457d62cdc267486cc5abca9fb5f8c1a66fe280830853dba0e96d853de270c571

Resubmissions

02-02-2025 16:44

250202-t8tlcsslfm 8

02-02-2025 08:43

01-02-2025 19:11

01-02-2025 19:11

01-02-2025 19:09

01-02-2025 19:02

01-02-2025 18:52

01-02-2025 18:49

Analysis

max time kernel
359s
max time network
358s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

the_watching_nightmare_updated-Reborn-1.19.4 edition.jar
Size

12.7MB
MD5

a718c31344afb79ab44968939d06e8b7
SHA1

dc7ea8bc0398e224c8a7cc13989289071483ab10
SHA256

457d62cdc267486cc5abca9fb5f8c1a66fe280830853dba0e96d853de270c571
SHA512

91e794b814f496ec3b27e30ab38ae2517f024548bc554e3ba607489cefc0823e30fa9ccde0f180dd772668117737fa5a957a0b0503d04edf8c76755a8e7c29ae
SSDEEP

196608:UCpW79MRAwoS6RnRbyMHLXlz6pJ21/bM51ux44+J9ZJi44+pVtSxjXaOzP2O:dpWZMmr2T21DM5184zRJdAxjaA2O

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
60	1576	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
4488	freeRAM.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
63	camo.githubusercontent.com
64	camo.githubusercontent.com
68	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 926265.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
2168	msedge.exe
2168	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
1740	msedge.exe
1740	msedge.exe
4032	msedge.exe
4032	msedge.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2916	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	taskmgr.exe
Token: SeSystemProfilePrivilege	2916	taskmgr.exe
Token: SeCreateGlobalPrivilege	2916	taskmgr.exe
Token: 33	3632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3632	AUDIODG.EXE
Token: SeDebugPrivilege	2724	AnimeGirlWantsCreditCardInfo.exe
Token: SeDebugPrivilege	6060	AnimeSomeoneWantsToKnowWhereYouLive.exe
Token: SeDebugPrivilege	5332	IsJustBSOD.exe
Token: SeDebugPrivilege	1416	IsJustCAPTCHA.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe
2916	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 632	2168	msedge.exe	90
PID 2168 wrote to memory of 632	2168	msedge.exe	90
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 4908	2168	msedge.exe	91
PID 2168 wrote to memory of 1576	2168	msedge.exe	92
PID 2168 wrote to memory of 1576	2168	msedge.exe	92
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93
PID 2168 wrote to memory of 2496	2168	msedge.exe	93

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\the_watching_nightmare_updated-Reborn-1.19.4 edition.jar"
1⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5b5c46f8,0x7ffa5b5c4708,0x7ffa5b5c4718
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10528907837276044779,6330311765167454919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3568

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2916

C:\Users\Admin\Downloads\freeRAM.exe
"C:\Users\Admin\Downloads\freeRAM.exe"
1⤵
- Executes dropped EXE
PID:4488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
    3⤵
    PID:4412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5b5c46f8,0x7ffa5b5c4708,0x7ffa5b5c4718
      4⤵
      PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632

C:\Users\Admin\Downloads\NotAVirus_v1600\AnimeGirlWantsCreditCardInfo.exe
"C:\Users\Admin\Downloads\NotAVirus_v1600\AnimeGirlWantsCreditCardInfo.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2724

C:\Users\Admin\Downloads\NotAVirus_v1600\AnimeSomeoneWantsToKnowWhereYouLive.exe
"C:\Users\Admin\Downloads\NotAVirus_v1600\AnimeSomeoneWantsToKnowWhereYouLive.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6060

C:\Users\Admin\Downloads\NotAVirus_v1600\IsJustBSOD.exe
"C:\Users\Admin\Downloads\NotAVirus_v1600\IsJustBSOD.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5332

C:\Users\Admin\Downloads\NotAVirus_v1600\IsJustCAPTCHA.exe
"C:\Users\Admin\Downloads\NotAVirus_v1600\IsJustCAPTCHA.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c76084ef5a62345ea5fe42f496230ce

