hxxp://noescape[.]exe

max time kernel
1006s
max time network
1050s
platform
windows11-21h2_x64
resource
win11-20250211-en
resource tags

arch:x64arch:x86image:win11-20250211-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2025 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://noescape.exe

Score

9^/10

defense_evasion discovery execution exploit motw persistence phishing privilege_escalation themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5308	powershell.exe
3204	powershell.exe
5704	powershell.exe
1464	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Downloads MZ/PE file 4 IoCs

flow	pid	Process
159	4052	Process not Found
519	1968	msedge.exe
733	1968	msedge.exe
733	1968	msedge.exe

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2006\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2011\FuncName = "WVTAsn1SealingSignatureAttributeDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\FuncName = "EncodeRecipientID"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Encode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverCleanupPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETCAPS\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs

exploit

pid	Process
1216	takeown.exe
2188	icacls.exe
3548	takeown.exe
5608	icacls.exe
4928	icacls.exe
3784	takeown.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 20 IoCs

pid	Process
5464	BootstrapperNew.exe
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
4756	LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe
1224	LDPlayer.exe
5696	BootstrapperNew (1).exe
1360	dnrepairer.exe
5388	dismhost.exe
5664	Ld9BoxSVC.exe
4952	Solara.exe
4756	driverconfig.exe
6240	dnplayer.exe
6864	Ld9BoxSVC.exe
7116	vbox-img.exe
6212	vbox-img.exe
6444	vbox-img.exe
6784	Ld9BoxHeadless.exe
6972	Ld9BoxHeadless.exe
6196	Ld9BoxHeadless.exe
2092	Ld9BoxHeadless.exe
6416	Ld9BoxHeadless.exe

Loads dropped DLL 64 IoCs

pid	Process
1360	dnrepairer.exe
1360	dnrepairer.exe
1360	dnrepairer.exe
1360	dnrepairer.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5388	dismhost.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5664	Ld9BoxSVC.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
5464	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
3312	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
4832	regsvr32.exe
5080	regsvr32.exe
5080	regsvr32.exe
5080	regsvr32.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2188	icacls.exe
3548	takeown.exe
5608	icacls.exe
4928	icacls.exe
3784	takeown.exe
1216	takeown.exe

Themida packer 11 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4952-4881-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-4883-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-4882-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-4880-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-4914-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-4975-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-5196-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-5429-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-5457-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-5892-0x0000000180000000-0x0000000181111000-memory.dmp	themida
behavioral1/memory/4952-6066-0x0000000180000000-0x0000000181111000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	LDPlayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
999	pastebin.com
1000	pastebin.com
1061	discord.com
1073	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
430	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	1968	msedge.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4952	Solara.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-interlocked-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-locale-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\dasync.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\libssl-1_1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\msvcp100.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-debug-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPInstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPLoggerCtl.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxRT.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-convert-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_V2_utils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetLwfUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDDU.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstPDMAsyncCompletion.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxAuthSimple.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libeay32.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\UICommon.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-synch-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-localization-l1-2-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-1.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxDDR0.r0	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-conio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\host_manager2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-environment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x64.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedClipboard.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxBugReport.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxProxyStubLegacy.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-multibyte-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\concrt140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender2.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxVMM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\EGL.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxNetFltNobj.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qwindows.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5PrintSupport.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Qt5Widgets.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processenvironment-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.inf	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxExtPackHelperApp.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ucrtbase.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSVC.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\msvcp120.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\host_manager.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\comregister.cmd	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxInstallHelper.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\platforms\qoffscreen.dll	dnrepairer.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5136	sc.exe
4204	sc.exe
6076	sc.exe
4928	sc.exe
5020	sc.exe
6608	sc.exe
6664	sc.exe
6816	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnrepairer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	driverconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dnplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dism.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sc.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1812	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2417498994-1216132997-487892065-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2417498994-1216132997-487892065-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2417498994-1216132997-487892065-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6989-4002-80CF-3607F377D40C}\ = "IUSBProxyBackend"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}\ = "ICertificate"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-057D-4391-B928-F14B06B710C5}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ = "IGuestMultiTouchEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ = "IEmulatedUSB"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ = "IGuestFileEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89}\NumMethods\ = "31"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D545-44AA-8013-181B8C288554}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\ProgId\ = "VirtualBox.VirtualBoxClient.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426c-a41f-522e8f537fa0}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ = "INATNetworkCreationDeletionEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ = "IUSBDeviceFilter"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9070-4F9C-B0D5-53054496DBE0}\NumMethods\ = "18"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-80E1-4A8A-93A1-67C5F92A838A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ = "IInternalMachineControl"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\ = "IGuestFileStateChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00C2-4484-0077-C057003D9C90}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\ = "IShowWindowEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\USER\S-1-5-21-2417498994-1216132997-487892065-1000_Classes\AppID	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7193-426C-A41F-522E8F537FA0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B45C-48AE-8B36-D35E83D207AA}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486E-472F-481B-969746AF2480}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Ld9BoxSVC.exe	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-07DA-41EC-AC4A-3DD99DB35594}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods\ = "14"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4453-4F3E-C9B8-5686939C80B6}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1}\NumMethods	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\ = "ICPUChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E191-400B-840E-970F3DAD7296}\NumMethods	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0979-486C-BAA1-3ABB144DC82D}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-799A-4489-86CD-FE8E45B2FF8E}\TypeLib	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1207-4179-94CF-CA250036308F}\ = "IGuestFileOffsetChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C380-4510-BC7C-19314A7352F1}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe

NTFS ADS 11 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 372313.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 107952.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Xeno.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Xeno (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 129047.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 669566.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\JJSploit.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1436	msedge.exe
1436	msedge.exe
2880	msedge.exe
2880	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
5308	powershell.exe
5308	powershell.exe
5308	powershell.exe
5704	powershell.exe
5704	powershell.exe
5704	powershell.exe
2244	msedge.exe
2244	msedge.exe
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
4072	msedge.exe
4072	msedge.exe
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
2040	msedge.exe
2040	msedge.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
3204	powershell.exe
3204	powershell.exe
3204	powershell.exe
1360	dnrepairer.exe
1360	dnrepairer.exe
1464	powershell.exe
1464	powershell.exe
1464	powershell.exe
2976	powershell.exe
2976	powershell.exe
2976	powershell.exe
5664	powershell.exe
5664	powershell.exe
5664	powershell.exe
4864	powershell.exe
4864	powershell.exe
4864	powershell.exe
1224	LDPlayer.exe
1224	LDPlayer.exe
4952	Solara.exe
4952	Solara.exe
4952	Solara.exe
4952	Solara.exe
4952	Solara.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6240	dnplayer.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5308	powershell.exe
Token: SeDebugPrivilege	5704	powershell.exe
Token: SeDebugPrivilege	5464	BootstrapperNew.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe
Token: SeDebugPrivilege	1224	LDPlayer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
6240	dnplayer.exe
6240	dnplayer.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1960	LDPlayer9_ens_com.roblox.client_25567197_ld.exe
4756	LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe
1224	LDPlayer.exe
1360	dnrepairer.exe
5664	Ld9BoxSVC.exe
4756	driverconfig.exe
6272	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 4000	1436	msedge.exe	83
PID 1436 wrote to memory of 4000	1436	msedge.exe	83
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 3216	1436	msedge.exe	84
PID 1436 wrote to memory of 1968	1436	msedge.exe	85
PID 1436 wrote to memory of 1968	1436	msedge.exe	85
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86
PID 1436 wrote to memory of 3348	1436	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://noescape.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0xe8,0x10c,0x7ff8c7453cb8,0x7ff8c7453cc8,0x7ff8c7453cd8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Suspicious behavior: EnumeratesProcesses
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9212 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8464 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Users\Admin\Downloads\BootstrapperNew.exe
  "C:\Users\Admin\Downloads\BootstrapperNew.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5464
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5308
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9868 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1632 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11544 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11664 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11520 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11640 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11304 /prefetch:1
  2⤵
  PID:3548
- C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe
  "C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1960
- - C:\LDPlayer\LDPlayer9\LDPlayer.exe
    "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\LDPlayer\LDPlayer9\dnrepairer.exe
      "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=655914
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Windows\SysWOW64\net.exe
        
        "net" start cryptsvc
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Softpub.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:6076
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Wintrust.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:832
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32" Initpki.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" dssenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5600
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" rsaenh.dll /s
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5660
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" cryptdlg.dll /s
        5⤵
        Manipulates Digital Signatures
        System Location Discovery: System Language Discovery
        
        PID:1300
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:1216
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:2188
    - - C:\Windows\SysWOW64\takeown.exe
        
        "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:3548
    - - C:\Windows\SysWOW64\icacls.exe
        
        "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        System Location Discovery: System Language Discovery
        
        PID:5608
    - - C:\Windows\SysWOW64\dism.exe
        
        C:\Windows\system32\dism.exe /Online /English /Get-Features
        5⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\3850B7F6-0CFD-48A5-862D-31AA0B689E56\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\3850B7F6-0CFD-48A5-862D-31AA0B689E56\dismhost.exe {F37A03A2-64FD-4661-B9D3-7B84797594F8}
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:5388
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query HvHost
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:5136
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmms
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:4204
    - - C:\Windows\SysWOW64\sc.exe
        
        sc query vmcompute
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:6076
    - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
        
        "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:5664
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
        5⤵
        Loads dropped DLL
        
        PID:5464
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3312
    - - C:\Windows\SYSTEM32\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:4832
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5080
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:4928
    - - C:\Windows\SysWOW64\sc.exe
        
        "C:\Windows\system32\sc" start Ld9BoxSup
        5⤵
        Launches sc.exe
        System Location Discovery: System Language Discovery
        
        PID:5020
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2976
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5664
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:4864
  - - C:\LDPlayer\LDPlayer9\driverconfig.exe
      "C:\LDPlayer\LDPlayer9\driverconfig.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4756
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:3784
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
    3⤵
    PID:3448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0xfc,0x128,0x100,0x12c,0x7ff8c7453cb8,0x7ff8c7453cc8,0x7ff8c7453cd8
      4⤵
      PID:6156
- - C:\LDPlayer\LDPlayer9\dnplayer.exe
    "C:\LDPlayer\LDPlayer9\dnplayer.exe" downloadpackage=com.roblox.client|package=com.roblox.client
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SendNotifyMessage
    PID:6240
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:6608
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:6664
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      System Location Discovery: System Language Discovery
      PID:6816
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
      4⤵
      Executes dropped EXE
      PID:7116
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
      4⤵
      Executes dropped EXE
      PID:6212
  - - C:\Program Files\ldplayer9box\vbox-img.exe
      "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
      4⤵
      Executes dropped EXE
      PID:6444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html
      4⤵
      PID:6328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c7453cb8,0x7ff8c7453cc8,0x7ff8c7453cd8
        5⤵
        
        PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11452 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11336 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11712 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11404 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11492 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11596 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Users\Admin\Downloads\LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe
  "C:\Users\Admin\Downloads\LDPlayer9_ens_com.scaryroblox.doors_25567197_ld.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11680 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11748 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10808 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10472 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11440 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Users\Admin\Downloads\BootstrapperNew (1).exe
  "C:\Users\Admin\Downloads\BootstrapperNew (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5696
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:3204
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:1464
- - C:\ProgramData\Solara\Solara.exe
    "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\Downloads"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    PID:4952
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=4952.800.2724692748656670920
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      PID:5660
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x180,0x184,0x188,0x15c,0x108,0x7ff8a7a3b078,0x7ff8a7a3b084,0x7ff8a7a3b090
        5⤵
        
        PID:4696
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1704,i,13859752207377924549,9480365778246251061,262144 --variations-seed-version --mojo-platform-channel-handle=1744 /prefetch:2
        5⤵
        
        PID:5728
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1908,i,13859752207377924549,9480365778246251061,262144 --variations-seed-version --mojo-platform-channel-handle=2056 /prefetch:11
        5⤵
        
        PID:4832
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2312,i,13859752207377924549,9480365778246251061,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:13
        5⤵
        
        PID:4520
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3648,i,13859752207377924549,9480365778246251061,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:1
        5⤵
        
        PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10764 /prefetch:8
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10276 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:7912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11276 /prefetch:1
  2⤵
  PID:7196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:7260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:7492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10888 /prefetch:8
  2⤵
  - NTFS ADS
  PID:7584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  - NTFS ADS
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11824 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12100 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9740 /prefetch:1
  2⤵
  PID:7356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:1
  2⤵
  PID:7632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11652 /prefetch:1
  2⤵
  PID:8124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1170959089542675511,16638745158457490093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12060 /prefetch:1
  2⤵
  PID:6828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTFFRUM5NUQtQ0MzMS00NDcyLUI1QjAtMUY4MDZBNUNCRUY0fSIgdXNlcmlkPSJ7Q0M0MkU4NjEtM0M2OS00QUQwLThFNEEtRUMwQzhERjE1RjU2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkU4Q0Y2MTMtMTcxMy00OTNCLUJFMjctQzcxMDcyRUY2OUMxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczOTI4MjMwMiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNzUzNTk3Mjc0MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzMTkyNzYyMzkiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
PID:6508

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Modifies registry class
PID:6864
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6784
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6972
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6196
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
  "C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-0eee-000000000000 --vrde config
  2⤵
  - Executes dropped EXE
  PID:6416

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:6272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7652

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:7208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.3MB

MD5
4a09a9041ad28acee09d28812027d35e

SHA1
1a44f1aa0a3ce1104445f8127d4422335b9f0661

SHA256
0f78a3b67d88cfc86cd2cdc82369f1f2de47229ba7806ab7250a7d6e3b8d67e1

SHA512
81b61c16e93b1b79a3f3c94f955fa14d78c2fb44fac2279603b81cf0d791679ac78d2f86da34b83b414dd854b7658919fc1c932288f0cbf21bba69a9141958a5

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.7MB

MD5
0234860b36d2572826264eb9862f22c4

SHA1
37d7bf02a57b73f8a83276558644d3369c2e2b21

SHA256
d34e996c9426a931de644d9540496ef54bb399c058422cab06bc751ceb69bce7

SHA512
b6057625f03dd5e36f1383f2f6baa94e454fbb86834ea20f47c027a930d9960b889dcca3e147e4049741bcfd252975df9d591728e124dbd6782e2537af4d50aa

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NanumGothicLight.otf

Filesize
314KB

MD5
e2e37d20b47d7ee294b91572f69e323a

SHA1
afb760386f293285f679f9f93086037fc5e09dcc

SHA256
153161ab882db768c70a753af5e8129852b9c9cae5511a23653beb6414d834a2

SHA512
001500f527e2d3c3b404cd66188149c620d45ee6510a1f9902aacc25b51f8213e6654f0c1ecc927d6ff672ffbe7dc044a84ec470a9eb86d2cba2840df7390901

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
e67d6664ae5953338e23576adda5400b

SHA1
2304ca6fd1c7769f973ecbbd49a0d9b90a1f3093

SHA256
5c0d6bddaf4659e63027aa9a3bc519768c6c58c5d155d16ed2c330c7295032df

SHA512
c9c75a80b86dfd15c39e90a930d332603f0922c9a56a2f69e32ee3fd5d43eb12204ed98e8b2230880417cdbef257e6ae29d035bcd29380909e597c7f500dad75

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnGraphiteCache\index

Filesize
256KB

MD5
da33522123b6a6f17f113c2de34f6b3f

SHA1
2add2dee858e178500871edc012483443f8a212b

SHA256
d343aae76397170318e8b6cefbfe5aa98bc04ea6522063d0bd1a9ebd85e82461

SHA512
f228fd7c1cb031fdb9c5a2383bdcaef107bacdcd3969f6eed6b091f57b35cb88c268e847ed3d52ac58374202b4baca6f385551018ae0352e4ebf56b196324700

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State

Filesize
1KB

MD5
dcde74b822cbb13dfeffad185bad7338

SHA1
38db7347357fa47209b677dfbdd020283a5d24df

SHA256
3d47434d410a1edf8bf9d37f68e9a95c8eb5eef6c58b945273583ad22d22aeaa

SHA512
0e2e24c2ac190573fa2bbbc2235c5454de569ec0221e94b7a54f388131a33a2d1c1d30c5d6bfb67df7f4efcafca753c94d6d96b0b4215a4eb2a067aae07670ff

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RFe611135.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
58ecdd08919c9e840761ee605ab8fc84

SHA1
3fb6715fb35d1fab47be6400ecc9ad048b402d18

SHA256
f6ba5d1bfed49fb0a5528a4930287db8102501436935ca8db2bd2cbfd999425a

SHA512
19417903882518b01f1ac5520d17588936487d38badf36b4e2e46407299b53e0bd614d39a0934b4675df19e83e75264a82d303cc75aee377b2f4da69d35ab552

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
6KB

MD5
3af1a6d2e4239b841da3fa890bf83836

SHA1
e1579e77bb1c76595795258066c45d4796825389

SHA256
f5e366cb77e29d104d0b59a14e5639d3ef03bf7ce50a6216aa879a76b4b2dfc6

SHA512
9bc6295b6f55c22dc610d67a43756011f1515bf784964e6c4f6f5880947c0627d3722ed336ca9effccaf5a3ee5260539e6d0cad0544993728c75e8533c921150

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences~RFe610937.TMP

Filesize
6KB

MD5
3b6cde72da08146c8f3ad6890a963d91

SHA1
189a5e404e47d1caafff67f7c246cd7c22004025

SHA256
1f9a89c6d60ccde4471f3cf9951b33652885f2d1c535a85c24315e01683e1dcd

SHA512
476bbdf53cbeb75b5f34e8eb0837792b3691b0173b42b18a4c6b212910f977f56d7f589255e74d632096b1be197aad23b7e20d4d8d1c03b10738ace0adf84a35

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
b067f053834957d3be99c47a80ebbd41

SHA1
8388d9e9521b139a8f02f031ebf2906dea4041f2

SHA256
07771069532e4f266e39c51f0d519cfe9990e3f9bce64eabeac627bcd20b01e8

SHA512
f29698a371bb0b8d930d7d37ad459adac20f02550c9db496354dcb90475d0f1b428766448a4cd7c599dbabac1740c4f453cdedec9912d623b487d9ee40a0e345

