db35fb4d7d0ad83086872bd20a3211a

SHA512
71030a1b81cc743fcdfd2e6ca8ed88abf4ada3692945d64e0da541f53d51bd6b7262439e78efb95cb5c0a0aed204b964ed0ed43b675fc8d457f5a42da2b2a08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
e07dea152e9f498c46937277c80749f8

SHA1
5fac8aeefdac9ccfe95e6790f81644907f8d2aa0

SHA256
4b380744f028f1d406745a92cecf62ec0e67a7fb753b928dc2cef8d5d6720310

SHA512
63e7720c9f8b35d121816d7256101fe837b0b17abe21848fe91087d1e0dade51a0012c656e86afe3cb4949401f16ea0d4f60cb98615f71962c43037c3b6699b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c8a0d8fb226618f_0

Filesize
82KB

MD5
f247f11cc75f0fe7899535b77e8aebe8

SHA1
4e7e690c29d7bf1a294ae840314d518c23405951

SHA256
b78b3bfce463afdb66b11439ff8d69264aa72105af56062de8173e32c00e471e

SHA512
ba33b0df77b9a44a89ac7de88dee71bead24575be448348dfb03c0c50264399ee184cc3309bbbf4eb54bc495dafd5828983751d6bb6b6ffe406c26805186040e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44b2ccc3eda10bbd_0

Filesize
63KB

MD5
ea86c11a5a377f5b0e8f1e4719f0ab62

SHA1
d8253536005bfb6ff042fa922d2f67f838c94b0a

SHA256
69ef1e3a2ae0c4cd2ec24c2d9a326990bdc30df1f2a6bb7daea152e6e2c2a7f5

SHA512
2856d84f76f58ca1b3d78fd1539cf421de4249d9b348f121a8824f4c40ce4164997443c595d3a4f0dac5be16d75513c81a0abf43f82a0ce6f386b7b6b46679cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f6ae9c59ad7a94e_0

Filesize
272B

MD5
1756eee6e382e32b565b4407f5f0371f

SHA1
cd7f318a38576e61e2ee808b07675a30682c712f

SHA256
df98568fb77aabc25c293362232ba243ae5661542d57a59e993e12c72bb6d4dd

SHA512
a7453f63a2f554d33150a8f601f4b461cb8e3febd89c180b1edcbefb05304fb9cdc14bf2786834ef377b1cc62c3972f8d5f620acac49bb7f44e3940304677df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7408f1461634e545_0

Filesize
266B

MD5
130156ecacbc69ef29cc87429044339a

SHA1
78a73e4fe6f81e5fd3d0bf409a929171e1ef7af9

SHA256
a0dd712165ea7acbb2a8f5c61f0ba090f971ec6bb613508005ed54fc2723a38d

SHA512
c050c92e6db33778e78d4a8052469de21e090e7bd43aad37ea1ccde69a36fef87aef583c03dd6700b05063df1d23c74403e52a7d484a06475a3ed0f87fcc8f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7878290cef895fbd_0

Filesize
54KB

MD5
2e4e4a68be831017388b4efc40831b69

SHA1
7e7a91995c90ed16e5264f139739b1ecb7e625c3

SHA256
c53f581b35d87a77358194762abae751717a4a272b9ff372ab83e422273258fe

SHA512
2fb973c10dd0f04522ea5d8277668b24dbbf4782aaec2661e258e7617bf96cccb7203739519f2aed045762ee53e6ecd9ddd9a817e5219ee72fffc9bf60484744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78f53a123779d3b8_0

Filesize
301B

MD5
112499b4eb5cd998a841695d1c2255cb

SHA1
5fc4276d42c69b000204000e8b58f060f3ed7914

SHA256
d28c0db632b9177e3c4a734d912432cf6c8b25242d49dff0e461f004b4e9cbca

SHA512
f4f74ef8bc65e8adaccce537d3cca29691633faf7fdaaf876b1e644d4f01be10f34eb5cda54dbbbf23feb19f1989a8c9f29f0ce1299827ffe8684e4ea3102c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79ad79591df46e36_0

Filesize
250B

MD5
501410021bd5d65324d9e0f8f1a7544b

SHA1
a355a8dd993be0423d1459c4aac5e76a03896dbf

SHA256
2f1f32442bde8a2f2842f29dad1f23a6da8ea6d7af9a528d0f7f71537e39a310

SHA512
03da65c672e2ee9ae4d49e4b745ba8a07a8739cf3408b9ec75b79caff3eb3f920effe262ef919edee2b65c61a2850087f9559d51a51504e5aadd16bb5413448f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f54f8bb3ecfad6e_0

Filesize
31KB

MD5
72d320b9b18beda17856587213a5bdae

SHA1
3f59f142a1a846510b6b6ad9397d9de76c129f97

SHA256
e1ea92b477d79e67eb2e0fd97e0a68217452a9b032dd4db5361bb9803e1dbd78

SHA512
68a91f9214a549246a2e2f611c9f966f220ea0d2155f53fa33cb796344dd8d7b6dfe435990b9e8421ba9b0e81d73ca8e1a34471f2fbb0ae21c8bd51a3b3999e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\935e3ede028438c1_0