SHA1
ab677a8684211939ded110b61dcecd68d3e0b606

SHA256
1db95ee6e5eb9737bfb6df17177540cd05454c27f4fd73c916c39f690f749c76

SHA512
d0c3578750ae89785645d31a931c598c8dba7035a17b6fb9bcd3ceb76a69c8dcb4b23ecc89ed85be30599382db72d167bf91313ec44b59778247537e14cba66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37d04af7fe040412c05f24f2c6cd8f2f

SHA1
2443f06f4525f3d766514f122857ecc74fc2941a

SHA256
1ab5a5199a050f7d642f1d2793d42657778c954a3fc31a799cdae6b5439cf725

SHA512
b3449a38062566d668b5823876a48762e67959723fd1ee37168f58d150269e25300e43342611a72052b956a2602c44ca3ceb452eed1a4ab12b5f752461e32555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
06e32a5d1e2d387ce562ee7aede8192d

SHA1
67f9d64c29663f6865d0d134db189938a92503cb

SHA256
46ec4156584d2cfcd0ea2dd2eed85a0545ddf4e30a8c20c26b2ff3fc7c065317

SHA512
0d1de74efa671be757ac49d1b864ed89cca90bd56114d79432ab91407ef5987d4f4573ef3f2e307b32601ab335a43f8cd1860954f986dd5d887a02ae37ea0717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
21KB

MD5
6ff1a4dbde24234c02a746915c7d8b8d

SHA1
3a97be8e446af5cac8b5eaccd2f238d5173b3cb3

SHA256
2faaca6a253d69be3efb96620ba30e53ecb3de12d5285b83ecdba8cbc36e7311

SHA512
f117b822aeb0a434a0750c44cbf4cdf627bfebc0d59e266993a4fcb17a7a0519659e13b3bcf8706eed7d80d0ce33b0ce5915afe5872c37c010a401dd6bb1187b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
082c469b33a31285b4c182bbe6a1b499

SHA1
d2525c741034e1ea6002707ef528a270fbd2fed6

SHA256
09ea9ec8594cabda1edc0ca1ee990be1f5c564d0dac06e6a07ac03623e5f4f1a

SHA512
a731c121e9438f8d5cc0fd28939b0493f5bb37013b60e78054fa6c4e3f72d4cd52c5bcd9e3dee36903fdc7e06aa3af879d706f360eaf6ebf750ba74d595263b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
59KB

MD5
25b3d7b6beb44eb20ffd065656c15e1d

SHA1
59301a1a36a144715b51bdccde1eb2a328f7efd3

SHA256
00a88a411e1a1ba98f55fae99469271160c23d87b1f71f90f31a7810f063db9d

SHA512
8c71c4b268832f016dc20f68611abe976294421217f7834b5d409b53b0f0b137231c9364eaa84eb1afb05fbb121a0ebd263e52ba60cda157ae892219b462e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
55KB

MD5
c649e6cc75cd77864686cfd918842a19

SHA1
86ee00041481009c794cd3ae0e8784df6432e5ec

SHA256
f451a4a37826390ab4ea966706292ee7dd41039d1bedc882cbc8392734535393

SHA512
e9e779870071fe309bbde9b6a278d9627c7f2402b55ac4c0a48c65b1de5172cf9dad2992f8619d7e7aaf978e6ccd607620de88554aa963f3d45501913ed49f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
18KB

MD5
ec02df94928186d3c6b59ce65f9000a3

SHA1
ff25873724d5bee7c3a1b0f70853f3f4db93056c

SHA256
31d2638dfacb6328063cfadac99239427e0eee86cd28e2deddfe4daa39c55674

SHA512
69ddeb0dd61ed03bc060b9399504988ee0c72c4de46e3a6efc967bb3686a593dca9362121d9b5106e9f2e355238614c5d108cf28354b53e5aff6f5e2e112b873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
22KB