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
535b3b1230338cc75bb4ecf5bd2251cb

SHA1
8ee89b312bf51cd8d2865267665ea4b6544a6c27

SHA256
5d7ba6fabafdd207b93c046d86c1e5963aba9b7c752dd6d58d565afc75d5cd0c

SHA512
c0d7434874a6aafc64660913eec83c7aebea37de9436fbacc159007eaf89737345f3fcd2f31af95243662014777511b23c3d92642e79aa1318232e61cb480b13

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
f80223e0fb523439b6f95b6de9447e57

SHA1
0e315fc2316e05007635f17608c0e228425a52e4

SHA256
123ad0c27240bb347ba563e55d994155c6e95cc8a7ac42071f907c225234d85a

SHA512
498f2cefbbf410d3095bbe2d185e0d698307bcae349490a70fceb445c02585abe9fcc4839797b9b4bb4a2d4d719fd6210024b516698d62e64b5423dfe08fc079

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
a1e3205fc6e88bac24131662dc0e5917

SHA1
c843320b42d63279b171933de893c52e19a5a443

SHA256
53d6de873284b6de00554aaae2c475d41735607c0e44b115515a3d56639bf732

SHA512
1478445ecae8bf0dd9d2e9815f1de432429379e649433d1055429259f16ca3affb9bcba6a716b9316f994678531cf96f4985a4d9cad43439f4ef749400686b56

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
6d04f8d4253ef55928a0c3d11a2ce8b5

SHA1
2ce3bb02e6c84b827c6b399dbe8eea5090c13ea9

SHA256
b8c806d290a118ef6b6ce614b28c70abad5a3322dc62d55b53a73016facb5700

SHA512
8e219af59bde7652af411dd28a08dbfe00999929ed9a7634eca0881402debe3c307f11d68d08f7c57141d68239676202dc79b3278ad71e0a60c3b3d3142d190c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
ae317c229a2c92f9f5c51f374f2a00a9

SHA1
060394dd603f266b95f5f61647ef7b6b7030bd2d

SHA256
f9717c48d55c48cdcbb996c3b7d16873f875ae944f1d030317e6d4289ba077c0

SHA512
437a5331efefedcb4ee3cc739d3a47da4f087c484cffecb0c5873fbac71b255307674b16f7b93b61bb0e1f0d25ecc5045052f71fe7f40256093a99a0a43d087a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe606ab4.TMP

Filesize
1KB

MD5
541a8fa5a2ece6047443d1b184774130

SHA1
a5cbf340bd1b715d4d2d285fb4e47f18ed03533d

SHA256
7991416736653388095092b72893bc4146f1dafbba324da7f6346544870aa760

SHA512
334275eb81f59931444e01b48194a1a62fb5bec83c16b34b24ab5b01ea7d727b763846a00f5533f251b37158ef98c35ea7155ac95a866c811c3bf9761f6cec3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c743f011d7ed53768d6263de076110e3

SHA1
06a2242398c6120019439f767d965dca0b09be9e

SHA256
50a22e70855487f9a451bcd09fb033c0aea8a1f3743821fd99faf0a4eb396813

SHA512
339942620fccb0c49d87f0c99370feeb5cb3aebf60064bf5ab3fddad7f8c3c1330284690b148068fc94e64fc2d9bc9657f5a6d038e1a653f314f5fe0c394f240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601ce2abb603e36824720f68d9572fab

SHA1
9139cb22b081ccba9c548252df3f74678c101cad

SHA256
fad8ae5bf8471db17a344746a32fdfae1b0e457498a25b5129909209506fbfc9

SHA512
17765022996fe81a0ce8e30d60970c19ef6b4df9ca2782063c6a724d70e2a1aad1db4282a7875caafde192dfb17cf495b6b53b71f0967b9411bfd963ba949b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
17KB

MD5
29b8ae1d50ef8543dcebf4e9f53089ef

SHA1
90297279de99683b3903534459bc9962924d79fa

SHA256
2dcbd24e8f78b008251a1a0499c981a79be59fdf154ff9938a28ecb7e64cf12d

SHA512
6de295089b62bd50ff955c2e381be6bb0e59b1f0776946c5d3b5109fffb84ee2a673f49d2d5a56e5600d3b09fd8e9cecbcd0e677234a6f96c1194dd1e1c27c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
138KB

MD5
b4f7bbc649ef9f27df73f62db5b5be6c

SHA1
f443e8c5d688a41be3a742b4ac96f5e6c58f83f0

SHA256
f8932c7d456cb85fac7c27586d27f8d2f32ab338ab63fc7e88be393c99b89273

SHA512
cbeb503edb8464146e510cc229b98ae2459db1f1d7469f0fa8ddc3e76a194000ba941683f855a15b2cce1ed60a001ad9e0b0a22d77fe7f744d62cc3d62c6fd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
103KB

MD5
5b3628224127c88c84a28f6482d5c4c4

SHA1
0a8a2ac08e43ad5dc7832093f88ec0e2f1048e9f

SHA256
0af91e44d8b4a1e8380f0634edceef078f56990fa62e5538e315638208ccf526

SHA512
83b2dea7204f79f9eb11f6f24b187e559a39c5956a02e8a5b361820ee52ed4bc3c0c51e787ab40b28d4fd2743fca7b899225397a38ed900753e4df82c8e91639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
33KB

MD5
082f901e26e3347111d9beab3ea6702b

SHA1
f8222b65accd38f09bc7ae0164a78819203ba605

SHA256
4888f907a9cd617dc04c434b85b1291c16db893fec9e3bcc973da28c59a286a5

SHA512
6d782a9761f6d3282b724fda1a9f0adba35c8e5a075c438c1e855c9916e7c121ff7340217165f82526191693639545b890ef21ff16619a4b460cd41e5383fce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
92KB

MD5
c6b8002e47f14f9243db833a99098018

SHA1
3956acc50d1d9101cbafcdb52c7910aedd63f726

SHA256
174049f533672cb26d7974bb967aedccf1e31b7b439fd324adfa01b407ed0b1e

SHA512
747bdcebf036088581ed0a339f97187da044318a9d2cebe861d09eee6465bba1cb294b8a7a1f71ecc43484798802f942fe3c32b05d1c7a621e133acc037e4014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
159KB

MD5
152f20b2946cb3a4c34c1ed661770c63

SHA1
f1530548f33ede5d29b8229253828a39c7594bbe

SHA256
14154f44b94a54ef844dff23ff17ab5e8bd6183527afa7bf8393c18ced94eea3

SHA512
e9966f5af6e925d9f843183d516767571e442b0ab8f76a9262fe53992068208e60fd25fd257e32a36bb34649c6d5500430f7206039fb04d8327a418af6edac09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
16KB

MD5
11825cf6da869d7589201092299231bf

SHA1
b650151674a230700dc66352a0f002ad5db6d195

SHA256
2f315c341e2ff775fceede3d1b5dc2f8124a866a382a2c30b760ac6c2abe7bdd

SHA512
e5902c14769efb05fa457dcaf62d4b0d126cf3b71aa9be596e3609e1b63f83d6bc2ab3d1aed9a077a6fbec3e7f6a633b3d0b1a8b77d7d0161af60ed7d260a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
20KB

MD5
6f6b9cdb9b79f863475e3dc576c8c022

SHA1
969e8ac905f7c2a6553b7f38031fa6271507a27f

SHA256
5920e25c1597e075310a012bad1f61ad6f7176594657a9f254af88f7dee25481

SHA512
542fb16da060a74e51398934bef1d79d26bf4b2b7b0a1de28d3527101ee6321111ce59ea39a88094eb8fb622c5aa7b42efec5f4ca76eec6eefe9ae88d238ef8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
21KB

MD5
7bddce006e1ac9c28bf876ace21f9cbb

SHA1
6034ea82841867e3ce069dcc0b5ba0b2ca8507d6

SHA256
f430779aa7d95d3bcae22ef9e772f59c4e972fba236e062dcefea8eef0b07254

SHA512
c7ec8d9457dd95a8d29005844559ee04fd13680aaa866e50eae36cb4ff095dbc8873cd49b5578b25821c4958052c2504679b9d09635d787469c372fa5867047c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
73KB

MD5
e79dfaea912b0aab335b131326bd9eec

SHA1
c45ce0e373701f4b746264001cc2f9b30d73845c

SHA256
a50cd5ead176cca6c9fc98b3676daf43e79f02652b23ff1f8bfb9201db12d526

SHA512
1908ad5ec940cc5bbc0bc0c1980ff2fea07d3357d279ebb1d1620a13b06d3f6cd639fa4c00039e9d32ff8d4ba08afe1cbdc61fa170034793e39258520b15098c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
51KB

MD5
f8f00f271089d2cc79d0461c9cc14903

SHA1
9df1951852a869f97f0081e8fad0c8ee487c770b

SHA256
db01af1868776805277b30e6957583ec8b024b8fcc59bf00558d360a734e2d3a

SHA512
86c44ce50ddf9bd49814b3d238444ff1ca028c6a2fb490062f893c53c62d8abc02ea5a30c9b85f006f889c6f4a0a3fc98ae6bebd7893c59403979b5f67fda76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
71KB

MD5
e8402777eb0df82da4badc98dcf55788

SHA1
274d2e719727c33948f928894a6d363ff7828569

SHA256
1ecac37b9631d430fbd26128a1e72b6cb79f3690e641134fcef3a886fcbc91b3

SHA512
3103656b16e7656c507957531b687f8763557af44df07da750c280571448c04e764358b1d864342eace78a173232d7ee853d29448837e94e1facd97b88612efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
28KB

MD5
127002092616e052f1950014bc24d00a

SHA1
68f9259fe6bd073a891552ff4f6401640a60a702

SHA256
c60ad690958707fdc0108a0e352132c944e67a90fa7f0581a79b725582b92b3b

SHA512
f39c0358054fb44329cac15e69b4e689e4447fe8bf92e95b1c6cd697c35f2c8da44eea26a623df19f55dedac5fe799e39aede171be7d6d9c344f559263793667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
155KB

MD5
d1d21ad8d240da7d8abd118f5ac24188

SHA1
56140e06d6caa322ad4fda5d614b16cb87a8a623

SHA256
1062c7bd8bd4c3e4da5268543ec94dab8d37906605cf5165c3a880bb95c7dcf2

SHA512
c34faa670420b65c7fb3ab867d6daf96e2352fbcbc39a8d962d9d9561adfaafe7819c5bc039d50a275cb5d21e16c6a052c0447b82c51b767d2117a79724eaeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
92KB

MD5
debac04b4abc03f9f34870ffb37153c1

SHA1
142f16744ec84903a72e945f6e47b56f5b3d6558

SHA256
e416bd979fa935ba5a94f2832b18ec83a9ac04af2f18d71e54607cb40de72e35

SHA512
df711f8e048df05fbc0adf8a600086db36185a4cdec166cc645a2854876d326f0f24d73066413f5516b84ff5038ca666f06dc62feabcca6afd97b2ab015f0654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
97KB

MD5
d588f2f3a7d62b0f7d0b30bcf6df81a8

SHA1
56f223455a88d5a5b069f1723922e3ea8ac63455

SHA256
acf5269bd7c541af072f1b92c9626383dee8ce2ba25c10c4ad0bbdd961818302

SHA512
1b5a7effbe8748ed9f58d491d3b7509e9aa5885e4665a5faab9219eb79841070781f6f97f36f98af66926af0b2c421b994a56286e8215053dbd3a54d2bf173d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
90KB

MD5
6a3d68dabf3e135711d1111c6feb171f

SHA1
3afb0c58779924ba6777037214336dba5c38a102

SHA256
f0362252fbd78f76906b902a68b4fb7a4a283cd8a62317effdebff97660eabe5

SHA512
f842e1f5feb7c161a04f2551bad56ef20f97de9dce9de1dae6673cbbb1d5d6e768b670aea91f9fd2902714c3dfb5477bc19eec16cf6dcd9ea5fb2a381866d71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
29KB

MD5
9c26698ed040653f1282b4534e2f834c

SHA1
cc13aa55f2d99a79e75c1082f4ee4631a6df283f

SHA256
f98ec49fef4848e239881709f432d4f8cd1cc2e7d63fe88036f4f369aac7fc75

SHA512
d187b5198c5ec37cd4e0c61e5299f64d7e9fdebf76744fff794e440ae7fa0f310afb44437185f6aca05d35edf59a9d7b9e65304d893ce81011b01c17a6cda406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
20KB

MD5
9af53593ac821c8b20421a5574fdff7f

SHA1
6b05985d8230ff42aa7c4d66bfe1416d146f9c71

SHA256
98aaa2c3b51752bac0d4748b5999b880653cfbc6cf0e106c88e052b4b5ca02e3

SHA512
cc896367613665eace280f2edf6e5c5a883a4302db485b6829a63a46abbbdef26febd026b9964a5c05b3b947c6490a3b9c6cf1f9411fac1f9d3d926f4f63309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
49KB

MD5
5a142098933d86a2f3e0da797e729bff

SHA1
d800418a307ff639923de26e27ded82b65461159

SHA256
f598af64e0e01f21fb872d24660041ea32db165912205d93b53168fd80525028

SHA512
ff71575a99d3885d6dc1226559bb91bb0f345e242a6105a1b6a0b5ab6f304208350c39fa6add3aaf05d599c36873cf6a246a5723a56b46c5de2413efeac88a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
52KB

MD5
93f749fccbf3364cc24cf7abeaa4f4d6

SHA1
2484993fe8593282ff00856dfa9a74b7fa9b51bf

SHA256
adebd8242264fa185f16328e79674e96a9e06c7087a956e079b6cb5cba030724

SHA512
77f5205f14695eb36a84180f9054fd935684371ddf1c13a41a1e9e1b65db2872b6ac926c5df807382d034a1f007bf28af2dcf951490c9bb3d2b1f7cf9402cbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
31KB

MD5
996e8507f93e43e37d384c327f27345d

SHA1
510109b62bfbb78e6794ec59e2ecac56e7dc6482

SHA256
8dab6179250da15ece19583f1df1cc6ca2711b239f17931a423997d79f802673

SHA512
76299905731ca85ba5dcac0735fe5f25b7160b291fb2b0ffa418450af01b525161eb23087bb19fe0817cc6eb7fb3ce12556aac2c28114e44edaeb78306e2c214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
96KB

MD5
709b742eb31aba651af1126890baa2fa

SHA1
4d4c55785861e468fdf734060e4087de1748367e

SHA256
be1707933e8d49053a3546de9a7e0a72caa4cb55b559919f93c0dca042d14bf4

SHA512
84915b18f718b2caa2b46331e73b9f44be119e4b95e357c8202b83bf936faa5ae5659d07e6e4a439aec65585189dc3378b4a3e7072919833da984de2a953ffa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
128KB

MD5
dfe165619c5d4a7146a674913ad93b32

SHA1
8754596c52f65d057379d63bc24b2e5d81d06f9f

SHA256
c4d1bba64e62f03403a49eed96e176c3c5006145691a0591d6567c0105199521

SHA512
48a44f5b7a0f53b4bc940ca4e0aa74bd48feef544bf81b51e281456582dfe14abf62a7282463b79f2df613eab88e15f57371fd56cbc66cc97b7d0abbd3e0bc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
51KB

MD5
a3cb0654f4364dc1cfea7af0d9a82792

SHA1
fc14f9bcb03f85d442fe7be2d76ef15a9ff9abb4

SHA256
56fab426dd72d462cc2c788221a0901197d2e7e3f378cfebb15647b90f4f07c2

SHA512
817a038a500a47cad3027b4df815a15aec6077bb04d2119deb96b75b910d47025c20829a0ca7154715df522dec9a406a78cb3ff8b966e6d9fd7bbb793ede5bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
67KB

MD5
d4f8932b6be0a05823c7dbe8910fc079

SHA1
ed2bb7fde38e7c07abc9b9060b3ce9a26dbee50b

SHA256
68e5a165795d9dab9392d9f48fb1272d29f27f304f378bf22eea733e70cf900b

SHA512
a79c5b9ef09447e8da5326c59c85b119e692742ba872172f360902a05d342e09e5279015eea38f28a107fc0721c4bdf8b2abf7a0de017b1e2763e7b92fd9e2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
62KB

MD5
022b25708e11ee781f8ba58697c9a134

SHA1
8ce2e1690491fbd3a07696fd55666c2ad6300322

SHA256
fcf8adcd7503ab0bbc1efb75432802c3a1854e67ad20bd83b9c4dac5934050b8

SHA512
651776c099c37ca0d1e7468fb8f25da631fb87a9ebea29d8a53279b984140a1977d54b9c282dc026d09775cf30879761af83cb94484b58d069edb9cbe085961b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
31KB

MD5
e997979733c0c7fafe4251d7679ed8a2

SHA1
72694fbcf563352d1eb7ecd0cbf529b61da9b547

SHA256
765302a9be1402d967aa723eb5c1af44c5d9bb13859ce4ee9192899d7b70a607

SHA512
e9d6007d780d5565407a48028e29ca5b1a814bdb329303f0cf17a386aeb42a89d00fdf0c502cd06122cd7ac9d16e54d967a4dd0c6020b44258c99d2eeb2f83b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
74KB

MD5
8850c7f64aae19efd7b76e7ff6e0915f

SHA1
8a6638e9691a9551781560218002d61a0cd7df95

SHA256
5088125a53296f4166b3e65686763f0848d10d5496e316084e2c50cddca009b0

SHA512
b0190e5c90d260edfa822da8037184555dfea3d233c7d257f03500f9ab38045ce231f0920555e5e516b9fdaf2e504cdfef1bcb1265608aa6946452d854bb1458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
61KB

MD5
5d9dffef7e281521954b2d39c0ba2a75

SHA1
ada9b86d96091ea48841aa2e36e6ad486af44e52

SHA256
dc0c204a324b468a38c68d13bf4db9185f5d2c48f00a8a815a5cd244b125161c

SHA512
69dbd4ef34f7ef1c944a933bdaa0773f596bd5524cf64911d6bfd255a770e545ee9a0417a4bf710c607aaa9f1966b5392175835f8e95d5e071040c2da928e5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
19KB