Filesize
3KB

MD5
c90300bf3ac79c3498669b8a091420cd

SHA1
d4801d44a101395d984902de0b1ec39f20d2e3ce

SHA256
fc2fe0290ad53b88ee21686045de4516816c40481c250c6d505806a79c5567b6

SHA512
54ec886a4bdc3aafdc1eb17fe0d023c8c7eac398db80342caee46a8f7b3d448c488cacc30b5af5b148984afbba6cc90fe8d5f25bbeb9de75c4f044c726372a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ae1b316ed49fee6_0

Filesize
250B

MD5
f5f14c098da81ed682fe62c6446bde8d

SHA1
b6ab9411645c817fa97d5161bedad3b3d0a2348b

SHA256
473c05cb20744fc3e6056bfa5cad60ec56a9c99d5bd8b083474fee1b94c20b71

SHA512
163fb2a412223f21372e2ff102fce049ab31ba1651e299b7c6599fa8d776fc669e805134815f7b80384bdc63953013fd47acc0230123790bbf8cf52bc687cb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e9a71abc816510c_0

Filesize
65KB

MD5
4399b5ad5f1ebea1bfeba1d378e21909

SHA1
3b18d742596b7b2a1a1c265fe93233293d2b27ef

SHA256
b7b32eebdbd4d73a7502bb675e2d6368e39107b2c38cdcf8e4cd7ee41d62d859

SHA512
076e95d62ef3772c95fcadd5b5f7301460891ceca1b4711a502b37fb8aa057db5ad303a1fa2eec1793781e84bd2cab41f9a382eb1ff38c177d0742e824f7bee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f00a2d45cec21b4_0

Filesize
237B

MD5
44e8b7d50ff04e1f65405bde4d753b16

SHA1
45bce8e2df20b8c8554e9c00f75bd7b6820643af

SHA256
582f93e1e5869a90c2ffcbef277fc4989fb61f8ff0ce16232d14d12f6965115b

SHA512
9493439c84ed63348bd77efddc4b1ab2fda065252bef05875a1670a1d77954503c9a52a631c438b77f64913b0e6246c11a6376edf6cf9a80f995c78663381579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a48639449ec1d9b9_0

Filesize
69KB

MD5
722c376455f19bb2f85e686a717e4a64

SHA1
fc26ec8130e7ae23e38e2a5bf870e00a6e675ada

SHA256
35e4ba59a175a9eb075319fbf32ae13515398621d45a340fbb1aa3d668766a5d

SHA512
533492786a2b81b60bf00cee3a722719b7fc50618593f7f721dd2068b6335096fec47e5460ed0076508430df89251914da97b1948b6740c73d9a1037bb863284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a489bf28fca4a5c3_0

Filesize
262B

MD5
02f53e96857b56d79b45900acd06bb07

SHA1
4de49218afe7d886ef33bdde7ae9194ba2f4a118

SHA256
0bbb5e417e6dfbc9fd6e741af9dab62a34829d61109c1b70bc98fae684f50cf8

SHA512
9e1e5b3072c2b6f1fb3db6336850ca331f2534804046bcb87a1e4d341ba5386e8957644808cbda53fd1210b19af1ab64b8b7e0f9eba45525fae4435d4dc73f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6c24e34bb8e4128_0

Filesize
29KB

MD5
754c78a71c09809c88f6cd6263779d25

SHA1
f5d406407ddba4ede47077b6c06df3a04b777fc2

SHA256
1e5bb28e950690d30c773f36d143f3272e53be12a67645d539f366a4260011af

SHA512
21e8a503112360dbfbc3e96dbfd723c539c9107babe9a75884acbf6131d8b8138c160e075be1de64a9c7716a22bd18c75fd14834466ad5794136314f0decbd80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc8e3455b20ad35b_0

Filesize
251B

MD5
942268066b3cbb2d8ffb01dd926c1647

SHA1
039e7c4a3dd7558b25670134c141ea74a7b4545f

SHA256
bb14a0619e62bcac8bbc34cbe9b74e598c68d059a757656090dc28d74a9fc62b

SHA512
6c5b6a7a80d7e7f108d01fc4f6eb44ef413d5cf2f9a4fa06058517bc3f04859f602dc46f4b9782374782f62cc020694a8bc60fc04ed9c954696535d475645013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db6bd25e9fc45a67_0

Filesize
556KB

MD5
85b399f0f21a5d2b5b229b0ceb44fabe

SHA1
a23ef593f7f3d9fe73f17e1adc64cd2efd2326c6

SHA256
bc1f28d6f610ae85c3b1362c3863533033066dc0d3421922287c6a1a6a808214

SHA512
d8ddbdaa8655ab6b8cb516a1955dc7598a8136054dec81a1eb7f2679f78bdee48b8af3d340c5540eb38fef06c526f8a2b393deb0f786ebb99b833f52c92e8b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db9521f9b0470f78_0