MD5
9b5558381a28d410bf93be576c4e1ec6

SHA1
67c25103d7e61f1b482a665fa0d86921876765d4

SHA256
0adaedd1b52daea4ac19cbe9c095eeab8d4f288c1eef838aa416308580cbc665

SHA512
aaf3b065030b0fb7c5a689d4c44d5cc2cb0ca6a79ce7cdeca3c745c01bf4f64e44de2ddf8e06cbb35eafe0e7a005a34178c4185a5d4cd4fdab6fdc20df44e0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
107KB

MD5
11341f03f951333b4309822a7ebb0907

SHA1
fc813cb6a262e6ef9991bfa2711ba75e7a0894dc

SHA256
99aa368241f22add83b34dd05541d726ab42a65f3e9c350e31c0129684b50c1a

SHA512
089cbd6d797f4e086e945dbb1345f4023fb0ef4daa9d47368ae7f253cbaea7b6236cfebf0d19741aba415ec4f1c3443050cabad756c55514ba2bc0bd7442bac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
16KB

MD5
686cd4e029335cb803ea8b47ea727bd5

SHA1
acb03acb24c943d81a8e4822466201cc4114692c

SHA256
785ffc242cb18f8e9ccb9ab96c37df3cdf1612a38a325a2a9bcf8164eac6488d

SHA512
a54e055ca8e021757102aa6c7f9045959fa32a7db215595cda8419ac96f75f44e1f5846037e14b6a20d0db51c4b1e974aff1718e16ff5d7650e0b667ca09721c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e77f4c20dd1d624cc8aa1c2e0b0d90a9

SHA1
83f5f16a15cf3eb0eaa6a58af9ffcf4d1d6d872c

SHA256
f4e182d9692877b8c5634402845f0dc9e9251f0541c93e4beae4a0c607a81967

SHA512
64160e4dd146d6395ed7ec59d046778c06e95e0d5d5c490afa1cf420c7e7e197c62346f31da441818ca62c950c1fe5551daa048bf2313cc153d3c60b5399070f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
35fd68308a82c039d7edf8c82be73aa4

SHA1
d9f3630db3c2a2fe9d1f3c39385453eaf2d92ac1

SHA256
fe8be7521233aa9589361dbc41aad4b9e5759422704f8c35b417a184550eff83

SHA512
d2daf0dc03a03ac7f609d6b3fc33ec517ac90519998204bcf6d39a27366f8ad75024893e586021cb664c17055c228f6a4cab22596fcbd6f67a6b4ad36403a39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bd359b5a475be92fecca5aa92e6e132a

SHA1
11812aec06a782a57bab70f163ee16d532a32356

SHA256
de5237261f4aabd8494c14e0242c0b9b6a82a1b319717d3b4d09847bfd02773b

SHA512
a68370898d3f4c2f01ac485676099140f7bab8686bc91853e1e94943672472964a32b5857c17a28d7d3118f462ae279e7634dfd616b855ec38a2ef89a2c3e054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
108572d722f8a56104434eea975ccb6d

SHA1
19c6026199bbe746fd03f3944aa063313ec780b8

SHA256
46127a57fe4e8a53f9f1f647d611610274dc5a0af78ed97c9596fa409fe18f83

SHA512
65a7941e35a44fe779ec58ff32e2820d71d1b3a5f05f5a48a38e70d9e45eb15e6378363bbb7312fbdb944c64ff3ca582a6ae59f6694af5b2c0c953a809b95535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
941B

MD5
9ac614e093fbfe1b4c90356346269b06

SHA1
cde2d64526f4f521c3f6ce9030f7ff88b16b9e28

SHA256
2e9f266ab248f17a6ae048fd2144ad2fcbb90b07c9e1797e4237598fba2f1d97

SHA512
3241f4189427b22e16749d4881c2c58af8fb2d9b61f3c1538db1fc02dffe7b11ea59d75eb959de69d9224ca42c680be21f28e410b2747be1dc5848794d86ba5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d266e20cb8d9b98493a2ba3cb6507e2f