MD5
39a9944f2223b02604f34644bb8d1c52

SHA1
ee4d562a30425519ad6d566c6bb84fe2c7137135

SHA256
45ba8586b548ed97173610384cb3a3e5ed79cec85baeda5efa73915f284e7bcd

SHA512
bbb0a5876c6778c6e33357a81aee75b4c1828c15b99e181cca83e38296fa6fe97668592d961b49c1b6b7b3bcb632ce27e87a31fdd81983fd3f67ab88d42dbffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
20KB

MD5
cc287179850a7594f2dda3a212d9dfc4

SHA1
93c459a77e7634a16979bf6d642a3b20d0fcfc32

SHA256
579fdd4b805babb0b79644f226dbb609dcfd8c1cbc801abf3a139fa7c0c09232

SHA512
ac6925d8f281dacc403fe5049a58f5de81c2eac3dd4124b7672ffbff357dc8986b140e50c0ede267c4c207cda56feb8b8472c5f73604d8596538e87691849f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
135KB

MD5
82271f503b21f5096bb45a962b5ca5e5

SHA1
6f384b3ed9f3312bf8bd6359882a9d717b25326a

SHA256
841289cbe0d5b1da81f849c9e1556ec64f0cd8a6eac412d32292bd5854f1a217

SHA512
ea2bf8c03271c3d99ff3cebc909fb0744312f8795656ad9f781f1385b68df41f8d31b71229f37cb021a8763551fcd5d417cdbea94b144f0639635f61ff30d3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
78KB

MD5
b4bfe8104bef3db7710a0d3753b5288a

SHA1
bc95f16ad002a95f87adc5f4136aa9cf3d2a1475

SHA256
6c2417f89afd72aff22e560eac774f8fc6ed9ed6c3210ba7049e55f65af9b467

SHA512
34500356e752cc1b937cb833669218b705878bcbc7cb55363fe64127e281e58a353d6586698773613908ef7999dc59d1c3aae2ffc646c45df9292e468a56730c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
52KB

MD5
efdb2eebef2ff8528f503ea8e6a93361

SHA1
ed9eaed4113f9fc51bbe762db633299aea2c66ef

SHA256
bf9dfb43c5fa8712ff1f5c1c3bf60b745ff7339662e36234fe73474d9bb5e55d

SHA512
164c8600f99b8e05938bfb3487909341eba80b8ab70caf44fda6ff07d963069bbbcd27cec9eb2e4a37656b195bcc890d0ad2f127710c6d8042d9da5334d7c523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
31KB

MD5
9e767ea9d697140edd3e0936172278fb

SHA1
ace402d481a0a84a44c4ab74806a3abb8114fdd4

SHA256
005de2a090ef25fb2f910f51414afddd480e61eaecdfbfe61b3a06e51b392782

SHA512
6fd516ca4ba8125851949507e0667a6d7cf6edc0c18b111187427ee1a2c41bad70928ee09cd7556e70769c32b5febeb0b0d5b45b8f951655adb2d4d445600836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
142KB

MD5
7c5353a6c11bee0021011df740e09847

SHA1
07364ea4651b6a33cc95b4c5feb398597b0441b2

SHA256
7af1e813383cfd78d32b894fc1e2391c080ed317bbac8b626c95d013fbd50a0a

SHA512
f427ccdfb84e5c2e7305277900c09f1a209868bc57f80c228ab836462ec1fcbc0418dafd5e01e3203086cb6ae950196202a70b771f243264a9972c9db542a7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
20KB

MD5
65b0e2da6b7a8801b1cc32270417328e

SHA1
d248a83f39dc8bd04ca68caed0e2a1a286e28ece

SHA256
6575105bc00c1ca683016d16be006da47cd0866a1386c5596f94bbef7095ea01

SHA512
a300e7eb4e3ae30c52adcf44959bdda2e1abf0ae6ea6a61761324f6b87a15bdf8ca03a979d8057bcaac1dc8dd133c84d673ee3833b9fa5b083209be21d714c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
59KB

MD5
bf01d3208711148b9fa2cb8d3572c5d2

SHA1
e417877c32b43a3458feb344eb2a2befb233b0c6

SHA256
d845cbe79819a4724b563c6f6379948c02e9e99e2c7398698b43a4346de3a557

SHA512
881c8fcda69d9dec19911525fdca6dfef826541b0b81479783c17163ca0b1ed7fe11b0eb9552632fbf3d7df8623d35d34cce253b9900221fa078315d94913fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
20KB

MD5
d683de08b588c2b6f686284c29a3fbc2

SHA1
04f9ce99a90e252a433779d38f89d354434b38ba

SHA256
2039f59dd9651c2b361d1c166d91f2a2a3c9e724b21f4fc64b99206a111f878f

SHA512
5d4ef49285fb74ccab9817d0127a91aaf1aa3e1975551295f5b604b06b7d0cf9d49a20bbef5fc65adb0edf00ff7d7cdb6594a235e1300768986d2dec99cd0ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a

Filesize
21KB

MD5
9f69c29ae87e4f66a6d4af08393ad5ce

SHA1
6907f618b8ffb57910434b99d0c2cacd826442c9

SHA256
c3f8c3da4430d08cda67d76bb22d139eb22bc7f85fb703e2121163dd2ffac787

SHA512
e9ad138e598e95a4ca6cef01b14ea8459076a9fe6c84b1db4902c8893a499f55323ffd00673971158ed031f725439b07c2165862ee6f8d38a9a0c1cc51e957c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
17KB

MD5
e786d96da47d0720f404e753c216897b

SHA1
ad5037120f26e864e7b10c18a51c47cf11282a7f

SHA256
bf3db29896c76e4f1f7db3f3fb950f77085100fe06779cfa35a014bbc19a6cc3

SHA512
a86f29fb49a364c38543caf54b47a135cc10bbee821fb0752ae3110fcf49f70693659dae85f337c5f93f2af5c1602dfe22f807c14a4b5efae53ff7a1aa39089c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
32KB

MD5
7cc9b78226acb93f406eb1e4e17d4d5a

SHA1
8edf2712deade134ce6bd42fc8ee70eb68891656

SHA256
45afa895ac254a15f8928733b5c07204aee680dfc3f0b3a1e87da9430dd99ef7

SHA512
4dbd56f013826532e5ce24410fce357abeecec07e4d525cea627e911e96842ff0fa3a8848f8695a6476aef4c343601451a69d53e0469eb388e753956f94723cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

Filesize
20KB

MD5
fe2a5ce0f7838ee4005130c9021d6d77

SHA1
0a98f5a331dd05c61bee54971df3f4084cc6f492

SHA256
294b5201e269b926fcd620937692f2c6c94db71519ba86ef53982cf7a7a12308

SHA512
37fa8d9d8b3c6eb925a79ee9ed5653b071130727479272f9593b77354eacfb3f5cdc4391408fa367346a2ec03f062c98adca54ba667bfa77d3791f77518b9776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
20KB

MD5
deec6a78827d9e66ab5f5783469b0959

SHA1
f727caf39d9f8d9967e5826910073f49524455c3

SHA256
b61bc3bf61fca37c5f2273471ed3bd21e2c728d6c4e323e1d3f5910688cbc6f6

SHA512
a94a090ca796dc2ac3cfb034f56140dfce38eabb81d94148b9b50f550672b3e30dba90e8258d4a754fc9c256354ee7e1595cea4ef5225eb0a79ce2bd2c69fb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4

Filesize
27KB

MD5
81e776d4d71f3de9d8e56ae047b0bb61

SHA1
b51e4206d7f7770db1ad50053eb63a00d8ecabb9

SHA256
99bf4add4d34a204a707908c28aefcfb3d037161e16d0041d02e2f352a1c016a

SHA512
45d58f4142cc84a3024789af4565d15c9a4a6c3ba212249de9eeadd10638ede4429dfeae7fa626f3160f37d3d9cc2bd9125c826d0d84655c79bdf012f4981fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

Filesize
16KB

MD5
79df6f004f8de33ab892280e747bcc94

SHA1
54b16cb70819d8efd7f097cec6a600f70d326268

SHA256
0da64d0e540d3a2ac7962a6e73fcc6db9dd15f1cc069f7f7454c34a1daa72aeb

SHA512
60b245110ed2f8914a10ab4c9fa4fa187028c8022e374ef9e565b9c4cb8633813262192622d52f83ea0e60518203aca9792a6dfe93be2a7672a9522d69f433d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6

Filesize
22KB

MD5
8e20cffc8d6d0c43899d7dd078a18384

SHA1
30e75b0c090b70d5f5b2f1bd3f43a70783632e5e

SHA256
e8ec39b7f4c4fd45b03ea143f094d0b41d71745fa270dfe830d424c77aea86ac

SHA512
4e1c40c43c3a88a181f808d340e27517f6bc16df444df61fd19a22ac60290ca13d1182531e4471e43f80ec460cfa37e20705e7d3a0f7c17f8853517ff087c025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7

Filesize
20KB

MD5
3000e69ac739daa9bc43eb4eb36e79cd

SHA1
83c3038f043832aa0669452a3c77b31f797b3eb6

SHA256
bab87f3f5e3f80ad9da8305d87aa2ccdc3315ef1a6d98a4ae55771801f571851

SHA512
a33aa1545dcef2801258e7e0a9da47c688389aced1fba0b43e3adb8e458c31781fb9206ae2e7bb513ec0c1f1e853fd2b58ab6a22036617eda424875fd46910ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
23KB

MD5
ab0a3b3b9a4633023323c765ff49dafa

SHA1
42f0c8bd63f7d35f9b9a118254eb73a5fbcc5ab9

SHA256
d23f1b338abb5c192b2f066ad47d8d60f01c6b020cfe5c5da63485a43c1e0803

SHA512
fa2b5afc841850d39ddf2df8be817dc3baea1ceec310df962b71205778fb8916b48c5c85397846a19bd27ce03dc04ede6904960e2eb7410df51fed2c333e1e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

Filesize
31KB

MD5
36fb15f2e9812129e7447c6afa15337f

SHA1
d68841a9c724ac17713ae040448f77bbe31221c1

SHA256
bdbc5b9071e1dfb0c291df8aa5d5ad904c2b95c48a44f7aad150ef1c00b8ee5f

SHA512
e09bdcde7c2998407d5e9ebaf91ffc7701b0930e4df33b66243e8cef733252dcfbccf1dbe51ad6863aad877d40c185323d8fc405f0a614a071b09a472caf3d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
27KB

MD5
e275664e6e7e9d1af17263b43155955b

SHA1
2fc611698b9788e7dca99ce700d85d8d28338d90

SHA256
6e1b29ffe6ed8fae8f70f8b10ec35b48ac35f873e4c84f8b898b50ca83c79b06

SHA512
5845ab207d7431000121db7f17e6024a76f60fda4e9067d7833b2613c1fc873bec6547e85fa42f7e27d9d329df8babdfe279b6d807ff23106984dc1c438af870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
25KB

MD5
993a610bbce422fcb12875ebf24931ba

SHA1
16bb17443a38d507a97a23ad3dddfcc42f879a44

SHA256
66e7eb0a25e089f81e215a54201d04d1da0bc82a3d30c04c73f820a60d64e8a3

SHA512
07b143969bcdcabf61acb0905a4643efb5398a5646c282c38476bad8b3882f589595816fe14001362fb34c186aa9f3d08d593c6a92420188116ea7ad8a5b0f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
28KB

MD5
06f79360373faafa37152dfdebfebad2

SHA1
735cce26bfd0bba4c99502474a5d68096a51e289

SHA256
79c048c429341feaa4a89ca8dcf2556c5ad9899e0489456d6263e0c071f0cf90

SHA512
5bc8dc32bfc9ea9ebaf19dc319831e8cd4f0f0daa28a24b4052410188d7428def44bafca0dce868a860e63aa40cced888cfa960196ecda76955cda0d0283aa6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
19KB

MD5
0ff5abd6583ebc0d42e6543651ebb692

SHA1
95d7af51a08795930886109ac0e9cbc4d007ff0e

SHA256
3cb29e14a69305c950b03c90613f8643e3e216fd5632f8369aae00d0ac3c907b

SHA512
4128f4045aee05f82679e67030d922711646f2081b34d772a8c1b3ab2580c6689d48507b77f36bc52d9b1c22df1cb63b004316a0b7db0533278393b9ca2eca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
17KB

MD5
e7a299586e6ff12b3724218af0c524d9

SHA1
ce5d10adf1d07e50bb6a399ead5398cc0e4c5b09

SHA256
a48115e8f4507beecc194e128602f6b76064fae3d8dedaebe6592ffd4e995892

SHA512
62fc3be1f0a2161141d77cf7f679447953ebd80ed1f4999388d37bed16a91198ecfc336f9aa7510d20dfb66f9b9dfa52f256a1e4b82941b31b6dba46872d2eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
142KB

MD5
b1b53111725265ca63088757939ef79d

SHA1
b85a9949cf53c3f8f0989428b21dbfa73c99a217

SHA256
3c1d37057b65b2a60346e8b816095adfcc79b6f84cd224090afb28476a4749c8

SHA512
80b16f0977e61213ac3ae66671ea30378552e756d4f3b7214fabe23d3e926b153d4665ff4d0cebbc15669392abe5e460b64f5a74ddb2a9ad09f74ddf4e7b6ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
19KB

MD5
2dac36036d5b964e1e506b1a2afef629

SHA1
b49d8d8815805b0338bd5022b67f8f42d58927b2

SHA256
c2c7d9af08dc327a51688e836b9d303409bd1d3ed08fefacce30925878a7dabc

SHA512
5138bfe1664c732fd326ed52d2d1a91a2f7467a2d13270621abdd925d0978010f406f611d05b8cbf66adf2b3711daeebde971505b9e3d21e8c68c124542b8fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
52KB

MD5
88bc25162bf25825cd6f9172f1165522

SHA1
dd9a8d46b7a1e17058a3f90f4b7c778488827906

SHA256
c193ac07f78ab062024dc819bfc62cd1d2818c1367e2171b2775890527f307de

SHA512
7dafd6f9584a55b6dc1197892c21928f85e12a0be4c825172e23f5e9608b85fbad52d7a27047366d679c69e200c79a4e0f98811f9da6a5263d7f1d05b74f5697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

Filesize
142KB

MD5
bd13f21eb2e32e1a3c7791022fa5b86b

SHA1
4e3aff68514cfe9a1996356385c1b8b3c32b9625

SHA256
6cbd42a1a320707dea4f6c9b76e7d16707d7983822f9066845ac57fe092b04ae

SHA512
0d4aac31d47b832e0562e18d29b0a581cd280f2d5b57530b00d60e3f2a34c799fd7a91c077fc6f776efa82fa2efb71e30c241ddb39eb8c196e2501a85bf3bb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

Filesize
106KB

MD5
788dc81a13e87c9f6bf67339f117b21e

SHA1
e9a668cb7975f46be153548266bca3e9c1092ad2

SHA256
996fcf9f08004d2e80076b78c8967df66336083849d187f3f76b142221fe0afd

SHA512
fc5e6f5b66f904f5015be8746fc28cce2915f907296c7ac2598153a9b0b2576a5f2cb114489f03f0a67ea8e3e157c57dc319f57407df30c84e5533106e150ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
100KB

MD5
1deb22c487403df8ff80c0e26cfc5e97

SHA1
fd06a25cacd584e26faa7364a0c22717810d1e74

SHA256
c1d8db886e39a4edddd66d07f729065d2619388e064f8f703f083778e47c048e

SHA512
25779b76d2a22c54db88c347bb639c1b38a252e35a2855347a7f54d8969b87801b8407802a5e2589785e3b646e10d8f5cde2653582d91615567d9292a20315d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fa

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014b

Filesize
25KB

MD5
1f42041605835d276fccf9ed196cd43a

SHA1
e165431c1a0f64adb3dd0b73d714526cf4bbbc68

SHA256
8d47542f97841485280f064ae64ee35ee66c43a8017b5ed0c0da4308883eee96

SHA512
26671e4814fd925073d081e0fdf841ff9bcb430c8af56affb917bb0d144c8145defb7a41e0aae91418c2226850d9e810ce34e088f84e7577908c8098db15a767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016b

Filesize
22KB

MD5
baf8dc12d0df9d43ed3c300fc74c8066

SHA1
3b695acc657260f3d84256284e0b91b0315afad8

SHA256
534d6ba8455f4511cc0634d819ee19b35cc771f802dcbab9d2817be0c2a93ad1

SHA512
1acf55c4a8d1d17fd92c2983e3de02d8351acd4bed80217daf97741bc108933920cfe03008e9f105dea18cfc74c383cbd4171aa8ae106c47ce6048930dd55eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\01940f9b4d236405_0

Filesize
277B

MD5
252b43a11a19f662b2c8f613a90b6e79

SHA1
084dae20f68e87176fe0697ea75da48236e7a497

SHA256
39d470e425d7b9bc2b559649959baa823f9491d1f0abf77ed6f12d0ee2a4b859

SHA512
b5a6be44e3c1d69e32670844f845ccf07d6412c69e6c49cbf32cbf99c2df66bdc679d27a6a79b6b9ac20be6ab947b84f006c4a967c85f5c10e445125a8270d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\029379542e0a29df_0

Filesize
14KB

MD5
9a8fe7b8be2217d5c063510c45bb3f43

SHA1
520a650437940ae975a59ab697902872ff893b38

SHA256
890ef229e648acab0afdbeb18dc1bd930a1ebab90948494f41fd2973a714bc08

SHA512
80c76fb3d23c864c55c0bcdaf4567d97ae40ccecf4bf3a47a18c64b216e6e6c2bccdf2add326e1c5e3530a2985ef1406489a63b467973e403891b0798881afc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1add89fd3a4be67b_0

Filesize
273B

MD5
12b3d81442bd461f3ae499071ced9b50

SHA1
e94d2eddb9737888d52bf02a7d39e2da4151fee8

SHA256
7beccd4b339851b75b667ef809485521ebb073b396a726813ffcef6c36259d29

SHA512
866fb663eae8b244be8818bcc141706a54f4ed0a9b9b16975eb44bef0e88ce8624e34ea7769b5dcdf9b13781f896de25f4e655debb9cacf1d5b4265f3bfd58a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e38735e81e4414b_0