Filesize
183KB

MD5
8558d7f82ce912ad451d8a659f1a25dd

SHA1
8d580ae3ff8963577723c0d3a790ab2d65a6060e

SHA256
cb9a999c9be88888f04f526ba293558a93def9b8a85449ce93eea988f66e193e

SHA512
c439eec5ee87e60fc8a95e01a04f5d5f00f0a65d529e2a9ea5f7f400a48e5c09c95b0a3c493c7fde1bb8d27cc60bfe8fcf963301011f26d28e1092eae7e610d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea53d671b38eb1d7_0

Filesize
142KB

MD5
bbbde164cde6b9f703b8647d3150e591

SHA1
33dc9e777952569ef6d6d58a2d6923734f502fa8

SHA256
f2f0394d92a8e1105ccb94242f4c31ecb43281993d7df93d84b65d191b182818

SHA512
90eac187c19de201f5b2f8417e0f14ceb401c6d1afb29bddc3872add599e1a26ad670f388720ffa0eab8c97d44c794b97bd313d5f7766d21452ac4560513a34e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eba48b611095817d_0

Filesize
99KB

MD5
340f8d8ac0dc9170072ccad7e2558dea

SHA1
d371c8bc86798e10c984b8bae8697ee0e4941cdc

SHA256
853ffe972859987eec34a5a17627a5cc3e2fa47577c42e6195ddc1712b5f62d6

SHA512
e8469195e7257e360e876cba0158906261fabd9bd906f26ca9596aa2145f1d4bc9908b2f1c74696c19295cf6e21f47dba9c9cfb51e0b35a9586bf5a9eb5c66d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3f67ecd944c156b2fd1afcecd690623f

SHA1
c14bd7d17528ec7914491dcf8c64f746d57ec879

SHA256
0c87fe5b59c4c2329ab03a308327899409720cf05afbc06d2f50328322399943

SHA512
3d439ded9a8dffd5fb2b8b6493383d943008e017116706ff3371e2f65960f275956b3d380b9b94a07da1d7037468bbe7460ce61c04caef14250a1ecc413f2aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b60c30bc97c38bca7f45ceaf054cb31c

SHA1
3b5d3f08ef5c2c7c8f69dea07a6bb0f70135029b

SHA256
9821948a56d29b4b2cc5fd1b4b0ad4337db6f90164559b05a23c488df361f589

SHA512
9cec9f733582dd4a845282a21a6fb43953f6640e6aa90b6623216cfc96567c0d6b3505303dfbc52fed798ed29d0ec988185f21902b6e3e8863541fa009b72007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9f2644af28662d3ab32d38b0a9787e8e

SHA1
4b36e8a681dbec07db3c4476d3c55b988939095d

SHA256
8e6e710239e74e6a6eb08de8f7e292a2b1f4bbd77cd074b1aa81f32f37e0c286

SHA512
d47de1cee8d9ae5851d7411e7d253be039381e5c41897188980b999394df09f5c8a83cd58449cc9e1cbb2f5aa9559badfece26299ddd65733c7b5b9f434b051d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6552c8e75e6118b7e589d1430443628

SHA1
9ab9288136d990b5faedcb596195cbddb0520a19

SHA256
de393620b68bb28820886dd98e0b62760a7acf16c97d3cb57db8b07acd4a31d5

SHA512
290575b565674d3863451dce572c416d414a7200f8da0fd01b7d5b41821a134bad938af677d20be8b90ce8c6008dcbee17f7d04ae03e9b4ab39e008651ed0266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9b49b46bd604f6374fe7b52eb6cccbfa

SHA1
fdaff7ec74c1d74f2a85f86711f7bcb2b981443c

SHA256
151359e018590d73e2e573fc196993eafbc90f39c906e2170f83ef35041f3e33

SHA512
1cf863fde35b4ae4f3ac6228eb3e703f091c425803afa469984c2319d3b9b8daa0582ba42bd2e368de619029dfef7913b38beecf8a29f621fdb59f4d49192b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3db61f86b3003be6332ad2437d6bac91

SHA1
ddb85ed449ca36cab743fd6dadeb33e788ed43ac

SHA256
92fde773c77ca11cc6537f362eccf94fe65caa198cf4fc743adb746e21c7db5f

SHA512
f349846be1075f14ef31064f491c3b86787f0e14f93b35e3a18a516b643c93ccea88cbcb7b72026390fd42bb681c670ded0855334f18cda9e150f98e5a883dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
a869629e1d5300cc48fd4db50be2c2fe

SHA1
495e6349ff58058caf9e42a1734c9e7efbb03f6c

SHA256
bc724860d620d7a0bc96c820b099faefa864220c642738a543bb4e093ba2671c

SHA512
3d47a1786cce9cfc787b9e77c2bee0582432fa72a9491656b97100671d2ff6aecf45f242b0ebb864c22dc73b0b95807ea89e167f5b5515b177d0bfaab87edbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b16222a498af300c6cd9afe0fe9a153