SHA1
faa5d0e898c9daaf5ae2735beb953ab387567794

SHA256
d7c22fb3f9a6e6ab81a191f22f5c7b36f9902a933e1a985cffe26525da118f90

SHA512
1e4de12811eca9b93fc86417eb7b96e43f9d8573fd7254053795872a4492fdf1eb2a0f429b2f6e1f2a68701a748406829897c328b74197ccab6858103ba7580f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4f135a659bbe24f5e1d82ab9cf0b2874

SHA1
20c7190bbfda5ca869e4c5d10ce94934c0081829

SHA256
ab54ac6e1fc36388d9670367bf68172ce52c7e2b4eba8445f3471b747b4cfad5

SHA512
919f9f72a949078db4c270c8047a6cba7ade898b47a4f55c2042128d0d9ac8fb97cfc40c83f5381bc1798e12a2741ade69e9c2d2f258a6e9d50f685a916b8162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
556dbe5a793843a22af2a99f8ce76c6a

SHA1
4440dbd279978fe109a955eb7764dbe4d42739b6

SHA256
fb84404b9d1b7a21d6397932b9a2fa9333b36d52073516dfd53b9cf715116a9e

SHA512
57cdd433a1657c583f9d1b93e896021052e074520041285465fd3245b2601569971fd2219fd3ac63b5fa5b6a3d06eaff7d193d859852905b760a40d5951c48a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
466739004dd98f7ab884afe64e38e9af

SHA1
3c4a93a477c1f59ebf83a71b35a27bbc3eba7e72

SHA256
25d2768e3abb34925e925a832b12c42acd63e0962b6ef4259a513cc94aa312de

SHA512
171734c0a92375f2ed2fc12bfaf62dd5d6b9c890e7596bdf39ac6e05f9ac0cb40a7e01facb461206c35b92a9d30f2f73e9010e8c951d898a33307d31f5f88943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6bc95514eee0cc26374b693440480469

SHA1
bed6b522b60d1cc0a2692627b8c389078cd1a640

SHA256
116a74ce39ee979fb15ab344821fd37bec851b3b05919a9bc568adcd85e9f904

SHA512
d80978bba25d61dcfc91955183f11c588b38bc939a983be57dfb750de14d5df53b0c8aa008dcc99c01c3295550c549e06d0d54df2c598e117f3304178d5cdba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
59f92446333853f480984aaca7e78c67

SHA1
05f8094e4a04abb4808d472f5e8aa19028d67937

SHA256
9c8b024353e5a278bdc8d412402e7539e0556da1ec4ae207a6506d67a9b4d3bf

SHA512
c6074b68713feed15712a817aaac199edb46ab8284b62cdfe347226e9c90a2310ac41e4ed09c1b368c3eb83671092b3457ad51c2305986414fd17eaa52c67fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
805f4aa85901ef834b0c63fbc0101c65

SHA1
b57843c1bd2a3668bb03bd735f3d517890f4fa8f

SHA256
a1a251f8960be565aad25ce5b60fcdeb64713e6f2bbf8c75ac5a628e67e1544c

SHA512
39fbc12532dd958a451ba1bdb2a30c702380d48197681109b29a86fc04e2a272f5dd519c25583a16390c9e95cec3fbffc08bfcd57b0a5e2458fe163795208a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04a8ae4919e95ea2f850c6591294be7f

SHA1
f2633aae7ad9b65a43dd8d75e67a95c42e6886ec

SHA256
d4f9d12a85a7ac4033b86bd8e172018a31a122a4829dc2c2656f71dd14865cf2

SHA512
e52a1c5c8bb65db063c5b80e86035411a56b092abacf63be56c3560372c91c97d1e173caa662e38aebc3608c157c3581c232c68e81af78586f27e78d5addad8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bad98e85f897e992a8cfe0fbd7d5ec7

SHA1
41977f74f326818df1db4b52a634f128e4fabee3

SHA256
7aa0b0883b2646fd94ed0a762dfa28675f1ef977b99c7fabc6c050d513e62653

SHA512
1fa9b0d9a80dd9e0ef5bb08a580b03b5158137546dc1feb0bc6e60b8ffdd9212c77041589a97353939a5991493077ef4d32a29fb755e0f1e0690d84ae8584164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ce796da715234bff15c22a3bc5558ea