Filesize
160KB

MD5
d0ca16c115917cad58a1ee0f318f9bda

SHA1
7b9210e95a6722446cfed3180a6f584914adbf3f

SHA256
ac6bc222968d5f96cd43702c49598d3f4d637cc6906caefe59c255bae5b07942

SHA512
1b8804188e0550aeb998eee93f23b772da5f2ced7efee6ce25c8384bcadcd645d9c745534df9f752c56ead8bde88f33b4ee8ae186dc8550c03b30a705f6f7821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e98da88cbf880d4_0

Filesize
68KB

MD5
a13804ec32e2c3dd968f50e3e9216d28

SHA1
f3cb2e9ed84321c9e3ec97c60b326cd93f2d93de

SHA256
723ddc54913280b775c6a6051ed87b7aa5df090b0829cab3e1077e0e83450587

SHA512
3e3abd1820a0ac9ee388f3323bace51729960f918678db9ffbc5bf50fbbc0218a288a016061510ef0c1c9c494ccb776da5e108b1cd46213a5d76768141538cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\223cddc3fc251c93_0

Filesize
249B

MD5
01811a8053dd60c7b1d06bf3f722520b

SHA1
d82209c370b3c397995c23e3a1b977e792233d9f

SHA256
1dc055fa8fdc3ed91c8013d8ff0e5a24247a477e5f20ad948bdcf5f59caee842

SHA512
72fa0a51c68467732884a1af05a7f4d12a98ffa3ead24120de6cafb4a6a2f0219cf0ecdaaf85b910d7daf09dc90757c31bb6d59038600a010883e4bd25495e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24029b20a1b39be0_0

Filesize
263B

MD5
dec6bccc4683ebc5e815f171d5ea7daa

SHA1
0c59eb8959dd449349cd2de409bd63c488c886f6

SHA256
1611b06cec5b4a02fa03f86eae4b41cf819e1ad383df02a64d5dbba407812007

SHA512
06df74c621ca6751843670dc5558c20f6ad6debbc4841fb3ae4bb909e4f983d42efef0ca079417bb8544a2f35082e0b3fe3221333aa77cc0d9ff1c69ef6ae27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b080cbe57f47394_0

Filesize
23KB

MD5
2f647b417e4b566c63fb0199a08f8134

SHA1
08b32165949d5c74f37089ffe9064b35ff6095f7

SHA256
5fbe669673fec7f37dcfb934e3d62781b910467681ff0e2d10b0605be6bf4e8c

SHA512
3a38825d134ceb1bc13b8905011d4ddcb951a753f0b94dee46f87da5c66f77c94ab5bbfba16ec0062b6ce9d8d4f5fe496bf92775517f52b7426b5fd8dcd1c5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\380e0187e4b6ae35_0

Filesize
105KB

MD5
a0edbf3956e30f543cc3429dd411c390

SHA1
7c3f3ad94b8ca270a86f597a154ce58b55e303fd

SHA256
26ef04ed4f72b8ba0866d771fb7e4efbbc90c0c3eba41865de63d032522abf76

SHA512
09dc1a2ffe66afca49b21d993c11be07fbc08446a860e17fca3e441f562615ad02c579d783d20de971a021fc8b520fc3000be23573017374e2ddc86619bdc7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c4a16ec54a1bece_0

Filesize
55KB

MD5
a213964ea8bd7bcf0f23e0b5cd6d9d0d

SHA1
154d2ac6c2795876471228b7e45289f6424cf4b6

SHA256
ba10d4d87ce3ac3028bfafe48a357e7e2299d1a2fdafaddbc8ab6ab9988d328b

SHA512
46a062f8c2b988096e77152395a5816e819754e7c8e9d388e612dd9b0338e1af4e3f9015c3632809008b0085daab926847d38fe12098c385cc3ca5076984278b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ce96bde8c7a0844_0

Filesize
337B

MD5
d9866bf95bf48b820018c25c7354bc11

SHA1
7ccf740dbffacc4a77efafd178f5cbd56e06ca46

SHA256
46ef5c1f36e37d37f07fb2441927019686330fbc661e252af806187b50592861

SHA512
483308fa73c747d859ca4f51cb2c54f551214dc8793760ed10160dab7e95a84ad9009a89d09d24e8bc07a2a70d16685b75a27c8970286ab7e5ac524a88c59576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f413480bbcfe358_0

Filesize
271KB

MD5
96cab6bd34661490fa1efb7aef47c226

SHA1
9469fc05dabe53d07edbca6cc656b779662b8e5d

SHA256
86bb9cda0f97d4fc47e279371bc7b5b3cd83f2e18206bccf869a89635fda5e6b

SHA512
75e10c5dd8d14d66b5564ccf537926cc664d95e592b57a68494ec4f644ff7f860c8d482a96b7dc5fbf2184b4c3fa2f372f8a0e0ee11cc6a08c94cffdfef37c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53b92fbc4d68952f_0

Filesize
270B

MD5
456c6057c6bb89c09bf27509b24c95d1

SHA1
62f2eb1626ea62736386b5aacea3da6467cf0c56

SHA256
4067dfe0e257a794a4cd7ddfeeea70314977a9ad3c1afcec591a96b671518755

SHA512
a4480a8085b6046a72391f18ec038cd44a1cfc12ad246bb6c448063b3dc293999cd374ff3d76eaae73706b61af0214c4eca7fe81424ab88c939fa42e2cf665b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53f9529b9dc74ec9_0

Filesize
309KB

MD5
09586a7b29c7e086d3cbba9fbbb90a08

SHA1
baf5554dce3964cee506ff0596515b5ba72d2a12

SHA256
8c3c04db96c0c786951dd1c46b71032ea623c7ff9bdb10cadaefecb2ced74329

SHA512
6953cf7fe7b9351ea956faf4e8a02b254edc286a30dcc89751084fb11cbe7f20400524096c21cac6e7772259e7eaf486da9e63d1aabf9cee16ada33e5d56671f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54aea4afeee7ffde_0

Filesize
267B

MD5
3d5f14543b736eabd981bfd5d585734a

SHA1
a83f31afe9686b290bdb240238ab87eb48cd06c3

SHA256
7b364ae1b38a4dc3b45b6eaca5acff561b53bbc372d3d26ec223548a14b03c3c

SHA512
a0180a60356eca16cd78670bb2dafa2c838c1cebbd5c3ef1f2aba97209c55b817db0a89b7bfb5fb3b4d53c2ed641630b0b037aca5fc31f28de2cbcfdacfea347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\601e0af1d16be777_0

Filesize
64KB

MD5
f2bd9fc4cfa1048bdd277b0cd26edc5a

SHA1
75dd9ee130e000756ffd7029af74d38a8953a1d6

SHA256
c48c7a0e69f7d5fd5ec7aed589ac579a4e225011890434abd194bd0a56dce09f

SHA512
2008bccb4a883949b5240725101c6b5e2866bf4d2eaa33d2bdab2ec86ee24d771b6ccf36959b4d22e0e97c713016cc14f748e20f990e58833926cab6bf880fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635c5a48473ec11e_0

Filesize
54KB

MD5
47d5dc014b13c009ca2a62d62784667a

SHA1
4440f298cf4b218f7b61565d078b8879345666bc

SHA256
8987b568195f18ed70a073541f0e18b9c5d622a00ec9d3520ec1f34af7e6ef33

SHA512
1b1fdbba91a0a7c403f7f9f0c68556815b22772b6fa70147b66a794c9f9ee82de571ad7f32bb0030c9778ad8acd0e2408bcffaba925b01a443f79aaf7e349fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63adfa3ceb350d5b_0

Filesize
55KB

MD5
49d728d178a1de32f10fe6d9353b4844

SHA1
f4a556636a9099cba2b39bc11adeaa7eefa90c8e

SHA256
fd9ef0dbb44500ff2d8052a394d8aa4ec7238038962b768349194f39e317a471

SHA512
cfef6f98e73b29eb790dc92b171583e72b6944167e1a1c70cb9c9a3592e3d30cfb08c6888e4d0bb8f3560b2977cd211c4761996bc2924d8d62adcf1445888a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63adfa3ceb350d5b_0

Filesize
55KB

MD5
f0e0a1d44e934a47dd6140c680865c6a

SHA1
bd292ae4dad9b84fc24493f0e0017731be8045fb

SHA256
f5016a8000c57545452d5f14a7d680b127055d3631eff12d2d03eb1c38bd8e05

SHA512
c912812a3ed7449c6a2795a3f4ca117d360df3c166607c7726963862893aa8c3c49dc10267717f59dbf1cc33ee320d08722f1960ce381a3cd99a5a3a2d74fe6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c644062b95acf88_0

Filesize
275B

MD5
9e86db3adfcd53970787b89972164d43

SHA1
3a7e25f4e993e857feb53e66dbc8cdf9466f1248

SHA256
5eda08ea73589cbca9add3c835a033b790c881f93df4f2eaffbe1a062109eff0

SHA512
91f9c445b3f7694b55bc18ea542a0b986b57e3d627552a18beadae198df86b8c5780f7a0f1c6a20994b4de1a3a41ab4a877760a13ccf09216aff9db83460308f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76414e1734c2e24c_0

Filesize
3KB

MD5
21d78622c7f54aa574a4ae5adbc79106

SHA1
13ac06e90defae4f6986f45e9b48bfcde152a0b0

SHA256
bb7b2e6c441606f0ae19a1f64828b4ca59cf97ee6229f3ca75ce490111b8a7ad

SHA512
2a99edbf2ebd55d84a1c7b9da2f7af6ebda976b4d3d0c3239ae45e10e1ebc0133569b92b99f567915f65313b520494760483e700e8018699f37110733e3f35a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76414e1734c2e24c_0

Filesize
255B

MD5
d200049c71321f1ffa2bde2677ddf43a

SHA1
93845d57d2688658cad33342f2bc6d1dcaee2819

SHA256
3e1f3f932803f7f0cb7290f53ae9dc96092c26c62738be025b91d258fdb9f6fb

SHA512
ce31ab9bcd3ab36f5995ecad01396ad432d8cc0de10cd63213b6f9273f9b672ee850dbf0502e4d376e6d06b7866c6397931817212e6f3b9c4a259d0f4cb43d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\76414e1734c2e24c_0

Filesize
3KB

MD5
2a27018cc28daef9ce1cb0101109c244

SHA1
f6a98c7f4fb493c046c296514ac2a98bede54924

SHA256
f8f16a6a474cf3bd3166237c5e9cd1dd2c5ae36adc7831b5bdeb83c81c9cba6d

SHA512
99a88bf0c22ea7be1b9fed02edbcf885c1ae6e1da522c324d9735142d64775c5c5df531d90f47645bd9b179041b3e57c76c34a070f7db33f4382ecc26e6f1d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b76ffb933d77e41_0

Filesize
55KB

MD5
9a41939075bbf0d228611a1973c0bf73

SHA1
8a87ad1988a5474d6dbb18eb586fb5a431aea7b2

SHA256
54b7f0b46beedf057962f68553b97712c567b9caac433e3f9cef2476ea9778d0

SHA512
88a82921b82732b5fb973a73fcbb32c27a5adac1fb1e627629d8eba6db221c6c5eb9522f3de4ab2defd9cacf230e6b140b9923793014526479041625960eb5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7dea6d623ecde5a5_0

Filesize
97KB

MD5
153736c33c860feadca0e891ff810955

SHA1
4faf14f018efb1f6d8e2992d1c17c4c9417589bc

SHA256
e16ffe577c781413d54962f291371619e306329f0a1165e086018655c206ee72

SHA512
cf3853d2107682a1bc0ec3969a6d27830de48c3b398adb532318bb346e1e94aa75bfff7cd97f0f4a3e60a036fd45ee3dc47e5c23bbefcfad73eebb8151688413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80b6d59772a40b16_0

Filesize
198KB

MD5
7d032249794bc739ea995ce1663b0ad4

SHA1
93e7061bbafad69db115704c23aea3f2d844b93b

SHA256
55252f268a4fe5409c9f9fd661381082609b1261b8ad7143e69bcc7bd1cf01e6

SHA512
103f24ab63b83702a3e9f00d2476dabf218f45eb5892f00860e8a22f07afc99493181edd7bcdb63d04b1a918cbb516dcc7265a87f668cf0feedaa8bfc50793d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96a937e8842ebe94_0

Filesize
92KB

MD5
a14fb04c18152b36c01395924fd51072

SHA1
3e2374f499233dc75ae97c7167abacf3d4a9faeb

SHA256
fd4c12542555a48c8c2b32c139e246cb4a015d945d0c9d5bd482e5dcda13ff8f

SHA512
1af55534ee80070097f7b86be1f6ac0a660f60bfc5ca30e190f3c8e0615a611d668ace258eda807b5cc4b37bfc200f2acb11b11b2f775ac977e6acb63e6a8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e04f19de8f5d184_0

Filesize
260B

MD5
136b5506fdd465df5cfaede679ff47b2

SHA1
72f3a335bd29fbe0dc1923b0081f245f72c3f546

SHA256
38222fd599b206b946d115118cc5c0c2a2fbab0c33a581136d359e63cce5f017

SHA512
ec091b5fa85ba74bafd11825b7ed7d17884494bc3995887f262ef7ca6e14941f19242e39825d1fc059143f8c12f4d56e8fd542ad3e24101fba6575b5ff72ff48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a46888c13a02e1cf_0

Filesize
346KB

MD5
a7c45c9b342ee2795d515b35210ac85d

SHA1
3342b5ba82fb520ccd2d0cd0bae8daeb897d372c

SHA256
c4c3ea6d4887a160206a3365b678d045f6aa7a896e7d53acc93dc3e3cae30364

SHA512
17fb29a76f0dd181879e6c8740300fc3a6cdf2acc98f6d5b4e933bcd1558d8bc4fc1312cf3304594171ce0142eab930481c9bdfa92dc0640b98597ded524b935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a63f6a3ed45edda1_0

Filesize
308B

MD5
8cd42c193df9af16ee9aa6a8530f7f52

SHA1
7baf19163a342b448479720acfb1cba7cee9fb21

SHA256
3865f1cd64717f99a00db1d7f230b59b454dbe1f890b9fc09f2e1303c2fe6e37

SHA512
0b5073474d35faea878b5dc7d911793b61a7e96cc5187115bca5cc29e48d396d72cecbd48feea3614c3ddbf82c716f01e9bed33d6fb79d5a6479bb4c9c1ad552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a763944fc6c349aa_0

Filesize
108KB

MD5
b10860dce972157f6b44ca9559b524b9

SHA1
1c36f0c22241100d3fb1048f1632b27b0b6fbc59

SHA256
db656240738df9e5a88cf514417bd32ce5a824da3dc5a6c0b8f636f441e94f90

SHA512
7157d68d8e69bdf9b5cd96f5c6fb6646930e7ff6b4fcf1dcd51ea016f3bb107c885600ecf6cabb22f720b2993c20948c0c106c5fb34e6f15c03429896d5df5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b366c7255e5e3c7b_0

Filesize
1KB

MD5
9465bde7637370bc85a8c1b129d32df8

SHA1
e8f815fa94fcc63d1f775852a3184499e8913fa7

SHA256
868fd48c0f55e2edfb18c5abb22fb961f4303570586b94306d0419f6c88ee181

SHA512
d9b7988178fd47bd6c4b0a12f7887aa1bae8712a135115e4129af818c8bdc7ed0f3f910dd67e108a5a10b3fc5e219a32582844f1468fffd5dc35a4719ba755cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b8fb7f17faf71513_0

Filesize
251B

MD5
b9becb47d396176d6542560150e774e9

SHA1
100e44d7dbcf1c58741da951dc8dc482da206352

SHA256
f9a3c12bfb27ca3f00872765ac8165d89b153574929cacc3d76350e99452eaac

SHA512
a4e3dfdd93c078f46704b30f52ab1f85bf644eff96880455831a6877d7c51427ae59a1c62f58ca07d69eea65b10c316e393aabaf0242a1db82047f1ac63d1af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb56b0ce79f9ae76_0

Filesize
343KB

MD5
3784444cfc6aef53601a1ba04d4c6ce9

SHA1
069a860546686ab658037be23f3d631955082dfd

SHA256
a2c798755f03bebe43aaf9742190cf87c21f0920a06243e49274380dbec11897

SHA512
ece4b6d2412b82d314cfd5672543fab9b4d1e8b70026ac410df5b47a76faf02be74fc25e3767d2ac3ac20f3fa571f5fa1ee43906026a896e6841f343ae5afd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc0276656709e65b_0

Filesize
259B

MD5
8da050ba15aab4624666e5a5da9e0fd6

SHA1
36387708fe91cf1c5ed4d033f7a46cdd1ffbf446

SHA256
e6c25bdb2bc6a5393685ac7b1eb68ad22f8d094b2c347424841d1d2d267205bc

SHA512
fbf6dff075f4159e27e11f5694c8c9969927162225839bed3f1150792bc77798a1a5befb05ea619996ff0038f1735763f7cd86fbf462dbdd3035fdf21ee787e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd6b414df7ecb6ef_0

Filesize
61KB

MD5
ea5497601681cf22f210c30f483f0a0b

SHA1
0a04b2f1b8e5483f80448ba088766d8c39a496c7

SHA256
f85dfd146ac79450e85c3fb5bf185bb02eb6f31868bf6fd13f9246114d168577

SHA512
47c3d9861bfcc0ede0703319c1caa682549cb9ce3705e6949158c7d3dff2c00e5b8b37e609b07b158691ee28d28b76248c74096b8b0a95d6333da7cf7c9e4af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bdff3907e497c060_0

Filesize
279B

MD5
14512b54a6de6ec54a55e902e6b5e659

SHA1
4ab4ecffdbba40cc8295c87b50838d9b2e954daa

SHA256
90ea74bc4d41f01aef4be965c490ae554fc3035d3470323b941d9f71b505021d

SHA512
09baa6ee2f7edf03bcb14ea5111ac2b7f9242bccd1e52d4c39ddab0dc57384a592b16ef566e0f8c600a0cd84cca1cb8e9a92ae2d564259c4a75e2f58edc17690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be0bf8183c82609c_0