SHA1
e09646b0b81e1ad56cf07510865108fb20430006

SHA256
bb5702e9edec4c04d742c7e5513d0487e5ddff8fbb08a347c01b2a694cf79d09

SHA512
15aad85adb13b542a6cad8435eefcaf44e27b85000c520703dedca9c12af874ee5ca0c198e68f2e78a17122d149c98bd427f2012ff8101ab1ae08af2d24b1ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
2ced1f741b04c0239fc7c89bf4c171c0

SHA1
8f8e7ef6f2499bb3f3aa419213d724152e860110

SHA256
c753a205fbc87e08b208656d6031f91706104398e03f039bfbaa159661d85047

SHA512
474f01793fd6aa094dcf43d53272caacdd309338cc1b353250b8a392ead8e751d930ef7772f9b71285cbbed907fde50d176a68f4d6b55f6b122ba43cdcef062b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
9145659d9309b7d7d86d7fd39448d7bd

SHA1
b2bea0c1823d19e607c0ee0152e3a9db4df59f75

SHA256
3ec0309a5516cf68fb6aa099df54e1d1d4bf9b6f831b4e6f39142ae5a7b26346

SHA512
7dd61d3ad7caf3580e507ebb1382ab2b14df27cda02ce9dbb0d3e33903d781b426c87a6b1b2d9b666a38aa56ce8152decdd7cf444ada725c928be16fa31b8bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
8db4f4e8edf145d5ee1ed30593cee74f

SHA1
86401eeeaf01c412a4e4e2068138ddfec5408715

SHA256
442d1d283159e11159e3be832e944edec9987802a28ed52db44394d1204d59b7

SHA512
b2f71153d71398899db985e4773fd7a36405dab038060785c2bc6ca5112ece54e061a99db66aaad7f9ddf3c96717b16a7b37cd6a46839eceac1f5c4dfe164674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
692B

MD5
547d7448c5db588e45abe1ac5ec68049

SHA1
21f428f68a13427ad2a994bed32fa873f60f1473

SHA256
c79d2f5fd3dec3d10802eee9ba154b6104194d4aa55a96ca93853d56479de757

SHA512
cfa575a617407ab8b2e27092d742c41bd73d03ef77a5e09479f117e1680a0ae6345efe74c9c045dd7342b7951f8888b4194adbf07d12212e85ce4b4250330733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f972aa9c7d5f30e8cd04737bd77aa921

SHA1
7a79c02d86de591166a43fca04ec20f742f406ce

SHA256
7d22b6654d536e15f0020128b112906d1dd3d086e47906d2e5791e06d69e5b6f

SHA512
9b6d973680b1b3490356532decd69b237e3d00e36390d72001413c5e4ba9ef863ab04626c3d98d523c0f23a3ee97b687d1e70fd03bb591a1652a66e9d47343cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
79e2a02b6c6a5c5bab5e47c3e469084b

SHA1
1632e82c01764ef3346212a0e4cb983fd3301bb9

SHA256
5c547a4ce685024bc7beb0411afb32c8eb2b262a2fb55e5085a33f4bd84caab6

SHA512
6d79db8781d4c547347535702eb1e2d3a0a7f5c744cdf4d6e486f1bd7d49b29bd4ec4929fa8d0b91df73b90cb0e9a695bfa18f4b07f53bce01a0af85c2bf2dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
054c8153e33a9048072429fcd942217e

SHA1
ccc3799d06fb9b894ded12098c88adbe52f2756f

SHA256
9ce41652b6715b8e7bde58eed44a8a04100318f141e1a2456365054d4e153c03

SHA512
0b1cae0e53a5bcf3808cb4311012b44102075e317d0998321e096721f5b13be329ea25fd6a9e1dc2f4a1d4dbfe07d8b62beceb00fb29dc784007b80ba9557ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b4566ef2e7888421fd7c9dec70b1df0

SHA1
47771fcf13b624e58a9fa26956f463daf35a5f90

SHA256
17b6f8d86942c05f2438efc6ac4fecefbae21c12c16f35660fdaf37ba04373e9

SHA512
952c811c20355f9cbc3c6d4e573f7c51ffc272492aff4ad018d96fcda3b89cb8ad1d7d974c515d7d84b9796a002cdb5ac9b644cd4fe76111262a46fb961326bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27cb6fa99b68d933e7979674d3ce81c8

SHA1
d9bd5cdca06f52730961c67c168214cad8158f63

SHA256
b3cd449fd78f3517b133f7db715bcf69127ad4c684093cbb21aeecb52ebc0870

SHA512
8c84c0ed4fab03c009d03fcb687234a656823d93897ea03a986cf90343c59eda6e9b569018afffa2e5f41549d09197efae4f6e690dd5ad64091a7373551b22b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
efd659a0345bcbfa3d7bf57318df089b

SHA1
e29fac3c62603ae7512904f5fa5516613d5da177

SHA256
9521f8e06e0afc335e241ef37ca7070b9649e5806d81a51ad6d82537a9edd403

SHA512
c3e6933be278cc1bb0fe33350a6507bbdc0618f47c77694680f4df4dffde50af25dbdc1f57d235db4d4aa9bafecf6444dadcfb1f072cd248c6c42d7ba6af4f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a31e3ddde4925a0d90225146f7cf12ab