SHA1
a4e8809f122c98e6e5d7cf2f7a92b25c3a27124b

SHA256
b795d372bd5bf213184f3da9d36988e9727e605ba834abc2d58f7bd6ec516020

SHA512
7fcc5565228f1b326cbedcb09ecae54ee28547ad4a1d73a05dbbf7015f52d1084b67f4397af1ea88427f87051632b2b6775ba6420c8ba798dab7c5c4e02be02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
739906fa8118eedc77c930e1e633c53a

SHA1
cac77fb1b97e60b3d9c89d9339ff9203017f9923

SHA256
4dce5966e4288cf13157018e3861bcc300b77a451b26e2093743713a18bc8305

SHA512
264f1a31364d735c4c890a945985db586fea9cf1c4debd9d7f85078a238bb104b2ed11c72c1733490c99c0b61453e4bf4dfa6bd9d5ae31156d431fad0aa1a20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d68c14aa-612e-4fd8-9ac0-5688f0c73de1\index-dir\the-real-index

Filesize
2KB

MD5
aadd4662041a04d07d54c088de83a34b

SHA1
31213aa921274b96964116a1f570ff9f3b8d519d

SHA256
4fc2f0a0b746229f2e3eb3eb64441bd4dbbac2fa2532f0ee8ba2a3869118ceaa

SHA512
e8211a20944d25a2d96a4d31da50a93e655d7af5c34c0327393dc96194a17cbfb52afae71fc0ea87e58b144f24df73d71122c29e4cb4617187c81cf499932ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d68c14aa-612e-4fd8-9ac0-5688f0c73de1\index-dir\the-real-index~RFe5999e5.TMP

Filesize
48B

MD5
0001aaf958b2d32fa9c2e4ba94baa518

SHA1
28229bf11c7368778205a750eb87fc0f0640895a

SHA256
55c41b8a8e83d9f7afc3e3640e9143fbc2ab6d8f270de0827aeefeec88e66d18

SHA512
8b0fca0caa7c8b0cd325d20eb9ef1803f46ea317bfdd5563b2568af633381cfdb9d57223292a78f4b6b070fea352f8981e9dc6265cb90e1b2a301e8dc6fdef53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
297a47d5214803f32c5d42e1e0c9aba8

SHA1
fefc822ac09302bd0a62ec64695b08466dc73a61

SHA256
3929960e34f06d2d493cc5f1395f6398a0df606f77afe8f1d4118f563cf5422d

SHA512
e59518643c0cbbfba58b0c6bb603ea4173ce312af23aeed40ba7dbf30e3caeb1be1ce39279f3f1b315b5ae2c80922d80e038a2f2c6d69e054a7a068384221f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
7cba979070fab243e511a9f69b2bf36e

SHA1
785b97bdcc4eb28a42677623a1db8f714a5e7d1e

SHA256
08e775f67c259d57d47879010c5f653bbf65e40e7940aaab49d980ba286dc4e4

SHA512
3ea95e42fef6f5d0f1e2eb07f515e4ac9526b2f74a2573861c58a1453ba2c72e07125c9d25110e9ba54232831a0807a0416123d42e667c6c70ea09ad79b3678e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
491ca5f9e23afa9e46e3925e425f968c

SHA1
e243ec893a1689ba9e197ed632efb117b73581b0

SHA256
5310a464137c2864fa59dd4766b261adc319ee0e2e9c5d3bce16d28ac7084e04

SHA512
dfdbd9b58d58d41683698fb95775fdd20f572d028137be38c326aa2b6b705e727838ed3ed240d623ff62f212edcdb7500f8c5fb64fbe6d4ba256c967b4f325f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe598294.TMP