Filesize
859KB

MD5
287d7c9e5eaefbaa3d412d1323ace6be

SHA1
4386ace1617d6116b101fa8513ade7e96d011de0

SHA256
6d42944bfad9817d2008a2c67d4c78b2abae5c8630c7ccd2dd2ec97fcb11edc3

SHA512
89c6af02efeabc4f1e3b97c039447bcfe31d731622d26dfeb336105ff4a7690e294e75417eada7695eeefd82222a27428cddeeb4ef87bb004f29788d284aa0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c20c626eba990a48_0

Filesize
252B

MD5
e3e500505bed6cd2e0d2ec37c020e066

SHA1
cd0c4f16d69d00878a83cbc62063828640a1d5a7

SHA256
ac21e6afb81bea07826eeb3c1a2cd541546d1743a8a94ca9abfcedd63474483c

SHA512
5e47496bbc99c8721357001ddd7c93bc5c8d781ace730fbeff31b19dbf8b3807a352f2e7220812a29385b11106a577c92d938f1ddbbb90aa9a93e0b240ec3588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44449928b6297bc_0

Filesize
270B

MD5
deb4b37fae9e21dba1096bae06aae31f

SHA1
9b56ac25f12d09214a2fae64b06a0d2814288bd6

SHA256
29c9d6c29d6f22b5a5da90a09ebd95532b9223d02f859f3586d8b0dd4f0a13ae

SHA512
fa3fb5d294505f52fce28122cd2d412f79e667c6207c834a7d75b0f2232d009924770155ad919b4cca783a0ebc4f3ad8da2ff74cf912fa5d7d0a11f106e066a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbf274f86cea3d86_0

Filesize
252B

MD5
a5d1d8b007aa3eb890e5ce597648ce3f

SHA1
f823911a7105a2db8b48fee4b7644035e154488c

SHA256
2fbf96c9d15e3b749976067f7eab77311094a5cdcdd90fc1c257c8eda96930aa

SHA512
af65b10efb325e0e5919cf54c0e60ecac88e7e74af87a511e31422118a0fba49332ec1151e77e8bef4958de4347820dd61d1e97cd427c632d43fd68c31e271d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ea2051f2548b85_0

Filesize
69KB

MD5
0f0b8116fd67dca7eb71005ea22dda39

SHA1
6b825cc2d8efe47716f2919e0d329d2bcf78de68

SHA256
10a4c9a8f1c6c1722622e9d41c6c879e7ec4acab23b0e302e6ffc5fa966d722c

SHA512
8d4c2a56aa1b1bdd58197152e1a9b1e1b2c463eca590bfdc483488f539983699eae3ad7379ee0121d7454c30dbbec1fa7b6d0ccbde80cb25f75695bfc7d3915f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbd11ddc2b4b5d18_0

Filesize
322B

MD5
769106a837fb810e3dbe474e8ae04549

SHA1
8ad51f7a62b58da2981dafc36c9f667aa7787238

SHA256
20e7e85e5332de2f5b3381492c2df6c4930f6e4ab44c045614a688a33f0f9ecc

SHA512
da510465107764619d0aff85f14d1c98e2d32ad84bb3833e72df9683818eed6985ce784d1b081890a331da9a791c735cb24f926e2cf827d5e998a9659a5e21f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df3899ad9199d5ad_0

Filesize
244B

MD5
a90be66df1799bdc85694f4124dc253b

SHA1
d10cedabf83826de3157693358c08cc36776aa8a

SHA256
481807c4f3d89d48f1611215b7103052df760d765e893c278ac500b2538bdb1a

SHA512
a83a69a936b8f3063882b1503057fadc25480757d19e36339a3820e6243fa471a2a9026c61e92c55b41ee70c3a70379766ed5d1636fbb47056808c36ea1df4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df3899ad9199d5ad_0

Filesize
32KB

MD5
36d25bb71aa4eab7c32e3a45f9b41c9a

SHA1
aa9f25696f1a2eeac342ebfb4c9a277571036fd5

SHA256
abb7e2b235af4ff59435ac3efc8b9e6bcde3d4e480c3ae21793c69cae555f32c

SHA512
055440afbfa5997e1d317fb873bfc773aef1d0b90e5b7a727bc65588e729667b0a959eebf1d62253eb8f66a69c02a8cab70e23c0e14b0b7a46856029e22873e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e201db4afc7e2e56_0

Filesize
307B

MD5
c4e7c09f468aa8d07eeeaca6eaa14c75

SHA1
0ba108ca34dd0ba2d2cc5952941dad601505a814

SHA256
d14cdac3d1ebf97c921975ffeec46cbce3b4256fc4ddefd1e9a490dbd5cabb72

SHA512
dd486e0b7de3a5b35c756d3196a9a5b38b838eb9d7368c988a7f9dc64347397921e38bbf428e060b70c05a9b562040e3c653b3f26422f0cfc7aa73a0a5cbeee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6287ea3217f34c2_0

Filesize
402KB

MD5
842f82c3beeebe754a1df13960b3a818

SHA1
56b291737b2d6d950d9d2d849e35f27a3bd172db

SHA256
15654ed72493830a11243541cd26189cdcfd545de32de285fa348506ecffd17f

SHA512
11e86b83a15c4c3071a42e0245e9189ca733a5e02b0d6d9beb4ad0a29cde43354f5ef9f9ba2e1b1500b6172d61eed546afbae1b8f11ff01e5c0affc4585632a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eaee3035a9ff6540_0

Filesize
145KB

MD5
0642526818a39d34ebbe66068cf9ac1e

SHA1
3f1b2b8a44141b2ee56c5901ae22f4acc7d7671e

SHA256
f7ef16f329bb6f2a31d6b88f566d488667c2e9942c531b5743e754f14aa84f9b

SHA512
3df926e1d97be7fc8196b768de71c9f826b8289824efeb03773070eee5b7b48526a23ffa6730eaa8a79021fa43b96ed28af9b91593dbbdbfa72b6c1bc3af6aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb9aa4691e62ba3e_0

Filesize
269B

MD5
20b2ac9cea80f85e76c60ab7ff1e4588

SHA1
2de619fcc021fbda962ec0d612dd2be451b60aa7

SHA256
17d68509fec3a447443f5e367ef7ee8ac7128e5fe2cc27519407a00ad7daa3cc

SHA512
32ea5ed211b71a7a4171eb813a3b7d2bf1c2047ff11d560e9210a504a82bc7149835ceaa7d500f4d521b700927f77a3ec0461f891760a7988a4b153212fb4f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec1c71680c02830c_0

Filesize
506KB

MD5
d73e247d5c261e93f1174a4afb642b15

SHA1
da6b8f5aae8c93ebfeb0a22270ade4c643527955

SHA256
9298c0ffb1fd9654d16d31bf8e4bce6dbc12310308de913a89e982f703fb6ab2

SHA512
683748e82b4fa57308da5a931de4e149878a30f54efc2c393b385c46dc327aed0ed93606cb4f39337071d46595e772f7c01f4ff7bde2a6501b89b4d787c735cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef137c254dbc7cd7_0

Filesize
312KB

MD5
3d4b3611a69d81cb7065f09a1f09c4bc

SHA1
9b0613cf3f8ed0c951f9c6d274722c176524363c

SHA256
4b85f11d95f8cfe155d445d01b3f97b5f698ff7a648af9f3e7f52a9450243473

SHA512
0195e3796e7ebb7224feb4eca496bd1f93d65a39908c84d6f50f57256ba4a58cca7fcd5891e59b99a9d039904a976dddbc8494ae12649a21b9ba05b2621617f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3108df42e5a867a_0

Filesize
72KB

MD5
ff0421ecd89c36f420ac2d4605ec7cc4

SHA1
369cd8ce6d16651d555608a1c68747c4f4d6c483

SHA256
a48da156cfbae5af8003b40b722fea6f9fe6cd4d168ef26fd51417d8ef2786bf

SHA512
bd6f608b728e1dcaad89ddcdae48090269d62f700e7d8e0ebe9d284f211d8b80ef9193e0add8dcff5edab7634a9fd227b33dd47245f6e146c4494e229e3ccdf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3bf0cad06a9a311_0

Filesize
849KB

MD5
9e8ab3c3c27184bf3e1a583421daf041

SHA1
c644c33c5903a72dbb1373af2651a15646de2aea

SHA256
f56b81f67aeb2655e68f49fa4e889f5fd799ca73406eeb130e3f016ab6ae1fbd

SHA512
c48b1e90ab60f43d2afdb4436808b902fa2f899e01e258f41bd1894cd1de13ca3567f1c04988d06ecf20dd38ede546c70e6b6edab1ecd06fe596b2f49ea91631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc33e133b5fc0499_0

Filesize
306B

MD5
9bd60851f2d2424ce01affcf170fab9a

SHA1
0f154fc34dc1c598303c5013f012d8f8d8107b33

SHA256
ae516711afbf88dd6df4478d6b87beecbe5c559172ed48c2b39008ce7e7929d7

SHA512
58f4ac718119ab09116dc26b50489ae8adede95d968e8e1f72576765a40c31e732bde16a0a0434f485dc7e895372e8c9dbe493a00f529b0073fff48e4269d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
49e37a84d329c5e0384d75724329e937

SHA1
f3abbd835d3cc9f7dca94602807339222c2c4a7b

SHA256
635e5a60450f0dd0690ee33faad452bec3931e34c9cd7ef4e25f2d5fdac76f09

SHA512
40e3487d2a395edb1f367f6e0616649a148a4189197505c065da666084351639b5fca3a1e3216a2510f0ca1203b85416b5c8a83da0e5b8ecdcdf0d2bc38cb55e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c6391c3386455297a110c3405c43f893

SHA1
9570d1b3f2c62e235623ecc46391b643845164aa

SHA256
0f7b3781baed21b39864adcef713102f215696d93159af60df89cf9c4662251d

SHA512
d988f4c51d08d1f700bb973ab791d726975253c0bee93cab359e5d73cfcbb72720b88b67617e8eec4ec9e83a114b8987139856d9b2c97eadacc61d0000bb7356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
7bf2d80d21abc16a0c8099e18fc1c795

SHA1
29fefe13862455856876aed156f5f34cafa36108

SHA256
01e9d7a1df768edfce17e8860ba51c69a388bdd46ba49ca1edc4d52bb3f906a5

SHA512
0c9af622404214d44c77da0f45ab9caea3a5bb667c30762553951869f393695cc13a1243708f56b990653af9f2ca0372b649b12752f0467112f0c668c8faf0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
495935ca109a69e3f56d7b5cab7755d0

SHA1
e686e1f21a688157432d6e2d3bf607388e0e8e04

SHA256
2ad4cde8ebe2601ca938f2a5187fa050a17f5f99e68ad1a2e6a3a3e6fd232bf5

SHA512
1056d555e51395203d29f5b4580044bd47a0e41c939a97a690d6f1cf227dc30d24b4614f19dba730334516ae6368d3d8be0f8cb0d9a4d0f6656f6611a095afeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
b4694e0f82a11138b881170a7d669db3

SHA1
9b0d1f46c69586d98743782772e2ad886a74cd4c

SHA256
655c84b97666eee79dd5374c37a7ce32ae57234b8b34f603be393d4b9016b0c7

SHA512
125e53088d8295ac0f6a7b6c8236e565747d756689a8ef551abb98e5c8cc1a4cea09b45e48dbe9eb81183662fddcc30859b77fcfaaf36eab30bd059d60b6c93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
777da710ecea5fde26c6d1aa43642956

SHA1
a9a3b22b53db6b96980b08fc68c4baa7e4be79d6

SHA256
f96d92355291147fbf9dba40b515915ac88ae106f2bc1a72b5630e074b5d1ff4

SHA512
d1f9d283ffd468e0dab382b451ffe3bd5d3b347340c16fc9c8e5490c0a3e1be144239250081b864e6e5979f29c695274074963e8223f6fc59d642c1972892ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
78382ac8b52978120a603c66e4838b01

SHA1
2be88b671c1e320f2822cc8bfcaa814390bbed62

SHA256
ba7bd3314c80535ee95fcaca13a070605060fda62bab81c13f7492ca587986b4

SHA512
a34d92259b893d106f0e39ae74e8efe885820e27889c233359714f98ac1750c940a754b25538b38e0d565c7ca9415bd59be888eb13ad55cacf92ef5f76a84fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
20354ea70ab9a4e03af4c413577b7ca7

SHA1
495f80a2bfc1e7bd74573444bd28d4f42a5a1ea1

SHA256
c17362ebccdc4dd3164333267d7cbb27b86967664a37f45750b8ec1868eac256

SHA512
4aba4ca8a0820e59ff9171a6c59395c5ef501237e9b661c276ee0acb5bf4a611493dfb8543dd6849adaed6d92291d8fe0cd458cb34264f708cd3af39eda26110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
b04c8236e003c0812f1044826b827eef

SHA1
a925b4f4092b1160c704849203716eaf8a948279

SHA256
d793c103d29ab7ce712443b97d6e8580bcce1effa6dafff5f3d8d88bc58f9944

SHA512
2cacf03e83f67e63d169dd06f7f6ee68a4f7ae773c0b8ee8085bd867177f50eed9dd496ebc5dc062aa1adb7a59108177a9b71529d44f5b273587041690048299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
27KB

MD5
b90e4430f8b47172c93dec21ee3404c1

SHA1
6f63bb5edbd8aa4b5001f2c8d2f0d6bafb68e1f7

SHA256
571797bc66563f15e7a740196b46263a6f212c034df0fcc847118d29158d0a31

SHA512
d0d3921fe6f27c9dd1f9edc0e9da339aec53e581289b32b5b958f749b3e78f87be22767a885ede1eaac1abb315506c3adc7f3dcfc1be282f35bd9086333d4c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
27KB

MD5
a5a2ec12e46ada8a769a4e8453dc3941

SHA1
cd66d22012d910b7aa050d4b77097a8542c394c6

SHA256
49f35ba952926591b26d54f0d52d2aa35a01ba0015481ffc6bf5369e592ff16b

SHA512
a12b0a59602edd1092f880241ccd77cfc62b4fd496c663a46f259f84715b79af70301968c49ac268e521d6349349190afb6fb1fbce1744c864cabc6f0e32369c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b62a17316e06e943612bf6678bcbc915

SHA1
2f1138d629a052c6054911782eb7d639c48469da

SHA256
bbe5f6c43e827f9261c08eecccd1e1e8a6978113a839f268f23fcd29b0d32642

SHA512
99a8f2a9b13ed7e39afa18a6234a41b7b092cf6ce7e6d3a64b463568452a755a336a020aa8601878a0dd0a2ff53d9bcb3811c77aa681bee202927f1144b020ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
77fef0e27ff987a9500dd83dbddb9bc7

SHA1
a979faad02ded7eb903eb5ce15a973434459e85f

SHA256
e9d7c9e9db114a67b1e78d25b87378edac3197522b1a71ee9765c81e4adf4f3a

SHA512
de7a5815761d7eb48d6383f769cf7153a9ca1cf85b06686a324816bfe884ce00f11c38fe4238d99d4062375c7edb3b69917ff5202280fd9e83718784d775e513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
31b9eb5ae2df11f70d79f35b970604af

SHA1
c21120a6fe7e7e9e445861a49020ea5c22c74ca4

SHA256
719e7803edccba2c4ef9b3266e29a580071a44a8b27cf717afa833ec2d27ed9c

SHA512
a4377ac93e6e9a904a771c15d60f8fa311726a191d4e386aee982aa7c83694fea80066e59814be97d7c075c6ab233721506e69131f42a0a94e06160f6d75eaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
4bc59d25ee2d4bf77f2fabb20dfc7d92

SHA1
a264c76e6ab60686c595535982eec19d9a3c6568

SHA256
4911c0f3c4fe013e2a487c235bff1dd290c6232bd11503c262a3b29922bc19c6

SHA512
414e4e495d73cfc6cd098402d72d4073491654ed2e7d17b22d3d0dc88f3c2d3baeae6cb8e5a75aaaaee7c84ef7d9b4cd2e600e4c5802a08bbc8f392957e48883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
9f7c77c3969585dfb47fa5d53857db6c

SHA1
fed74a6774a7192ba71ac59f243718c7d6ebb5fa

SHA256
3822d02e16a2dcd6ce0adaa45c5598cb2c93cb1818191979a5af58ecf3b6ee66

SHA512
475f7ffd22ed691eaa66f3a6f457bab7d5694e895fe7a5a8a60c4c15cde86dd93c6af05fe07b9cecd89934de66645c929bf9dfa99af390af37c16c4c60dbafa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
28KB

MD5
8225a2c31f5dc1f95d09b49175b2e722

SHA1
3cd1730a28e054ac0f06cc251eb26730c7278ead

SHA256
a84acc61102907d9c421ee545aebb0eb3548e7c8587fe747f97afe4b0d953248

SHA512
69adfc14bef7274080f3ae9dc7a3de91a9d37f0b445821020007557bea11920265d6434dcf923c592ab7c7d918e9cd342f77876091d6586231711b9f774c0108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
94a970aeb8d198af761a40e02715a4fa

SHA1
4fefa48d74402932ed496c92a564e67708c083ee

SHA256
d5240356090ef870c2bb21408b0accfbeea07aa62fd07dbd31d49ea385cf3a1d

SHA512
87c0c59c819fe4d0249def8d8d433c0ecd44c7c6616ed7026d045b1c3f0d803ef06a61d436655aeb2678be08fde3a9db4e7427ab94f32893d8d4c6968fca7217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fcf62f4340cc2397469484125efde4d9

SHA1
7cf5cc792062cd45499f55a43d39b8158faa7420

SHA256
d3d12fedc4e734b954bde71c2063dcc0c09f7e30e3eb42789b0fd65f8670c5bd

SHA512
f8013902284b3eec9d9ab57da14119194720cc204505a86d35cf9aad0950446f786b2c1b73c02b8e939d28981081e2701c3003107ca2d0db9db6100b2e8d07fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
ac40ea14056ad936e8a9d45540f866e6