SHA1
c0232582b44429cd3669ec2d94d29647b7d29dc5

SHA256
8b70a0d3645a946646c2274aaf5ca5c87d50c7691ddcfc0cf1279e31b9f28d0f

SHA512
37d61eed17d2a8ddf2c5f1a1465ab38f4e14b879a1a439d1c334336f1c0b0477ba76c9a1056df0bb92231c8a103d7876d970554a85ccdb47d6bc4865b655b955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
347dbfd6caf6e4fadb8ae55ac3415c17

SHA1
a56c5118008e2470311ef52f7d08a5626b829826

SHA256
35d424ce21e24750542fd59dd8a285a7a2d66b5cbad9f644c87cdb5f3e91e9fb

SHA512
1eac3c3def34470413b2c5aa21a091a246198b7f675ada960e5a1899e1e8726cfb510db9bf1e1477376c3865fe3ad454afd73c0bdd69721c7e9ce762081e88c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
78db205a81afb5ea4e50a40e1ee292e5

SHA1
4fad5d2df8db5a4272e854ede397a366888ea1c9

SHA256
b4a733b06a1c0582b2f90e575295fc66fe12993ee4b74df92bc25d0d616ae1e8

SHA512
7c051c8f7cf4683111970c16cfcb1bf73294e04ba65741c2130f457070a5517554e3edee48bf36b5468f7eb1c31a3e3791f3d2a4333171baaf087f986f42ccc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14e65358108810ac7238447977ea246f

SHA1
4fc6d7c37964b4f470903b19acddb155a8ef77a8

SHA256
57fbe778d812506691b40c6760d930555a55e579f182f5e0afb1da2f5990dd02

SHA512
7efe3c2b9d36512a905599b03ced560f4e12fb0758fc11ddf030ed26cb944a30baebf36c00a487e13f487a6901fb869c2135a7c311dd917f3f17adde64aea033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
567977d52580000087b5a96c4f2cd54d

SHA1
3331372f395ee18e1981fb2c57158d22cb0604c4

SHA256
72a7376708499c3d7f7faac428b59969c73abd9bf956469930ea5a5987917944

SHA512
4ebdb9f0c7cd79282bd69320d7a099870ec4baf4b80f4d970e9250a213a7efbd01fe6f1521d17109b6bb64e0ea08da5173cc1348d5aec7ef87b9c2208cc1abee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6d7ec7458fe14cef118411f93d5cc45a

SHA1
61f55b1b9ac6cae07643dc165ab74f5c18b62938

SHA256
ff23d500554c4044cd2d072ba28ac1d01a0368904420ed53e968e88ff1b58780

SHA512
73de7df8330095a40c28d70714e86bab54f6a1a1c5e4a95eca38b5e9e727a8d9310d6b712b081bff339d5496bd2463dae7c5cf33fca18fc11a3e9abd3772c80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c5aedbc5f4e77c4bd23bcd3a1620ceb

SHA1
4db405c7fe334299dba77555a2715c8e86fabb15

SHA256
2be2b728c5b8f372796d5e3aeed08e0d06872627c998b772d877b7cf6dcb56fa

SHA512
05c6d1561771d8836a5bc9466c2d99100ea38ec686ff5a9fb7604af3a6ff5fb731cea618889ae7a4e386deecffaeb1a1e86d5a539553cc77f4283c71fb8960ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
04ff3fc2218d5d1255506dc1ad5d15f9

SHA1
bb45dce8cb3fcb48713b8eb96167d77a131af958

SHA256
c746bdbb27c5b87a7694d0ba4034e39bbede66149ca42c07d5cc191e86c8f8e8

SHA512
5de20edb8a142e4e6a38a2eb808dee5749740908a056375ee7556b2a0a22bfc22a79f876829bedeae1b8c663eb2012b97cfa9c5ddaedc03651710f7d97f3adfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ba9b0e281220fb20c60c7dd7f2d30c45

SHA1
c624773d4759654c83bd48e4e090e3d41c49fb01

SHA256
e0446e4edb1d19ea5855a921e96f4486b40e34c2ba9f7e835cd1f62d3f962d9a

SHA512
4f4f2956f177efada7af49f3875de70498bbadee051124bb7c07133cd2a283e2dea1c0edd170e406106b656b6c99d5354069df679db2e6da3571b4dbc8eb7d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
80957cd3a934df867ef3f802e56e21d9

SHA1
5d6df5fb00ed3d597c17225a8e8da289c0f3417f

SHA256
660cdc969a4e95d25f5dadeacc2cc335c9061095d39af2cd8c05376389aee250

SHA512
8393f5c1a82be0dae4b9bcec8bcfba496e29033fac638928f80556a2de03c964c211a7ef4be9732dd2c8e15dc62c8fa48f0ab4db2edb73488350b33e7b7569e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07382945add185aefa6138bffe7b0ce7