Filesize
89B

MD5
4979f3bdd109e837c1b423440f6d992b

SHA1
f5deaca290e31be518280fc107a709d0b5573b34

SHA256
3927eb354fa8ba202d8a0e84eaf504e1812cfa100cecb50f3448c9452005d5eb

SHA512
4fe87b7e713fb4c825a24b058faaee7eb89f9d9455e0ef4b749da0db257b56e0d404ca3aa788d165c086d36048ee3573b2514e9abc8cc8c7613961a3fde779ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
e17f69ac7c0d799e5ddc881c7a427650

SHA1
d41bdef6bcd10666c6e0fed6ba558d7d7a6a77c2

SHA256
fa44507e4877d5bab4024f39a9b6f54ad5626382a51a97b929f26e56a33d5404

SHA512
0f9e80c32022e8155bf5775dcafdaa07022a3ea65a47b56d1a540c8f98a7ef5168ce65422414196bf02bd34845ce5f2db90ac0793eee74534c18f214cdda470a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e805.TMP

Filesize
48B

MD5
e5520eb9938c530f7a4d3ffef476192e

SHA1
03f4d28c39b26a1ad6854290b8bf2a6d402c6f06

SHA256
a1a44728d0ab7649b0edbb5e01f3497e9f3729a278e0f006c15aaff532a19047

SHA512
4609453f250b8743815895c269b5573a2dd4b585f24361b9bcfc07b4dc3eab9dd365f36b0e49fcb695329bc28b9cf57e9d0273a37a7c07a0ac4ceebe43113300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
232cc91990cee76fe4ae5338e4caf6f1

SHA1
d4c64c022effd65e7ffe7830cc2e76728d14f868

SHA256
6278886e4341afa61e47df73d216441a17a45c08a7e3f26331b5558cad6690e8

SHA512
02e5a439155ed32800705f5df75897d5cfe444723a2575d0184611b9e14647c0c8ab2861c0e6ac4e9a076019448a51c5a4ca9da11a1f903fdc5fac9a72bd7255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f2147b093fb6d836d38205b21773b1d

SHA1
ff2115a23d6e63598632f8c463b90029489cb754

SHA256
6404911589aaf6b0115804e1ce079e9a2902a3d2a13fb7bf20b6d1a6a2225f90

SHA512
6bf7d587e8dbf691c8c7b89ffd73ee88d882adb69bb2ba14dae03e67204334e86cbf6d4b4c7b8cc19974503c8d288bc54a20bf6cd649deb2cda0967c321d487c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f8ea1a12a91ff4a9c614be580961c431

SHA1
b00fda212f64db2314cce55a4f7f964c58f66b53

SHA256
ad214c6a7505ffcf6642cfdfc112d3929c86d6f8e476b2d3630b131a942a7d07

SHA512
fdac0606abd41a950e9865124f4aba926e428e6355c774546554ba56416d7c4a7add493d3673823c841ed15e1a847173c6141b700ac0de5faba94334fd53e57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20e1dcca1d0b677cba33f95bab82af14

SHA1
2e4a4d9c7467af515c2aa6c3f659a273a9482f6f

SHA256
de36128620ef3a1ae5a7d9fd1508706b2a7e0070e63f36fa03b8d9348620eeee

SHA512
43bae397aa199a9a7afa2be9dbcaeee005af43a1b6af0aa34a28b42c5c191168f7c16a11692a77e5d8291e07890ecbfbcf83e89a61879455a32d8850c49da678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2dbb401dc8da38970fdc1a4e81ac58c3

SHA1
62d60d7ffa02f9307e61fb655297051c25d85bb0

SHA256
f7ca6fd88ca7606aa8c7aa90e122075118c73dfaab1ea28ad61cb6bdda52b828

SHA512
ab8a8b276170d96495caeb26a5ba627c1730b2b2889e37231730c72a7d00082d72048e2c29ac9d7c4a7ac0fc1bf7b216335662f41bb85a15571c0f776678aeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6b41ca4294c0267297db17fe9b19d6ca