SHA1
dfe44dd609ccc2b33626360cb51e48f24e2943bb

SHA256
daed60431961302c231d7b50c7f8bc7779d83231033b0a1b85a1c3e112d001e0

SHA512
89cb7c6703596ab7e6c181681d43bda817e0a434c6c4a7d542a47770985bd5d3a58390fa219bea75ac4c7825bb961c580ef2b797f9e271bc4edf826b43df58f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
3c583c0b120b7e01f5ea86e396d7af40

SHA1
688e495d75417e65ee57cc73f42b9d35348a7c6c

SHA256
5bf35f5cddd6212472d1bcafda9910041887b4612cc74a2258407d84c36ec6b2

SHA512
79e6c74e4888c7404aaa5eb4d7b3eb24f47e2932f03dc9192e861e0865df8f4596fde02c786a4884f5f13c93aa225a5d41db8c1efbc6fbe781b72befb2235bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
cfbc88b99f15bbb2241d7e199a6f8229

SHA1
c8f962f969b60aab518bfc06b0a6fd9eb2ee1c8e

SHA256
1a5b09b9250bfa8c293d85f2a380c1900444b03ca2ecf66095a357c15f613a4b

SHA512
146b02647499de3b4c65490a02dfc5f4c7a8df459ed839437affc43f242a238059289a6397fe0cfd27c987512135962bc5423e91a7b8f9391dbc161fa29bd4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
62d697373f3e468fd70f5b0a45a8fec4

SHA1
3cf4534ea46f707f0dde5027eaab9b7e93e3fcd7

SHA256
73158362667f0e6d5e294d578a100b7963be2361ced85f954bc37239e808d546

SHA512
f5fc33b5542359cf8e252f2cc6d12c4148aa46e5d0feabb02976250c9f012608cf9b227ed0f93bc98bc6c377aff37d69da644228c895eacf37d8d7ff0afeadbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
1796433981460a3cbda2ab2fad370980

SHA1
067a4c5d634457f3b2e37e8b815b9a948d9d0167

SHA256
681359e2c78828b1c8eb0cab6672a5ffce950beea948fc8f0a7c383687497f46

SHA512
d5a5adc9f1140bd908a540a873e9c119bdb103963304b1990726a400460451fd33cff98f1e59c1f276fde2550f60e1bb321048e58dbf99c032788bb0546f45f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
ef2e52d1a953103ea1c2b4af0781f6a9

SHA1
0408f7bac8096e7ef048967c33f6a5b3610646da

SHA256
e6112e6bd65d4df7999752a9b66ed6f92e6317e3597aa1d7b97dbda4cf430d4e

SHA512
ae15011ae3578b9ab2235c4b68f20b93957a94f07b5a83391b6b19e18dc1e0bae5d4fd24bc6b39ace37c40f77ff9b095a0a6952af29d5c21a35cc2ca39d6a2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
526959155ace8c6324887b5da49e37bf

SHA1
aff0a6dc58595df0b1f03756d15577d92d1d2b2c

SHA256
847d31bd2ab5bf08106a683276107b88e6423118b0c29318eb3558fc0909d66c

SHA512
b2266b4837c17ef5eaf1543236ee75210b35081d93c33b0ee5c560ce73e93a16f9159faf60eaaa1120c28a156d6b51cd70dd8740f24ff7d8356832ca2aaaa79d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
193b345f3a295e50d1a55b2b40b39598

SHA1
ceaae26245430f2d80cc24af0293109cdcb22cb0

SHA256
70d53ba65d42b5c9b1d1c77a54f46b46a834c7e4f1db37dd4c46c23dfad2f09c

SHA512
112c69444e94880cf6e5b79cb9383a46d36181a326893cd8cff918961ab2e1367f25268f7fe36e364c2818661cf230d343f73b41748f998303dd02a31d36a919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4de4e805a7522aee518e41d84e30756a

SHA1
059f5a0d1138699f913ee69a405f6151a10102a3

SHA256
9aec1a208b24aa099445c8cf8f4d8a0e0b5299c395c8f94ddd6a59e3b64018cc

SHA512
e68188755d3745fb31fcdb056e97b06ae9911e16dd2122fd8db1cea35a37b61c5303b672066ff2c1a954602e3ae0a61a94e6339239402df3006cbb22f30647ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
48d4152bf43329e717ee0fbed389e017

SHA1
9794bd42f23b8d45e9850a560cd34a32a8384930

SHA256
92fa31fe4122c918f6a0eb29aae2215142fdbb1d11b9f5295960af2c3a003e37

SHA512
2a33d3cc9c31ee2c3b58e1aa44e40dab66d86d7108ca217ac35e50df4675f7ffeb8201806b90efb10799fd50649793562a9e2dde481475a03f3232546dac3ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3103efb120195934838e1016564b86b0

SHA1
88d774303a2ebaec1fe191cf8fb4120c89a568fb

SHA256
3cb02a7a479fdfb36d23e2c91176c481849730bee4e2680db9b165846a317394

SHA512
780a9af96092b8070cd25d5822378cf6cec47024db54f7a2acb05a8b64704ec8c8b7c282e45364417232f946a346235601c5a4c3792997a1018046ab1381236d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
4ca1717e305acd1af220f801bc64b69b

SHA1
4a0d8206593aef8e78758b81678c9a53b738665e

SHA256
992a9415ba6ecb6fe5227aad822f10204bc698be1d75258b86650781a260146b

SHA512
5c758a5314b9cdfa48aa8be574e63a4ed3d65fb439060a4e1b0fda5bea32bbd65b3ce290992e9a93651d652e32949cf420b18080182492a5072fb4f683f0fde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
0b4e3a79fcc7c48d9892119b56588003

SHA1
1891886554fa6471bebf504994899f311a72d001

SHA256
62b9f370e2b30639e88ddee488548fba8dab94727d8e854058456a1846ac822a

SHA512
8573b6660c340d78c7b5224254305d27c5dc52b627eb651fe38abd2bc2529c5c0b1356a7aac53e67fc341db5bae3976f8c14b12cf08ac5bb00ef848c9842d6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
029f1490f3bd1e7b0a5d694ad9e4532b

SHA1
c7f9a704de075b06f9773989b2a3e9b2e444067a

SHA256
bcd04ee208c318b7b2218fba1e6ddbcc89e4193845ea93033578b76648ffa9e5

SHA512
00342f0df29318cda891040f233a2eaa9267bb1945139edceed197be03bad8d743a4dc457d0ebef68c8ca2acdf27b79158141b5099d99f50e1c5ea716d39b3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2265f7a3cd92697b03ec957d76ca867

SHA1
4e0af7b8020a47863f7a803eae2c2f91d43e1167

SHA256
125e856b5f6bdac44186694fe0189fa0c192e43a54dadb1c943d0c01ffdbd5b8

SHA512
ac8e26f9dc814bcc62d5342a6f5a084cc40912a4f8edaf8fb7dd1bad3ed6ebf89c5b1ec0634a94cb3a835946a9532930f27d185db3f0abe2046e83dd5ddba947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
51cc5bd26bcf1c28e65d0b0cde1a4d3f

SHA1
365869629c95a3aa90eb814f6ec8509013b42d69

SHA256
cff1dc20dcf102b39aabd7556638ba6a38c2c5b3fd8ceaf537aefabb9d748673

SHA512
c318b6029dfcfd3404483e64dd7aad47bbf79c4fbb14fc1f3ac19ed12ce29a1eabdde3ae4181be8ee4dd4f7d084a79af3f55491064528ed385f9a121c5463e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
987b84063b88b6a37d1d72024e881f74

SHA1
5d8dd6862cfb6525c97e939353be7e64c3206d91

SHA256
f98aee22ef12f1e01bccfbd5fa0d91049a6edbc36f216a3729a2b917359c1074

SHA512
4b3943df2b60e21c07ec41a3eaad17d4ce650c0f02f35d790793b17cb86bdfc21c395f5ceae6fee51af2334851164dd36c81dcd6ff06fbead476aaccac0b8511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0661b877c8611c1ad1c75eeaf7e379b9

SHA1
9135cbc838ce28fb038bea3a15cc782c9fc7d6fe

SHA256
98826d9c3a8b1c3980b70e0ba097d73824c0160100aa262aa12f325f18919e76

SHA512
9b0193334b0a2a3fad7c195e0caa9321dc6e3a36ecdf2f450e6e4f240371157784861583a42ef53aaff1104fd2fcca6405ed4eb177c3ae20303b8fbd026983d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c559bfd1167a2bf232c439c39f0b675b

SHA1
a9f8cfdd6293f8cd9dcffd0170c3d7010e520ff3

SHA256
c71db197d91069015c3db419a6f87a64061e884732925069118101734d85f216

SHA512
5744e2a20899cd43a7b9853e418703e0c5adb8fd52c8c94c0a1d5e1453133846a4a6a713f6e67fe5b41d609dca2670d7cedc5f856337c29c23823525fd99fb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
99f2935ec595ab9d2b99818b45335ef2

SHA1
5c472d040a92d810a5a984ef4651ab4c6131eb68

SHA256
909de66b50fa9a37ee75a2ac14bfe3895d5b5248b30816252ec31295483995ef

SHA512
9f9203123e0084248c50d1850fcd8896c45b2fbe6d32853ea7b5588e6b305da93adcda41d0e51903958366fd92e98b21a2aa0c60d0490414e5dfd48861677a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
053b17adee77e27e63e1e2ccfc693e33

SHA1
dffbfbc0ef685ca675e4f23a0131c0f42939b309

SHA256
370f86e3fa98aac35b2abc44a166dfba07496ecfd94e13b7ef72744b06a26f70

SHA512
78d111840d5b9a2039a35e423d170dfe0af76bc160a39e2ff14d37e8b46f678ecbd5a79b2c6bf74b24e560c7cf3ae08ea3722fd86e5c80f34215fe992aa58a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
3325cb8b7bb97953a2cca0bae1c0787e

SHA1
fe2686279cf4fa1038e1bcdeb0b18b35d987a302

SHA256
7a4ef00792019fa54e98a17cc36e8978e624db7ea8a9e51ff5a631b93daa3d60

SHA512
b039e54fad41a11438b260a5d2eb4bf73fbfcecb0b9102c84bfd476e8c1a25509189f0d64b801a7817cbbcbf1664c9e113103cdab407e04a97e251b2d6da66a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
ef8cb73fb8812320c6286fe862e4a84c

SHA1
a801fc9a14cf853b009d430b8be94d85b80ca588

SHA256
03d9e560eddb5a8c24cf697ad0b91cf72fe76d08f777b5a4350146c5e9c72daf

SHA512
1d8773dc7a2628dd5fe6f62d11f26cdc69549e0fce875d950d73934f2f3fbe31e6fa9eb8fbb2df9015f9a9201647d7aa6c164dc0bb06ba09e90e5bb330ecb68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9b4cf32797f568a6574497f22b25ed9

SHA1
d3cbd1f11b1a79f07a6020e01956986fed220dc3

SHA256
88b7603e798181fef5e2b1fb06ed80a292318453f43be3d3171d752de5d1b039

SHA512
4cd13aade86313f499db005894e608fa8fef65bff1b678b0a1df95d0ce48fed158f7e877388bc65150595af657232cb044f79b4f2ea4c389ea99654cee94de5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7120d14565b1522bc650321d3157cd4

SHA1
33c8414ef5f967cfac399dbc4316954035dc8219

SHA256
72e60f99e515f05c84ebfda47c0018df09cf912b5a877d6ce5a53af2585050a7

SHA512
0876c7f9998074dd42c24edc69c5cc727d16de45188611c105068332d60e7f8bca3ac441355402314ca0c2a26243b9bf35fa8f9e4b9ff149d1f9534f40f2aefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8dc42fc7e717a4ad517dcc87440daf8d

SHA1
207ff370730d53f6eb4eb8ce9413f27357f4d295

SHA256
bc564f523564efae550d987b5f8e343aebd737f62ebad11bb70db381e73c5fc0

SHA512
e57d76aaae863976a1e3e601ac87443ce785f81d020e9e25f0449849d8ca318d2dfb007bb87e6d7e369109dcd3584530c70aece5cc150a7930ecd9a9a0ff4a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a4ce36341611651b22c0da903182e38a

SHA1
56296a5560744d04c12e2b8ab2a7589c2d866350

SHA256
7b75eb0dcd9d27c74d6831ba48558d8a038af845fa646c487632ee4f29c6e0bc

SHA512
9ac8655b385935652c5793edc6a8dff5bdcce86e82306f8e56ac9a4cd5094c403c376ac5a5de56cb61425f3bbc0c32e0ac1e343e26187abc966a7cd30358d39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\2bdf7287-616d-4202-a133-03a9bed1c1a0\index-dir\the-real-index

Filesize
168B

MD5
bfd3301963b7cafaeb518dda59c9e6ac

SHA1
fd505581488bc067fd6aaae009aee85fbe9f583e

SHA256
94ebd170189ab169587456999acfd210bcbfc0b69f64518a35370656b4033076

SHA512
eb678fa4161c54f950dbeded3d8ac6587593072716254361d1a6fdb6616d60e949ba994e77bd717179e1e1cfbd546923040a2d4e08d6c8aa82daa70906018e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\2bdf7287-616d-4202-a133-03a9bed1c1a0\index-dir\the-real-index~RFe593483.TMP

Filesize
48B

MD5
badc559c8f9bba9ace576b1434207823

SHA1
711a8ad5d8d58af8bcc34f3d28f1e599ac4f02da

SHA256
c49cc3e3f0355913fc23d83ef9d40d2c6c370ac22e5348d45a40c0edaa71f7bd

SHA512
f69c9eb32ffa7c4aeb817b00d974b77ce737551cee26beee89a7fdb311fcb2ce43dec0d0811e51e2778b0c210db1ed87f3fb6f283bf004a7c7be6f11f25fb0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\c987cf3f-7489-4abb-b9fa-f48ee5715399\index-dir\the-real-index

Filesize
336B

MD5
447864f0169c5ad5f1f8e6189b46bdda

SHA1
24879d9b339193cce8ccad6b9ebbe45a412c57dc

SHA256
6a58a072bcf5d086d3eedce6e491851cebc37f4f30b89e7db99b0f028b25ce6d

SHA512
6b0ea77f5670d7ca0b4d5ed17204f3e2f255a8c14cae01d3da066b784d14ccf20c762dd71aa6d56c954054fb14dab489079c534ab99e50ae5abdc4d091aaaa66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\c987cf3f-7489-4abb-b9fa-f48ee5715399\index-dir\the-real-index~RFe597a08.TMP

Filesize
48B

MD5
91aeac091b51771fa36a6652e15f40ba

SHA1
0f40121baac74fe302836d026e3c3f4052eb9a5c

SHA256
21d12f19211b71ca649592d366f73291378e977531d7d1d069af366c7d213415

SHA512
4e6fd95888ef8d4fd2e28cffd91d912676c868171feab66655afc582f334dd5daf01e7fa2adbf6a2c0b2ea75a7cf19bed3c478d6f9b53a247bdde6e03fd97196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt

Filesize
152B

MD5
738a4d3ad6328a5b35756d23bcad5836

SHA1
7e5d4078f58608fdf003c7094ed68eeb1ff5ea29

SHA256
2b0b7b6a7bd15fb0b218e668162690573d77fb9719977a99447726f66ab86534

SHA512
87f3dfef35152af85c1b49ccbe23d8d2bbdab2d3471dc87c5a5b9bb87f168a4ad3af541b93e48359cef8a7c5ae9b7986d363be2df909a34bd67bf4ad9a41e60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt

Filesize
157B

MD5
ff67790c616b6df55f7c9f7b3845d939

SHA1
731c0a330ed8d0d12d16a9bf26956ebeafe3d80e

SHA256
dce176245877cb78c582bfcb935a376f16a12a7d96b8848347efed983484e1fe

SHA512
a0b1c662f3261647961cd496170fe0e33fa8ab7b3fb39ec52111dc830f72605cb341a77a1b3cfbcab67659cdc425336bba4b28759ccd7be572b433dcf91964f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\ebd1d48456ac10b76eafa6e03ae8fde5deecd34e\index.txt~RFe58e8c5.TMP

Filesize
88B

MD5
dbd2691c1cdd6110e29664414c19538e

SHA1
e82c87436100106e266d2b3b794937e1a890e073

SHA256
1093ebe9664c96afde66b11cfb6039226717881111239c5fa88b6ae751ad5f84

SHA512
8557c9a1e1846a492b80bfb42fe66fa2ef2ad0b68bd84085070fac76eda54919d2235fadf5ab0269843c1bef8aa4ed2d399ce14823caeaff466b8bc0ee6790c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
27KB

MD5
3016c9a89a53629fb61efdd5aac68d35

SHA1
87a6a016444bb5eb4bd42089add215b4e3137b79

SHA256
8dd22239b612076c0a9ff02ddb4edf2e27cafde3a7b9cc90e73649d35fd268ce

SHA512
2f0094c97946f3ad575ea34c73a7ebfbf194d1e09eb01b766c7aa21748facf0c2355e66aa3960cc699be8d4c11858998b00eb918b2d8fb13df0fb6eacce90547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
65KB

MD5
9e7113bc705e711b49384db35748a5f6

SHA1
c7bff01b3e9c2886125cd8c7ec084b0f2cf4b3f2

SHA256
3174c4720a733838775ea4548ec39840c8f5afe67ea9dbfdacf45c61be31a569

SHA512
1a1540208c83f239726c796127c33b8a3a5f3dc7344bf80f9a3b210f5a1be0fc927637d653ec72c6443fa1869defd358e244963972ddc786db83468a6878b36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
2ac94ab1a8abeb24346f45dd00386308

SHA1
99639a6801f0e009636586f3d249d6f06632aabc

SHA256
fd7bd97b5a7a8ae73cad44f334a0d443c870e72a521e9b1687e205aa156bf03a

SHA512
6ae950cf22db59743dc6920dfcffef64e7e5da94ce88ac806be04e2b9d00d9d4792059b3f9a66e112cc886b92bb8685a5c3f737513a553c22c92070c2e0af10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4956f32c2347a1a0e26287b73b156722