SHA1
f98027f6d75a052ae6880bdc34509e11f67db941

SHA256
4e2ffecda9e8e8ac5400eb42c08a55fba20df409857147234f7e67ae001c9733

SHA512
12273502fa1a11fa70bf1fbcb25b4906efdbe9e698482fc0a729a0361e25d7d162f26bd72abb2b62bc45858b9f0c7b736f8a1f2f07cb88f9a8279c34b00c6f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff8228a66dd9ebacbb3bc82c68820c97

SHA1
65e64844b148743d490e9594dbd15076f3ebebae

SHA256
f08b1b4941b802c4d773e124aa7a6d350c7db8d559eaa257c6e500a0a16e7be9

SHA512
eb8917826e703281299322dea99ed666f773381152dce71ce3db852dd1ef93d26981224bfc4fddf4f17657efd62623fe6400e468febab5eb8c1555f71270c86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f30a6e00f7fd8fd36ef884beb665c53a

SHA1
8ae650bd3a6bc299a9a71f800b715c8d87ba3c2b

SHA256
8444dff6d39afe5ec1019f5ada74f9d207b0f8ffb9ecde1f03f442968ab22db9

SHA512
1cb5210b4f531f88e830510d2a7a3b54dd493a427ed1baed1772c6515bb7aeef1d26ca671d30d512d970a974657dee662b30bc6fde0d708b1a97a8d079fa0990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
109971c3525e55784e98b4154eaea3fe

SHA1
c95e52902b9165905a53d0d05a0f9bb777606489

SHA256
2b239b67456185b8b898d4d8ee88a68822e129f541e15630ae95f2d61aead820

SHA512
32e36f48f73c36f317cc7e26c2f62d6c39d557d2efd6912d1ecbc8b0966d95b99418e39a20a60789331836200dc4c6d16ad6e6667007e81afbd566a44137ebc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
645f3ac1470d9022f990871a2f72105d

SHA1
92b04f28e577c0089d88ce9e23982f7f6f4fc6d3

SHA256
ba4ae709fff7b127874cd3feeb400683f6c75c7619bb992900e85c3bc0c5549a

SHA512
e464f77e3d1df9a23c5e0ad0f62c4b8deffe5796c272470c0ab4d80893ac0be1a23d1b6f653dad793eedde8b07833c04e6c5fa249dbddbcaf1f8b68bc19b4f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f947591fdd358ff076c0e790f32bb2ea

SHA1
f4d009c9941592ac356d22d2e341a3293ce6ef40

SHA256
2d2d460686459b7b3ddad711b1578fd4647728cef2e48557de90662448cac164

SHA512
f451ddf3c74c77b1ba2eaf0b95cc6eee76b4b768bf26733d764f9ccb7eaadcc14845a10219def0ecc0ae38f1676ba89d5508727d22587d6950a00c22bfead49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aefa45c427dcbf5a068e3804cb250a06

SHA1
cc715e92a4b616baa9583b89f096d99a995da33b

SHA256
fecbdee479e93557cc681ff94c1bb16f2e2a048a5bca6be09603ca8945799525

SHA512
7823753f731cd7d3414dbccde47345917ea76dc07c3556c7df3162bfa023b0aa26a1877cfc9041ca37eb13289eed5e3b42b5c94b659aaa2ca12f03198c28bad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ea8a834831e94909a6e6f63fca2d2d6

SHA1
d9a402fd2be4771937dc00793661f0bd244c89c3

SHA256
ec4e4e075eac2707385faacd8a399e83daa82bade1108df7b4c8cec926aa973c

SHA512
1a3644379763806aa4a17ff81f1aede665fedc146e2489f0b54e4cf2b3a2c122994807af59c42977e0626a944f6b43a0b88040fb153a5089b8730373f5b7d0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
07d1a193ea7cc7ed99c00c6eec56fd7c

SHA1
12d590b105cc1eb408193911e1f870e783495c77

SHA256
3f0e543c967b6b1544891ccece6ec3ecf2f5f503ee5a21d8e72f82e300cde3ca

SHA512
e2abcd971fb97accb2b1e3e7fdd018da4ebf84f6187f48832dc2c173e682fd174a5b886754604bd4b9bbb1f4e561887297c72242848e8ac3d49d9266c9137138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eafa3b0e8d602ccb7d242213e0e9a916

SHA1
95bd4c7a0732ac31b4f910acd6da186b72fd56b6

SHA256
5fc0b3ab8b5ff62c640b683334feff9dc57dec5d4152ba3e524c5c188f4f4299

SHA512
4bd732d6c1a807a2a335c678a368ce87de0a8401d655ba551d7856a2cab7c9391ce6d3d166a265725c652756a315c5bc2e679ab01fb664a636652da3a15d107e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74c29e279dc1c53172af1ff3ed0f0ee5

SHA1
48de1b248d4bc9d5ffb14d9c2b6cea3d5023b33e

SHA256
364b384758e66f6bb0350e1c70a1e8e80c98bf2dfc3dae4f2882dd5ee8867ade

SHA512
6a96cc1b47a9a67f2d7a87e68c6c3293de86acf4eab8af8287a51036392fd22cceac2429a42ad10c9220c8935465e5590b07565e78fd6fa63905a8fe2d9693b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0f43c915bb6b6e35f6ff899ba7d04812