SHA1
e92528eaa2bde4ed9c65ca826eec0cece9abfbf7

SHA256
1b67715cb2cf1ae9336a88e7f627dd438ac4bb3dc006ebb2b144f3df7496e049

SHA512
402e01722c40edcc01d6947eeead48dc0e4f784705f52ce7feb4969aadc18ce0e040e0cd580878e1f42266c76ed9011b3ffa40b1db9c54cace6b5e4c950ef59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95687c3f911e70796219496188c129a7

SHA1
a113598134e61d0089ae1f2f7b1f4565c41a2d51

SHA256
7cf876b6dddc924bf6bbf78f9b5323997f8ef450505e78d48f29af1d657496f1

SHA512
3e560530a67a03f72c5d6441bd338c6ccf5eeaa1370330af7de6ae4e76b9815329d113134c5789f92f874fed97f2489da3db499e6f712a441be0853ff277ea74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef94916de0bd359c364c2487b7cdb809

SHA1
40270d57fd6e6f6e21af29b59e516c2664081109

SHA256
75b7af162703370b9be50f4b63505919355587e0f957d610970a56435a9c0e14

SHA512
aa31972d812e70bf6cb3b901801cd8f5c657f27c6d1b237d4818381bc248097f5ff4c7d12c1e7075e9ccea16671a48c053975a4a82f71b3bfd54a94eb6a68f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f01f2e1822ebf38a64a939ce8ecf281c

SHA1
5f861d0e159265887529f595694dd81c884baab0

SHA256
d08431f82ebff07c40f3f16e465cb541354496cfe90e212edf809e929eebffbc

SHA512
342b6e74e604d0a07bb685f20bd6367360f57061df18810855ec8a8f1c08a5b64490a89b88e59175b1cc612414c8c2133cad8e13e9f79c387940e2a1365e7392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
38fa2983bfbf26437f4ed8639b9de749

SHA1
89cf09dfc5476b8682048e30f07f23cd0e0b3862

SHA256
a3f914dbc21d51364ba990cb60546dc847a93bc0a762b961b224977108b4f279

SHA512
267a1f6029dcfe924f56c6346cb459c4e6339b1d3d8b28b63b03a1f9b053141d0471d45b350be753bec4ad6be80d9ee59e228de2b64c6ff506dc4b16b9c31a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
453a1dcb0ab99bb4471da18e008f8479

SHA1
a9ef02c409d6552f07be688ceef24bb8f2315871

SHA256
a44632476be69e073b342d6bea8cf6e62ada9caf7fc5558247ac5f1e224c20c1

SHA512
15f10901c28cec249fd9d99d19f0d25834d1e740cd83c131bf61c789ec3a1880a1c3b22566bd9ab7a439c320d1803e4f2d69e8ed293d8ee55c0f02bb7f39adf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c11.TMP

Filesize
538B

MD5
e4743d5a18c87d0550476f4611f7a51b

SHA1
d68d0485f1499fa47bef8310a51a47e7619b2255

SHA256
b09ba96d271eed8a4340c336a7be2ce1a7eda386b4fdad620119b621d51c682b

SHA512
0972dad0c6f3705212a4326af26b55d04584418a2f5971e198fc64ecb35f635a66a6125d4a959cd3aa113b2be8a75a98a456f250ca5f33918e723ee54c0a6a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e77416ea1c6ca5bb967e228de815e36a

SHA1
29d3fa011c38040d403861b7f0abe8c9edf9c978

SHA256
3b2031a29d8697f134d18b3088651b6a665ba36f99e0c2298c79fd3a5f97ecfc

SHA512
a2cc94e686afc55d2aa0ade263723ae8aa1d15db9ef938d07c2b4b1eed4c88a08bee0af880f9784eeed8adabc5016d1d8511c3bae22ec4a0e02fecebf6f3097d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0bdecebb800bde17fdce523503c3dd08

SHA1
392ce5418bf2d3fa053b03bbb28c3400eb06f9d5

SHA256
12ae9f47c04b86306128f7ff4d3d47bbee680ed7a2f180580e1b00b625be3526

SHA512
40ec04764830167678e5416ce6fc455a67c4b751b9c8e15c9d13fcceb404365b9f6c0d252c558d1ca6aa5983272f964500ff560fc7601ee5c76c31388db1fef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ce68c10a3bfdc623df9ac53549c5995