SHA1
49b1c6ff04dd3d100b6cba926eed117588773648

SHA256
581ba7dbe6de50ebff23c2a60c617eaeff278e7de7ff7a10c881bce57e99bf12

SHA512
6e9c6e14a33a410c25ec535d28b5ea04f87e8954ef1ce99c171a1adec8b7548908299358b50dc21e430b61702e1a3cfbd567dc1cfcc7a064da8de62e0ae2276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1499cf68cfc95e4592496952c495b2a4

SHA1
ece501aed569908b6ddbf5d588993762958d1552

SHA256
a850b66de453bc62a9cafde510437a62c741b7ed0cae5b4092053707f5c29cb7

SHA512
25deae908b95cb42bd1cb30afbd0c14de6c4dc3fc52c901040d3c0a4531ee03fde9aa5621ae949e21038baf58593c6037e6dce890767510163c24f9fe6a07856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b8d8ea5af231fbbb356316cc9e09d2d1

SHA1
dcd1a2c53ba37fb8b5076c38663d8246db27b25c

SHA256
97c305447da1a53fa614d2a0cfc4d12ae3e5a18c7f1f79668d24468acc715f4b

SHA512
ef55e42a69eb9dad070d6d94a03509a392cefd00db144e4448519c3b00509cdde52fab9f9a5ad25b5b0a9ebc0175e5b5d9e5eeb78a2d0b5586a4a1bb7ce8754c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
412619ecbbfbfe6116238fa97132b69c

SHA1
e0e9bc25489f2d60c3db71231a63f5a1ec06373f

SHA256
7b25aad13a0ce7f7ca91702e9c9406e0d1ce88273f495ead6f99103870e3aeab

SHA512
04fa4624d2146cb4e00b93b416a184563e02009ef056055e0e6cdf9dc16f0e8c0267e1e0912d18e69de531ca5332dedbae9cba4f72f8c873edf48476862410e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592b8b.TMP

Filesize
48B

MD5
a77b78878c3087f9ab826f40b3505ed4

SHA1
dc3a53c523010cb2b84418cd91cdb20191e1f560

SHA256
21741852bceed0dd9ff45144e69a141dd53894d70ad9a659b2961d230369d1af

SHA512
fe7e510e52745b5d48d0358c5301eef21e59f5167ed27fb948606b0d3779a8e1beb7a31a14c04c478440f80a2ce1c531b38d8ac03e79d55b20348b30dec9859c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
b61ef565034ee4e27c0fe0839d1cf91f

SHA1
9d2f0b87aa04bba4a892c0811bacd0942f21d6aa

SHA256
9f4cdddac07139133a072a60a45a7252430dd5a08131b47b4ef3a7e7a913a771

SHA512
2b4eb2d30216e1348152202d17cbcd05785990dbc923ea2deb2ec90d076d21eac1bcb306a7c58adf49832d6d0bb21999f98254743ce0307454996b902ef0d11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
e25b07b5a40b8fd5764d099291a5beed

SHA1
514f3f97e2784172271c122110ea93927905281a

SHA256
7620413571007e7c702315f5f4b1458d11f512668d554ffcc72f36907c57cf10

SHA512
0d3ad929c7edd6d3c50233a8adf8053850eef7784a522addd370d9ed8c80e89f61400c90f3a1ed3d1ebcfe1c51a2182955c3d7bc015ef087f79679ff0a90ff87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
21018db28867254b2ef7e8bd48a5f1b1

SHA1
d4971734992cf67b8e01d92b553ab4a80cdfb216

SHA256
4a93e198178e458f4e88e5006e782f9d5cae0c86cc304570dd96a36705700c22

SHA512
9b8761a92e2fad7771a79ef3179703076208da8d597fd6ef54bd3258376dab079f88036bfaede067f33e4990439f74c26dc5f6afca5442274226ef0b2b337591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
fc056fc6e01201fa521158ed6623f6dd

SHA1
507c7ffc6bcc79c7f31eb214352bd458a4574f9f

SHA256
11087ba493012cc99030c0302b8ebdde0223ab48817d851b552bf5fee1cc9cb5

SHA512
4de21b7755c87297c1a5baad173cf9c28fe507fdc5aadf266bcf537b2ddb3b1e9842aeac46da9d11e80226bda7aa8f46e8dc8e41fb6ce2eec25944f2f0181e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5a72e96d57db78e99b60544577b7b0df

SHA1
cd2cea7ab19f33e25f79db6376eaf4be8926a007

SHA256
b5aecbc11e33d77ade54e495c283b4fae329a611a97094bf2950715e000ef9a3

SHA512
2a5f653d01d89c25e76a564043ed5ecf55b9add0cc6dc87b85ab5584cac8d90fec11ff8d59c3588a00f5254d7cc9758947a141761220171849424e20cbd34635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
48c863d84cea005910e35dbf4d27efbf

SHA1
22deeadf658d490dc51fd84f89a0aff66f1af458

SHA256
048205fbc97a2a98e1540a311316705af5163b1e3d72357a07f970387e623cf7

SHA512
f0e2e8015cb0ece1ce63ef648b4f27415e450620161d98e3bfde36254c4ccf6877d341c817c716102b6775abc31d2eda321a175e993a35c24161082e291c882c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9897160ba3a391c7575d3a805dfca0da

SHA1
2ec6ca95f69739b27806506abc6593d6f6130ed5

SHA256
7ea26c4ac8fae6e1459751b9ff9782b6b8d17ffdfbb805b1901ae242ce1ba2a5

SHA512
65098ec810314971ec44363dbe6f6f29ab54f6eaf63082edd66c6e844c45af54f6103a35e561b58583eb0388123fa3cd04326e645f8f3766003a29b8b4c8ea81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8ed5487311a0c206ac8c5968328fd099

SHA1
b3c869584511cd1877d27d6806d978303101fcbd

SHA256
c7e03c3c9fe7a3bcb98b1fb1bcebaf243396c598cebf20263e8577778df7a88c

SHA512
035f3c2ecb48c1d23bf3a32d333d7bfc8c106feefad2e4bf5c231d2f6f15165b4ab4d9392c4b5235b35d5b907e4c396ac6a243d66b529db2e27f70642961128c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
18881045321bd640d2c4fa047706b0b3

SHA1
5593de0b63cd238565cc334df374e5eb5bc82506

SHA256
41106beca7c600fde58e50d621a651f34bdbb7c40aac75f24bbedfbfd04d2e8a

SHA512
4c6d45c70e0c540399d3a3a8b01ab906c32b060f33974f6643d6ef2cac754f196b1159121c5ca1fdd76e1111a1795aa7fa8ebc2416bcb4d59a0d9e1446aaf38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3d74620146033f3f626ab3cef8fe01f7

SHA1
5e73ff15fd14f125432d7805956b76213685e581

SHA256
3cb7183bf379a2a2168fb5a0c22b151e2abbb1d71d879642059d8481a9323bba

SHA512
70f9c6a48bd869cfeaf4bcbf0c8374b41d7cbb501aa683e2f6389f4f93a96b9e6fcc46bd7dbec210d59c6719a0ce62882b1196f7810d30267100901db08c05d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
876afdf5abb7a550bbeeb41c6f59f092

SHA1
32905249ce4cba4ee42b7f08a0993b7a756dd2f9

SHA256
c98e5b98361924ad42383d231191bbaa05fe5dfe5c90b69b718938588f546d37

SHA512
d8f2f01c44bfbff55432db2fa48109ae34e2bbe4f7a2ad5924c83cdae77e30fcb5c5fd92df2a5dddfba93ef27e0096291e006acb32d7f128f1bb58aecb8395b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
d8ebd25123e9f30bc19a47bf2a3fb8fe

SHA1
17fef21ebe4fc02b0c3d2a08fb1e2b8147881d42

SHA256
f6b4fddfee11db3e35e879db5f913f66a692dbc8ae700d47e0e1358bf141f57b

SHA512
d7b0c7b25b4b8687bb6fcb0a05a981c0fb1790efb32b644535f63569fbe2c2249e4530728ffe45a60db3d14ce0c206f126a46e4d7dd18ab1cd372f322f70d97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ffba5745c8e18bbbf583c0ccaa8e2c35

SHA1
a358ff001ff31d894d5eca2af8f45f6387bd1679

SHA256
f4c2bb7671f03a6115d8f7e574ffd6a80096bc941cf4523a50156ba0878615fd

SHA512
ec773e1f7c1d8a321c936289feba4dd7043330ba7c42f3f1c203c39c0edb10c7e46f2e12354749fe40eee999f8d310cadabc97330c2ccd362355c5087d17709a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d2828f9975fc372dc5f71ff6f1c6697f

SHA1
19d1d0e7fbfe8684f871b10ead84d1d08f0aa983

SHA256
b15b6a3bc1baf7c627b7fed55de174eca4f3915468a4f2a9b35da594f1390eba

SHA512
8e8b6fd003e4af80801dfc6371df8694b0702177bf1fd8abc26b27807dd95007edafdf38ff9e60e0ca581fcfed2a3f980431b347501c36cddf136ab8a14a7cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
86809d677ed11d5bffabfe796330ae71

SHA1
5db230700a0013b9bc17af88f4e9481bc452d701

SHA256
6926d58a19e95b94fc5045112bf06a6aa767f5196759cba21e20fa8701d9f33d

SHA512
1754d1e6bd6d218db3aa9838cf95a8fb62c929eacd32ddd7fcd4cedc667fcf91e919e2b889a14f25c0f40c000655f08ebcebbeb4fb9b74216220bb7d6a043236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
76e211d73eafa4d0fbbd42c67d2109b5

SHA1
bca60e8d4d8e9c833ff51ab18484a73f25083476

SHA256
43ecc38fc8cee55e2a2774e4262dc4b69b0ff828855e43484f4513ae2007ceba

SHA512
6c8a750555485e0fdf75850e1396145e31c2e8e38397aa3d26c8b4da2fe3001de8835958732c745e9c00513937a69a87a6d19e3de6f59400044ba1672ce94a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
aaeee0f112292d746017e77266b87277

SHA1
dc16276fdd6e9315d455128b4fba953d2e1a800b

SHA256
d991119d7dd0106ffa42f47cf396c1ea356425b9437c63565e8d527cac4bc4e2

SHA512
c4c50e60a4d3260a57417dbd0c0d8429196c3ce4a1a68e5cbf556b8e66b847a681fb2a00c5363597c300d5ae9572d4c7ac670ed44223380bd677c1291dcecb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
1226c35833b88a8bb5cbab7cb1edc651

SHA1
1e0f29913af28a38d49f93215f0053cbc9918fe4

SHA256
5aed022d8105174f9233c90eb44d817469158d88677f922ed2f6e548edb89a08

SHA512
7fe4cfd32390d0b0b3a4d3753fbe309c47e466e3028c8cb4681bb87b6d950d6104d3fe7aa6d89e99c4af09916da33995e59f971a2555c06a6f251ab61f4f465d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13b580fcc3f4d6ce33921ac4c284fdae

SHA1
a0fadbefd0c0705302061ae9d79c75a0142a4642

SHA256
985afc0986d530e47b0348666efb492fc2baba3816e77a03a69a6f3eb116f1f5

SHA512
cb2a67df5c94aed48752848f93ec4ef7c3916c1929a9a7720e51dc3363ccc6f3f20693677cea447061a8e224d0420e03bc4c1dec16b11bde65129730591dcba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
313a6456106b3dec8b48467b514ce76a

SHA1
4a868508d4a4d18f53b33bb14263de1981fb569b

SHA256
6fff38f18799c0cbc56161406b4c7d187ad709f01f73b09827b593b462d7309a

SHA512
fd53e4480a21fbdf5ccb940d58ba5cffaf1bc7b7c99d32783f52154380a0584312ecbc4af02a5faaf03490b345b3612354d7b5bcb0a010dc20de110a6788037c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
68f0773facc5ae38a3f74e2ca7cd25be

SHA1
00b9f5537eeb7a4632ff166bb9334cfca1fd8aa5

SHA256
f3ca5218c0917ab53ac2ced13ddd4773b252340cdbb94adb0b19b8d24f4a5b94

SHA512
4f3172f07b1ba95d186bbae72e6a0012d7ec8ca96aed12303c04abeddc0c159fbb1532032c216db6a9120c8ba65f9ab570ff5043c9744b5eb6ac912ec2fc2d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a5374e8c774ef8d6e955285baa4c4e5

SHA1
28a2b109e9834716c9e0cff3eaaf512ce81f1662

SHA256
2d9339181e7aa3fc41aeb4cc4397c82da8040aff21f0096feb8c9c1af38d42ec

SHA512
c35d8397625dd58816e2ee5102a37ef0e9f9993266f660c7e3c7156f932f5794cb68dafc9f0737328f104547ce2eb22f2a2b7b50974bb2fa36536ffbc2de0aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
f147370a856ecc909f6f44fcce928b4e

SHA1
17bfd1881b111c7664dd537db58cb0805d3a1caa

SHA256
78764430c9cc38677b2302dc11337aae537a1aaea9e052dd61a01cdad877254d

SHA512
32a145f89e084e7c10d2ffdcad69c0c1e128af6213f97e69e9557894c180f64b65ba2b47178c9b709d614f91ff2e58de79eecab17d3219888e96b2090b98421e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
07962062cf57bdf38c697546be4c8a5e

SHA1
34fe5146aee4ae89fc85754134f39f06c3db0ec7

SHA256
8f27777163c30a0d91fe5790e749a56e83d245ce295513fadf146d93cfeb56ad

SHA512
4bc26d9ee1451f6928cb7548d5fdf0557575a1bab9622c9610289c2a5bc660d0eb1fc774f572dabf8089a3ce8020a7c11f3bcca7ab155ebef93fd5a4086ac2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
764f090af6078c3962ba7f495e78ae61

SHA1
cbb81567de70017cfa750b188d3a0f2694e29504

SHA256
8c048de06151b61348ea4d87b3a7bfde4d0f3a46b559daadddd34f7d3025be91

SHA512
046a4e04a31f41e5148a7247683848a851d47063f86dc66771e9b60a8c1d5fb54765ebe37caf3a457866750ba5f2c24fac97c6dab98aac0023f3b421a33894d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0239a4199ace9d61c749d9fb6b6f16c6

SHA1
cf27ed21598ea2e6e8ae1f9b78eca33508534d6f

SHA256
bac8892a3dffa4621ead156a5b10cf8c9e964d40a210d0f083c17035d4d55b61

SHA512
f0836ef11646b850a0faf0d7803f5b536f3966362e2df76e455a380d413200bb91d50e8b86cbd345430712ed81a99327f38fb6038433d304c541c65c381bf5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8dd0e357f7e8177e384d2363f06f7921

SHA1
937a28a1fc99d339aa4a5116b2ab688c2af0d8ef

SHA256
4196b02efbe780297cdcd33786bcb4872cb867a1dd6bab9768e06c3b7dbd0cba

SHA512
54e4472ab0a344cb372a5f6d6f2a0822d0b485c87f83d8227746816287ad20567e60d84ee5979ea6b4973c5d58f5397c475f520680b5a20d40934e9b6e43be44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
25bb85509f7236135416decb462fd993

SHA1
fe75b820ecf057dcf20320249db44e03175e6681

SHA256
03e3a33236388d34996c652c6126b193affb7ecacfd06533b07e015b43c6d971

SHA512
a62806ffd6c4f899c2b9b119f283ac966d020539b038777179e99bb9b33df3039e168e449941fed8a40584d9b0453591c520dc68a2774a970c871569175fef8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b11b.TMP

Filesize
538B

MD5
c6270330bc8509f35de770355a75b70b

SHA1
29590e9d3615108de8eb70dc15dbe395944f74fa

SHA256
49027f3ba0402eb1addb5d2893c6403f2c6064f14027f0c498643dda3784a065

SHA512
34f8330a94ccddadcf17cd61125dafcdf0a6db0b0f2c9733d75c116e2b60ed92fb73ff250da201283a1f92247f4d6e579b574fb63ad63769cc79c421b4d94a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Filesize
26KB

MD5
8235f98068f731038d8520df4727c625

SHA1
6ef1e3ca36d59de490e593ec195b632e8e09565d

SHA256
98280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38

SHA512
d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21a2d54f5ef27d0663ea3caee2e78c1b

SHA1
09f68a58f93a7e188efd8cd5c64725e80e1edccb

SHA256
1a7de920a0a5d66981d44b957df9e4c8bb991802e7438d113143fba3873cc4b9

SHA512
8819d8239c2b197793ff7a9e66791a72e1c1aef3546c231e4a05f5900abf90362748d7a917fa21f18bb171462118bebeff8e10d03036cd83859e15933665f7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
955b0121a57fe579eb4ad1e889ffb9e8

SHA1
815209afe3a11e8bc91e477da56e7bb64e0c0718

SHA256
c52343aad31340e768829064e72aeaae0ab0ae88e7700a994094fc5004c73f4e

SHA512
da81dc66d0d660b990114cddf263eabc8892a10657029cc281ec04ac1e3c1ce59516d0c25d2eb70d1716880dd9527c7bc83684eaff5d3c9e4618ccc7f9b9f4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53717c0ebd09d1d9f156fd9b6986b920

SHA1
a6b10a88561132e5f0bf22a0f5e0dba32505fedd

SHA256
db2f4291390054c6ee48c550c3499131bbee78f1694686b5d08433ab966ddb45

SHA512
80671d86fdf75fe73c5b28fa974963a072ca417a6a832a0262e601509b9c47b7044bccd8ce5037bae95c193d70d9362a5772d7603fee409b42881ff33285abcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7df6579db5ab3d35876dbbf014a0b387

SHA1
9482411e8d80ceba35a97acfa2acb17f4ddcacb6

SHA256
9d8f734e694e1a6269a3d43267ee320068c3269caa3a74ec641a66de79c5bb13

SHA512
f28e3d6d78b6ff709056350d1aebe7e9c46246424d6a1a1cbaac5697f94e4310f23ba17389193699599b8f113fc811e418ffa1b31536098bdcdc2cef3057d2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ed084ce20e35c7ad9bf7245887c550b