SHA1
02cc20dc31fff8013a7e2b4c1bac53edb5a9cec7

SHA256
f5e4ddac1af822ed9aaccf9b435ab81b9da404f7eac72606d5afe31d967554b4

SHA512
52a664ba41380f0e44d6370ca0d30960b38b4e32b752941ea50525f5d19987c609299b21177edd9d93d2133e5437bcf23d39089eb4027c28c4b4c86f133246d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3b79086e217fb00fc9187452a506c550

SHA1
4e48a1aaf88cf6177ae14180badc25e3619f233d

SHA256
1947a79ccb4536065596e88181347de91a077f31d8357506d6495363c944e5f7

SHA512
f025b839d5a8b56dcf82b81556c12bb3f7ee83bcf2472109be9d5a47afbdba53fd3cdc0d2fef108ddae31cc946300b71efa50afb1586d031e45f8db4cb16784e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
519f39ef761c4f2596f91cf7fb8726ba

SHA1
a1d8882260ae3cbdb52aa9eb0af39d577a701529

SHA256
4fd2fbb6795b6aec7405577c8f895cd070976bc9f9d39771e3184bbe42a15387

SHA512
a48b5a1bbd83d56d4cb1f092e460304b85f07218b4254be19d6f027cb93e54f35afcd034c094bd98703da26a5f5566e17468ef19aa11fe7286ca76233d52209c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
612b590fc30ba55a1a4a98d7f5c0c056

SHA1
09da6be70f93c9b88c74579cdc320f34add41b28

SHA256
606e5eab5d089803ae9d1c93c338f23518ebe68371d40bf47882535aea1d2324

SHA512
d2ccb82cb7a1f16932409a730d5015d0f39b88f4cebd30f09f169b23d1735e0d8a6ca13ab270034ea4773049fc00eba2642c12c73d77ab4883161d5a6a5d7bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96fe30f8082aa8d159cced733d56f6d4

SHA1
6319072001607452354339b82b62b84a277f60bb

SHA256
27eb35ffeca39b5b6b99543e79c044574deb864a66ef42b149a1d975c6cd5659

SHA512
b3e1e4c26c923670f8016820e2dd2587a52e1cc216384c9b7eac316778f30461af0a1821dd485d2ae930f4fb5c4c58c8386af088dba72416be2ade3d8e73ef31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4e7bdaefc496db0279042b92689bfbcd

SHA1
597f0b59a0e7d8f1670bc1ef7a64080e7a73d265

SHA256
fd7cb16cc53798f8f60ec097b9a7e2a78538b083eff91578db59fe1d16bc4032

SHA512
d7b3b03edf9eeeb7802858f6126f95b6eb32899a21b04ec63d5ea81c664e0780b187c6382371ad386d45de4ac45048f3b1d38017db6c70e779486f84085b9971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584716.TMP

Filesize
203B

MD5
5b9028a9822a2bd5744db14613fe4ef3

SHA1
e7dbb4c1b46edd9250d4c5bd4ce06becbec0c0ca

SHA256
9c70c6a87d892dc78185d0abfd2c6598bd00fc7490690ee54abb4c533f53716b

SHA512
63fd8bf76d4fab7e34129d5555d97d66511fb51aa7e3d1bd65386d523afe958cfd408cb26d5e3ed94f010905934efc0e754af4f0f47c6ed4737c5d6fb0a1f28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e130b0b05c74aa8c0ad388497a356d04

SHA1
7e1fadb2ab87ea2c7c1a5b8e510c1f9a4cd25741

SHA256
c95dcd87f3f0a539272d5207446763afe27d8f9a5d9b73baeab697e4f80252a4

SHA512
50bffa0a1eded113fdde272475a1c22a1dd715d0663f734301f8f77ab8f1b5141efd9fd6459befce5408027a726492a72a0ae6e72e98cbeb56f5a4398b54b33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0564c39c2344486cb5a3834b260e9dcf

SHA1
7d698ba4b96982a95e18dc19018c0b6ae4b48a15

SHA256
8aa41936527380023936d41ba209275d27d78a90c7c35880fc2ba70fe41d6cd2

SHA512
ec6e7100824beb3bd251be37f413ee8be93328a98803fed007917cfe52bf2c6db003356de3ab8e147f177b2878c3d9cc34d8de7d6178b827225e1327bf1f221b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89ce2bae2ca5011fb2099762e57e2b7b

SHA1
0132ab2bda92b8ec75bb6788920153b9906bb43e

SHA256
95932fe0770340d538a2fb4fab78a8dee46c9d7ca3e51cd2615cdb4ed5e0678c

SHA512
c9d5f6b4f788f43da0e4a067baaee189d870c04d5357d3a0ec1f0f672a01bea675551ead34265d0947692bd13d3a2f7d9668fddd736ff5513b8a1a95f34db7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb702731f8549926f4f3b744b95867fb

