danabot | 797e48f499202061a0748d7fbc9b858c8f47cca396a56b403374755d10fa154b

Analysis

max time kernel
537s
max time network
539s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08/03/2025, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

imhim.bat
Size

43B
MD5

7e9bd2b17df12d92d6b41a57c06913e6
SHA1

771d2387ae1a098aaa5e48fe8053e8d4c0818b25
SHA256

797e48f499202061a0748d7fbc9b858c8f47cca396a56b403374755d10fa154b
SHA512

c99242a68464c662e51e499bcf08705ed87d6ebcf19ad6cf9829fadb79e6bba6d9f044f4c66378d4065202e99128b60b529699c921048ff7edde38370f50618a

Score

10^/10

danabot banker botnet defense_evasion discovery execution persistence privilege_escalation trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
behavioral1/files/0x0007000000028083-2324.dat	family_danabot

Blocklisted process makes network request 7 IoCs

flow	pid	Process
198	5752	rundll32.exe
199	5752	rundll32.exe
200	5752	rundll32.exe
203	5752	rundll32.exe
204	5752	rundll32.exe
212	5752	rundll32.exe
213	5752	rundll32.exe

Modifies Windows Firewall 2 TTPs 18 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
188	netsh.exe
2836	netsh.exe
2460	netsh.exe
2712	netsh.exe
2652	netsh.exe
4572	netsh.exe
1792	netsh.exe
4552	netsh.exe
2212	netsh.exe
5016	netsh.exe
1232	netsh.exe
1116	netsh.exe
3136	netsh.exe
2692	netsh.exe
2276	netsh.exe
4100	netsh.exe
2556	netsh.exe
3748	netsh.exe

Drops startup file 30 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.a.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.a.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe

Executes dropped EXE 14 IoCs

pid	Process
5348	Axam.exe
5328	Axam.exe
5468	Axam.exe
5532	Axam.exe
5540	Axam.exe
5668	Axam.exe
5728	Axam.exe
5800	Axam.exe
5860	Axam.exe
5856	Axam.exe
5252	Axam.exe
5964	Axam.exe
6036	Axam.exe
5128	Axam.exe

Loads dropped DLL 3 IoCs

pid	Process
5644	regsvr32.exe
5752	rundll32.exe
5752	rundll32.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2524	takeown.exe

Unexpected DNS network traffic destination 6 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	flow	ioc	pid	Process
Destination IP	189	208.67.222.222	1240	nslookup.exe
Destination IP	190	208.67.222.222	1240	nslookup.exe
Destination IP	184	208.67.222.222	1240	nslookup.exe
Destination IP	185	208.67.222.222	1240	nslookup.exe
Destination IP	186	208.67.222.222	1240	nslookup.exe
Destination IP	188	208.67.222.222	1240	nslookup.exe

Adds Run key to start application 2 TTPs 15 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
112	raw.githubusercontent.com
113	raw.githubusercontent.com
148	camo.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.a.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.a.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.a.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.a.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\CBS\CBS.log	TiWorker.exe
File created	\??\c:\windows\jk.bat	Bugsoft.exe
File created	\??\c:\windows\mail.vbs	Bugsoft.exe
File opened for modification	C:\Windows\CbsTemp	TiWorker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Event Triggered Execution: Netsh Helper DLL 1 TTPs 60 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5724	5572	WerFault.exe	226

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bugsoft.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
1304	netsh.exe
4416	netsh.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Gathers network information 2 TTPs 4 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3380	ipconfig.exe
3076	ipconfig.exe
2844	ipconfig.exe
1920	ipconfig.exe

Gathers system information 1 TTPs 2 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1464	systeminfo.exe
1136	systeminfo.exe