SHA1
7ec27553fb235a03126ef8b92014e57ea0ddc80d

SHA256
3407bc4591f45a1a3f0cd79ddbb33a632eaac84f2b1f704f805106c1546babc4

SHA512
0addc7e08f0de4798d474c4bc5a07bcc473718af77d467652e94c2e8826f6e704a9aa14c2dea1eecb687302667c99e914960b16bbd350eab13f5ff14ebf31c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12ed426f040f613178439367071b52b9

SHA1
b9fbcfc5be6aa9ef2d123222b331cd17edc3c3c1

SHA256
7c0ee02b90982597222f15738bc128313e4cabf10e8c8ed4d735f920cd98a566

SHA512
839445fe50cc0a1eb82cb1426dfced04c4c5909b2fcd3031b39dc0781225e1561a989f31478d97dd872bfee4cd791535cf50320a197f9709fca30a1732ac6df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c03ff609b5049b93d7bb2c5328157fe1

SHA1
a91cc56e36c59e982b5bd2565821b1401290e872

SHA256
3ca1f7df944d332e0d7b4c3a191f86410276694945651d5e691f042156422a50

SHA512
4151268943d4398c76f28f9fa19d6aa271331734d4b4db62062352561ab6d6fedd6da94457ca4cc3cf77f815f944afd567333f3a69a45b1d6d230da431a3cfe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a48f9528a4f55dc15ef2af26e302306

SHA1
894a783577592aa383561593d6bb310b450355f0

SHA256
79a34be4cf549b58168c08ca54c1a540e64c99acb9d76b37e7a7a4a546475a7d

SHA512
05a229f3b29f2b2f8d4d8cedabb05781e59b3e7d36116e6884921b00fe26630ab75efc6b9037d75b95be77cf7a4306e76b23246ceaf9c4988d298ac275529a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
958d5eb83618f328bcbef37f4f8a50af

SHA1
ee1a6f51317742f3cc73415212480d0734c5e6db

SHA256
0e7eb12576e0eac15796e056fd7bd05ac1094485247fac98d6e81527fb9469e8

SHA512
3dfedb4b8bd1bb2447c6b7b588d3c7e97cb1a714225f36a8425bf1b52feac6cf58a5f58775d87a645c38809f1c07c20e1871d47b75af67f241e4a01ade3c422e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a338767eeb5f52966e60973e8122a2c3

SHA1
c66d2d1e03067af188cdcce7cf3f91fbb2397815

SHA256
85ad43f6822483eaef5d8a47e0fbacd86c4bc1bbb3549ade5b510585928d6485

SHA512
f48600e0399c0de226d46be607ba11453de2f19ea468fa60c731c2cfb97162997be4c0ad32667c74484d73233704a2147da93c65cfbcc82a6182bdd1b5f7369d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e08cb0344638a15d8a07a494023f35d

SHA1
57dea6999386e821e1588df11ff15d1d1f865ab9

SHA256
305da7cda9c97f331458c6c567ab7cac3c8f14cc5ee5bf1eef50050fa36ec1ed

SHA512
9b41a9959d680493e8d447bc7eedb000cc1a420e0af4ffcb70ff9ae774ed610afbbadbbca379275a1a681602b3d739f5150d8d2e9ee8ca84a74e796a2a4d33e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e2a3605f4f072f6368f2a12962a2d3d

SHA1
2b60f9479ca9751245837dba582558d81fc7782d

SHA256
7712da0e62925487caba9bd5e9cbdef7e3a5129b4ebb6d4fb38714fd634975e8

SHA512
e9fb866348709ad7edce9b44d20edd0398c0aff3b444901dfd4df0bbc21a1cf297c9de0b18246d5bc30d0d8bfb948ef2c64b2de9680d4fa9fc4316a588c5fc1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b382b3e1-42e1-4082-9e00-48dcf990bbae.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
6f7719d4ff42a6d349e7329ac41b818b

SHA1
3f4cb994318c06e22b505670ea2393151afc3058

SHA256
777af40413abd3277f109905b0389034c115681fe1bc773900169ff28920031c

SHA512
cacea8f97a57613b3d993d0bd5838f1386e6688e6ba726192a84796093906445119b29ab106d36119915fb59a1f330184b6aabee24ea3a425c0b0d0a89aa681e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
39829e1190c8b16b77c0eed699db840e

SHA1
4376c66109587e38ab7063d3c9503490c7f9b509

SHA256
4f390f1b17f0e0a0eafb0dc3e62f5fea61d4e42841ed0a030c1dd76065fde0c2

SHA512
8cc0d1f53e4b91407908501a771a27d378f2413f1c55d22c7c1731d085ff4eb2949b9d6a8c7d55064f3701a5e3cb1afcb9f52b179a52be8c5f4e142778398a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gi00gh02.qcr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
896675d30f107af544b7f98e51e380f6

SHA1
633d6402ee126c8cd9f6a1440bfd962799316b92

SHA256
739c609ca9a043e57b1120eae73e65cdc5e836f3be6b93e14bdaf21e3c80c401

SHA512
b87eb9210cde979c1f87d2c967edbcfe42f55e8ef6c252098cb05811da207636e0eac43cda014ece6755887e5b58a0d33f4615bbc4d242e6c22b190f1ecb9d18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
17KB

MD5
038382576f9608e81643648c995aa1dc

SHA1
6f7f70a5aa824d1e9e3ea578b3c0062274e9b18a

SHA256
0543dc45da4bdef4f6ebc2c0d2c895e66811e1130f4f4fda1bab40afd4c0f082

SHA512
1ad687e5f3224dd59c95e701491f8cfdaa9674822e043bed99203b3d600efd485c46407172c4126f849395ae00e635fd80485cda0ec9bd8303f31d55b76924ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
50b3852d86e10a6b1ebb8e199e711dc9

SHA1
21ecdefd486bc6d41f12bf4184f6ac39d18f7241

SHA256
e2c71d55e46ef0d977dd17b5d0d6b3a6f5224f90a9a9c83c7dcf2046cc37a1df

SHA512
c7a95f93d8f860cf33b242abfeb03a6afe9ee75f554186a4dfd8b17bd466208ec2630c985b5c9a20d17c6130f144dd5a59e747c95630ef388f4276f6cdfbe05d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
36d05c3619f8f3c37f6a422ba686cad9

SHA1
cf2c754e6c7a12e2ea6ab3199129c43f62698111

SHA256
21c3e18d2b5ca458ac817f9853684f7b6ec75732902a070e1855d916d108aa3a

SHA512
5658b132607e57287ce0c42740e9154b7cd9d0389050cca05437856c2d00b2ac3a6d65eaf9ecf9382d7b8cea634684e3450a6871120ba4165b1312242b7526cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
e3b87c454bbaeb63a3bc0f233b5316be

SHA1
55b6f4bc0242370fef6498ccc3663735b4a2276a

SHA256
2fc245e16d2eac5f71c4f04cbd29f590c80bc88c0fc5e5fa5c440b49d6123998

SHA512
c8e0cc0c6817159da444bb0ad04748d3fb91934c104e203a6728d7b01be6a610414949d115c8ee36b91734f93ceb2ecd6209250393a7c3385fac499687aef2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
65bb810fede9fa01ac1db3f33093c7e9

SHA1
3a60aac16267245abd979d263ffe0c5a9e7e3242

SHA256
98fe1c9df2114266b9d8452cec704ba19b898e94115d34c99ed61161c1be8913

SHA512
1d923a336778cdcb7d3e31114ba27a87d949c23f013fcaf0e045af6dffa2ca46a782be7496ae1c7ca65b8a9913a32ba6f5373ef09a63ed261aa315308722d3da

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
130KB

MD5
1d6ad00b8f9a8bb56e2434a6fbe561c5

SHA1
30ed45f83f84cfee06a65ee86d3e726765cf94b1

SHA256
13110873cc3980d45f2ffc63a5d0323d7596e5c965eda1b135848abc91aedeea

SHA512
a373ea52349fa513b99d41d51338250c6f24fe9765246f9a227c6f74eb2a51aacb5d2d6c77e43fb9c9ce3fb371f12fe53cb2958e5ff4dd55a17f5dea8b67027e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 129047.crdownload

Filesize
2.9MB

MD5
e398a0557b44366c849b85fbe26a63e1

SHA1
d20b6b46fc572a435e4e5eb7f5dbd3e601725bac

SHA256
63466a7b4c4ca557cbb2e8b57c125db52fffb234fdbfa38f31eb61b040411e7d

SHA512
a4c0a608ea1f4a33bd39a5536dc4b2105598e3fa4a9ff9033b2279f885a7251684761e1f4ac7b1ba5226de2b0ca777fdc971f0a7f22e65f66f0a3b9c601291d1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 372313.crdownload

Filesize
2.1MB

MD5
daa7348130ec7364150dc198cfb48311

SHA1
518fc71aeb77e374b7e9b92664dc296cf98a2153

SHA256
f73fbe835170332a84330e6304786283f3bd9d32473895bb977d247b9d2515c5

SHA512
38465ce2a075174e69707483b3a8dac5cac29d61e095e12dfde40325704c5d9dbd0b950c837a87124e28e81b12ffa8a8b5e8fa4aa4295f6b55db2d7b63f3a522

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 559671.crdownload

Filesize
16KB

MD5
1e348722349979928b305e897a741168

SHA1
c14be95534efb63e5cab5acc77bf68bfb2114526

SHA256
daa05874b757dab7b4cb8ca1c9d3db7c22c54d55767eb5eb8a27adeafd2fa3e9

SHA512
e9192c717afe8e96dd73eb0286dc09d5edda8e9b085c70e5d2f8aaa9c7a994ab1080d9ded10cf4f659824635bf45edb4f20f372b20b6e5c731049806a39c32ff

Download Submit
C:\Users\Admin\Downloads\Xeno (1).htm:Zone.Identifier

Filesize
108B

MD5
3d7a23b057ece1de024464ea28927178

SHA1
1e4db30486af87d6d1955763dbc59d8abc0f5162

SHA256
598f28e5dbab54d4b32bca1d6c51ead0933f58b0d9d6b7ca82b4a6a4f0fd10d6

SHA512
332969adb95bad79ae1e6276ea94711c5de5ae4ba2e35698ea11b576ca9348c9aeee7cbddeaf3cee08b5c97d362560810dc38f86dc39086a530788ef38a4155d

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
289KB

MD5
f72e77f296ec9c90f78c184f9c341023

SHA1
5e82e4f3ee592696edf343be17e31dafcd9ef0ad

SHA256
dba0b6462b050b6c9918d2a443c75eae48862e52e8ea4a725131dd7d955f597f

SHA512
e79c804c4950509e88fca58ff3eadd2553b8c6d989618fdb991b721e07aaada70526e38994aabc255c19eaf55dbc799fad712bba4d09d207673231cff34082f6

Download Submit
memory/2976-4857-0x0000000007850000-0x00000000078E6000-memory.dmp

Filesize
600KB

Download
memory/2976-4852-0x0000000007450000-0x000000000746E000-memory.dmp

Filesize
120KB

Download
memory/2976-4840-0x0000000006270000-0x000000000628E000-memory.dmp

Filesize
120KB

Download
memory/2976-4838-0x0000000005D90000-0x00000000060E7000-memory.dmp

Filesize
3.3MB

Download
memory/2976-4842-0x0000000006840000-0x0000000006874000-memory.dmp

Filesize
208KB

Download
memory/2976-4828-0x0000000005CB0000-0x0000000005D16000-memory.dmp

Filesize
408KB

Download
memory/2976-4843-0x000000006E4D0000-0x000000006E51C000-memory.dmp

Filesize
304KB

Download
memory/2976-4829-0x0000000005D20000-0x0000000005D86000-memory.dmp

Filesize
408KB

Download
memory/2976-4827-0x0000000005C10000-0x0000000005C32000-memory.dmp

Filesize
136KB

Download
memory/2976-4826-0x00000000055B0000-0x0000000005BDA000-memory.dmp

Filesize
6.2MB

Download
memory/2976-4825-0x0000000004EC0000-0x0000000004EF6000-memory.dmp

Filesize
216KB

Download
memory/2976-4841-0x00000000062A0000-0x00000000062EC000-memory.dmp

Filesize
304KB

Download
memory/2976-4853-0x0000000007480000-0x0000000007524000-memory.dmp

Filesize
656KB

Download
memory/2976-4854-0x0000000007C00000-0x000000000827A000-memory.dmp

Filesize
6.5MB

Download
memory/2976-4855-0x00000000075C0000-0x00000000075DA000-memory.dmp

Filesize
104KB

Download
memory/2976-4856-0x0000000007640000-0x000000000764A000-memory.dmp

Filesize
40KB

Download
memory/2976-4858-0x00000000077D0000-0x00000000077E1000-memory.dmp

Filesize
68KB

Download
memory/2976-4859-0x0000000007810000-0x000000000781E000-memory.dmp

Filesize
56KB

Download
memory/2976-4860-0x00000000078F0000-0x000000000790A000-memory.dmp

Filesize
104KB

Download
memory/4088-5124-0x00007FF8D50D0000-0x00007FF8D50D1000-memory.dmp

Filesize
4KB

Download
memory/4864-4902-0x000000006E4D0000-0x000000006E51C000-memory.dmp

Filesize
304KB

Download
memory/4952-4882-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4824-0x000001FB7C940000-0x000001FB7C9D0000-memory.dmp

Filesize
576KB

Download
memory/4952-4818-0x000001FB79E50000-0x000001FB79EF0000-memory.dmp

Filesize
640KB

Download
memory/4952-4819-0x000001FB7CC00000-0x000001FB7D13C000-memory.dmp

Filesize
5.2MB

Download
memory/4952-4820-0x000001FB7C6C0000-0x000001FB7C77A000-memory.dmp

Filesize
744KB

Download
memory/4952-4821-0x000001FB7C780000-0x000001FB7C832000-memory.dmp

Filesize
712KB

Download
memory/4952-6066-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-5892-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4822-0x000001FB7C4B0000-0x000001FB7C4C0000-memory.dmp

Filesize
64KB

Download
memory/4952-5196-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4881-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4883-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4880-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4914-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-4975-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-5429-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/4952-5457-0x0000000180000000-0x0000000181111000-memory.dmp

Filesize
17.1MB

Download
memory/5308-1698-0x000001F46BE30000-0x000001F46BE52000-memory.dmp

Filesize
136KB

Download
memory/5464-1573-0x00000221B7990000-0x00000221B7998000-memory.dmp

Filesize
32KB

Download
memory/5464-1709-0x00000221F5050000-0x00000221F5102000-memory.dmp

Filesize
712KB

Download
memory/5464-1565-0x0000022198F70000-0x0000022199252000-memory.dmp

Filesize
2.9MB

Download
memory/5464-1568-0x00000221B7FA0000-0x00000221B7FD8000-memory.dmp

Filesize
224KB

Download
memory/5464-1566-0x000002219AF50000-0x000002219AF60000-memory.dmp

Filesize
64KB

Download
memory/5464-1570-0x00000221B7FE0000-0x00000221B80E0000-memory.dmp

Filesize
1024KB

Download
memory/5464-1571-0x00000221B38B0000-0x00000221B38BA000-memory.dmp

Filesize
40KB

Download
memory/5464-1567-0x00000221B3840000-0x00000221B3848000-memory.dmp

Filesize
32KB

Download
memory/5464-1572-0x00000221B7950000-0x00000221B7976000-memory.dmp

Filesize
152KB

Download
memory/5464-1574-0x00000221B80E0000-0x00000221B80F6000-memory.dmp

Filesize
88KB

Download
memory/5464-1575-0x00000221B7980000-0x00000221B798A000-memory.dmp

Filesize
40KB

Download
memory/5464-1576-0x00000221B7940000-0x00000221B794A000-memory.dmp

Filesize
40KB

Download
memory/5464-1577-0x00000221B8110000-0x00000221B8118000-memory.dmp

Filesize
32KB

Download
memory/5464-1712-0x00000221F5140000-0x00000221F514A000-memory.dmp

Filesize
40KB

Download
memory/5464-1711-0x00000221F5110000-0x00000221F512E000-memory.dmp

Filesize
120KB

Download
memory/5464-1569-0x00000221B38A0000-0x00000221B38AE000-memory.dmp

Filesize
56KB

Download
memory/5664-4867-0x0000000005AA0000-0x0000000005DF7000-memory.dmp

Filesize
3.3MB

Download
memory/5664-4871-0x000000006E4D0000-0x000000006E51C000-memory.dmp

Filesize
304KB

Download
memory/5696-4750-0x000001EA7FF30000-0x000001EA7FF42000-memory.dmp

Filesize
72KB

Download
memory/5728-5018-0x00007FF8D50D0000-0x00007FF8D50D1000-memory.dmp

Filesize
4KB

Download
memory/6240-6515-0x000000006F810000-0x000000006F869000-memory.dmp

Filesize
356KB

Download
memory/6240-6514-0x000000006F870000-0x000000006F8EA000-memory.dmp

Filesize
488KB

Download
memory/6240-6173-0x000000006F810000-0x000000006F869000-memory.dmp

Filesize
356KB

Download
memory/6240-6516-0x000000006F970000-0x000000006FF16000-memory.dmp

Filesize
5.6MB

Download
memory/6240-6517-0x000000006FF20000-0x000000007191B000-memory.dmp

Filesize
26.0MB

Download
memory/6240-5185-0x0000000000EF0000-0x0000000000F06000-memory.dmp

Filesize
88KB

Download
memory/6240-5206-0x0000000036FB0000-0x0000000036FC0000-memory.dmp

Filesize
64KB

Download
memory/6240-6171-0x000000006F8F0000-0x000000006F96E000-memory.dmp

Filesize
504KB

Download
memory/6240-6172-0x000000006F870000-0x000000006F8EA000-memory.dmp

Filesize
488KB

Download
memory/6240-6175-0x000000006FF20000-0x000000007191B000-memory.dmp

Filesize
26.0MB

Download
memory/6240-6174-0x000000006F970000-0x000000006FF16000-memory.dmp

Filesize
5.6MB

Download
memory/6240-6513-0x000000006F8F0000-0x000000006F96E000-memory.dmp

Filesize
504KB

Download