SHA1
84c685145c139550790cc0a6d69a4921b00eb434

SHA256
a9dbb600c5a24df0527f30926fe205e532f85854073cc8703897e3397c4bfe6c

SHA512
e330979761a3a34cba2ce9a3d54a98a40d3548126945f881f6faea19eb685ce4e18b6dd7cb2258d3e403b453d89db1be60f63db3595780252ed0e05c1c2e280b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af124fe013e2d3a2f760462369f3fdf6

SHA1
d65c16e4832660c5f54234fe602e66e5ebc8d6bd

SHA256
c1fa762d293713b3a97433e83e345cf1d1d0792d4c542e8ce84a3a06061f4c01

SHA512
628a3fc825e828e5a3b5955a210965a5f7562f1cb1f1259903f7a86f8f5c52e12951ff83c1e3402fb62d323c60b1bbefcc74f348db7edeab4a027c1d5c38f88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
649cf71cfb1da9a051d2d732db912ca5

SHA1
e08dda8a84c8c335c0ea481fced72e6b1f698ca6

SHA256
aa68ea33e83f6f92ec49630c731b72a359757aeba3b926d08d30307e2291fb85

SHA512
1c609951bb6c2fe6f131a62c881e26c3d055002ea0069e438809adcf47e01ec171c8a35b65144594d8b91d3ba030a6636abe67ff64d5ee952ba0a18ba7e17cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a721d2d9dd0d3458b2085088cecd672b

SHA1
81d7e19131563226d40877a99186883d92cd785b

SHA256
30e3d0d4ea3fc07dd8b5f50b55805fc3d6ff14f1fc8e7897ecd44c96fa57cb61

SHA512
38975d6c9e3a4c1652a92610b69e85b1cb0cf8e572289d3b29c17c63729cf48c353f2be2fed8720a42eb17592d12979c1c71c7bb67d76df42cd56bbf52fc6566

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e00t23ou.dgd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
1b19475735a09a6d15b3ef9f69279e57

SHA1
3283f25fdaf5929144103b1376f27513fc299a97

SHA256
1edd4781d998158ff000e5d6688bed10e1e619f2428e01b760e5ccf5269b2045

SHA512
6e68b817e9c0395cf727582d84f9dd971f4c70a7b67eee51a6501e6f53d5536c47203cab201fd65ecf95c7d7cdf1c91ff60bf94953b91e84c53f3655d87c9c20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
769a8fdc383fe5cd01d855882f6e8bd7

SHA1
73a91d1779024b7b60463199ff23f1957120923c

SHA256
d3426b03a1b73b948a4deccee26107333d2025e6729046701db573adbd0390f8

SHA512
8a37af25bdc9acd8132ebf842ad236228cb83715184635c8ccdb9df3ec7214f82b53b28fd7fbb38e70e8fe24b3facd1a092fa0b047ff95fd523ad6b27ce97f6a

Download Submit
C:\Users\Admin\AppData\Roaming\appverifUI.dll

Filesize
560KB

MD5
65e4debe62b078db156e5cfbcfc7276e

SHA1
6b03fc8a55f196485a04657d23ab8d81ca882651

SHA256
d22152e04c83d5adad05d5b1226f9f514e5c764263b5fe06d91c55afc050b50c

SHA512
5aa4f93030c71043041a01f188da104dd2c00cdd975662e298e42ed526f0dfdc0d672b111b15fdfa23a6ed2f34f2eaccf93b22c5ae1d4bb400796d5b71ca4618

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
560KB

MD5
96ce24dae3de04c480fafa0bffc1fd1e

SHA1
cc4fff43302f874cb13f65b865b6cea6a7052870

SHA256
b0acc95efc739700f2580763f03163eae1cd89db98483097c6989556af13f241

SHA512
af8b567246c7ac329fe0ca546d0f4d13106327a4e713f933208120eaec56acaf1218649ff71ae0034313dbdfb6a883597fded430d44aaedf34e8a6df4cc7429b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 795364.crdownload

Filesize
7.2MB

MD5
bfd191a3113a5771c09ee16379311bb0

SHA1
0155f01c7fec7eb242057426859d32cf47336b42

SHA256
0589e2b862392465ef056a9c21a84566ef39bc33c9bed2831c5bbeaf6fd659a6

SHA512
e7f34854a9e87ce92f2c5a47165bfe1122ebfb2747497759c14fc9fed8b8d3eb0ab1b19a7629355422f2d61ed7087e6aeed446cd74d707c42bae6270264da3a7

Download Submit
memory/1920-938-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-932-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-943-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-940-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-937-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-941-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-933-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-939-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-931-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/1920-942-0x00000271B9F90000-0x00000271B9F91000-memory.dmp

Filesize
4KB

Download
memory/2532-2675-0x000001CDB8E70000-0x000001CDB8E92000-memory.dmp

Filesize
136KB

Download
memory/2532-2685-0x000001CDB9380000-0x000001CDB93C4000-memory.dmp

Filesize
272KB

Download
memory/2532-2686-0x000001CDB9450000-0x000001CDB94C6000-memory.dmp

Filesize
472KB

Download
memory/4460-930-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4460-929-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download