SHA1
9d755fae73d1b45eec659e9ec7d2ef06daf1f28c

SHA256
a14fadd5159931ec9ebf50f4bc66aa49bceaf40483bdbdee387459333fa785ff

SHA512
251f9081104e61a492e0979877c1eccfc5d082c74473f6b252fe7008aeb3dd7091bc54415eb8a9231b8c8a9cc2e1e096319caaa8a328a36091e9517921df8b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45be835376a1f1f4b88d21fd1670ed46

SHA1
cbd4df653751aa55920fe3bde92b324fde2e23d0

SHA256
d178b0be3c2cfe46d76c16994e03135c0095dda7f7beb4103b7d5a101c350678

SHA512
862f5d13d5576c30a6c9784b6df3cb6309e0f234d9831c6de2d1ed4a9b7d8306b0781d440ac59f39b57fa3fa7cc25a3eb49264acb16103092f4ebef8deba68bd

Download Submit
C:\Users\Admin\Downloads\NotAVirus_v1600.zip

Filesize
209KB

MD5
3d217eb384a6a77373654da57884d019

SHA1
923e8fc1a80b33709466e9cb9334bff4dc9d90c2

SHA256
456ab7bac5d5d632925a18e247ea50e4f668577fc4ea4d1f28d52e57b355efc1

SHA512
7f93dc1ffe1ba0182514ad2137a74f4f2932a517c1e36dc0317466974b3779aa34f09fa8d1c73fd88c2ec9d08e8d382d8a9fd1aece01bf0d1c2e296c65ddd11a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 57002.crdownload

Filesize
14.1MB

MD5
b5e919f015a4e70e4b2c05c1333b2574

SHA1
f56c91d16ad1936e62edf1cd15754fe0e30cc37d

SHA256
6a031f760a3858080e17ab3fed6eefc263679792989da35d70eee83674e022c7

SHA512
98566c74d25a63444fa6fa6c46b666c780361f81232ab971daf6731729c78b5c552135741ba468a47f6e6db34422671d4d78cce83df02926b52ac557fcb786f0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 926265.crdownload

Filesize
14.4MB

MD5
a8b71508a0de1f57c0260d9d43f37dcd

SHA1
88925225803e6d32625b42907d0d9bda9e8cd0d3

SHA256
cf4145246235311c8f4d003e0da6beb75d6d44bb8d79c6337500897eadee3d8e

SHA512
ebaf0a636c9ab971c52278c4c83b4601ff6b12aa404fc6b48f84124cb157f27c1216bd6cc634f371e1ff38784c6497b581c98146b319ed65ac31f46855d46f87

Download Submit
memory/876-2-0x0000022400000000-0x0000022400270000-memory.dmp

Filesize
2.4MB

Download
memory/876-11-0x0000022476B20000-0x0000022476B21000-memory.dmp

Filesize
4KB

Download
memory/876-12-0x0000022400000000-0x0000022400270000-memory.dmp

Filesize
2.4MB

Download
memory/1416-1558-0x0000000000820000-0x000000000083E000-memory.dmp

Filesize
120KB

Download
memory/2724-1543-0x0000000000500000-0x000000000051E000-memory.dmp

Filesize
120KB

Download
memory/2916-793-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-786-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-796-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-791-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-797-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-785-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-795-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-792-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-787-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/2916-794-0x0000016F9AE30000-0x0000016F9AE31000-memory.dmp

Filesize
4KB

Download
memory/4488-832-0x0000000000400000-0x0000000001097000-memory.dmp

Filesize
12.6MB

Download
memory/4488-830-0x0000000000400000-0x0000000001097000-memory.dmp

Filesize
12.6MB

Download
memory/5332-1556-0x00000000003B0000-0x00000000003CE000-memory.dmp

Filesize
120KB

Download
memory/6060-1554-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download