Kills process with taskkill 4 IoCs

defense_evasion

pid	Process
2704	taskkill.exe
6092	taskkill.exe
2548	taskkill.exe
4236	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\USER\S-1-5-21-1639757381-2759246526-4253643256-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open	Axam.a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 793104.crdownload:SmartScreen	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
4928	msedge.exe
4928	msedge.exe
4504	identity_helper.exe
4504	identity_helper.exe
4788	msedge.exe
4788	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1700	msedge.exe
1700	msedge.exe
3712	msedge.exe
3712	msedge.exe
2060	msedge.exe
2060	msedge.exe
3988	msedge.exe
3988	msedge.exe
4120	WMIC.exe
4120	WMIC.exe
4120	WMIC.exe
4120	WMIC.exe
3188	WMIC.exe
3188	WMIC.exe
3188	WMIC.exe
3188	WMIC.exe
1884	msedge.exe
1884	msedge.exe
1140	WMIC.exe
1140	WMIC.exe
1140	WMIC.exe
1140	WMIC.exe
4768	WMIC.exe
4768	WMIC.exe
4768	WMIC.exe
4768	WMIC.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe
6136	Axam.a.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2832	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2524	takeown.exe
Token: SeIncreaseQuotaPrivilege	4120	WMIC.exe
Token: SeSecurityPrivilege	4120	WMIC.exe
Token: SeTakeOwnershipPrivilege	4120	WMIC.exe
Token: SeLoadDriverPrivilege	4120	WMIC.exe
Token: SeSystemProfilePrivilege	4120	WMIC.exe
Token: SeSystemtimePrivilege	4120	WMIC.exe
Token: SeProfSingleProcessPrivilege	4120	WMIC.exe
Token: SeIncBasePriorityPrivilege	4120	WMIC.exe
Token: SeCreatePagefilePrivilege	4120	WMIC.exe
Token: SeBackupPrivilege	4120	WMIC.exe
Token: SeRestorePrivilege	4120	WMIC.exe
Token: SeShutdownPrivilege	4120	WMIC.exe
Token: SeDebugPrivilege	4120	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4120	WMIC.exe
Token: SeRemoteShutdownPrivilege	4120	WMIC.exe
Token: SeUndockPrivilege	4120	WMIC.exe
Token: SeManageVolumePrivilege	4120	WMIC.exe
Token: 33	4120	WMIC.exe
Token: 34	4120	WMIC.exe
Token: 35	4120	WMIC.exe
Token: 36	4120	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4120	WMIC.exe
Token: SeSecurityPrivilege	4120	WMIC.exe
Token: SeTakeOwnershipPrivilege	4120	WMIC.exe
Token: SeLoadDriverPrivilege	4120	WMIC.exe
Token: SeSystemProfilePrivilege	4120	WMIC.exe
Token: SeSystemtimePrivilege	4120	WMIC.exe
Token: SeProfSingleProcessPrivilege	4120	WMIC.exe
Token: SeIncBasePriorityPrivilege	4120	WMIC.exe
Token: SeCreatePagefilePrivilege	4120	WMIC.exe
Token: SeBackupPrivilege	4120	WMIC.exe
Token: SeRestorePrivilege	4120	WMIC.exe
Token: SeShutdownPrivilege	4120	WMIC.exe
Token: SeDebugPrivilege	4120	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4120	WMIC.exe
Token: SeRemoteShutdownPrivilege	4120	WMIC.exe
Token: SeUndockPrivilege	4120	WMIC.exe
Token: SeManageVolumePrivilege	4120	WMIC.exe
Token: 33	4120	WMIC.exe
Token: 34	4120	WMIC.exe
Token: 35	4120	WMIC.exe
Token: 36	4120	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3188	WMIC.exe
Token: SeSecurityPrivilege	3188	WMIC.exe
Token: SeTakeOwnershipPrivilege	3188	WMIC.exe
Token: SeLoadDriverPrivilege	3188	WMIC.exe
Token: SeSystemProfilePrivilege	3188	WMIC.exe
Token: SeSystemtimePrivilege	3188	WMIC.exe
Token: SeProfSingleProcessPrivilege	3188	WMIC.exe
Token: SeIncBasePriorityPrivilege	3188	WMIC.exe
Token: SeCreatePagefilePrivilege	3188	WMIC.exe
Token: SeBackupPrivilege	3188	WMIC.exe
Token: SeRestorePrivilege	3188	WMIC.exe
Token: SeShutdownPrivilege	3188	WMIC.exe
Token: SeDebugPrivilege	3188	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3188	WMIC.exe
Token: SeRemoteShutdownPrivilege	3188	WMIC.exe
Token: SeUndockPrivilege	3188	WMIC.exe
Token: SeManageVolumePrivilege	3188	WMIC.exe
Token: 33	3188	WMIC.exe
Token: 34	3188	WMIC.exe
Token: 35	3188	WMIC.exe
Token: 36	3188	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
2732	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
2832	OpenWith.exe
5996	Bugsoft.exe
6136	Axam.a.exe
5348	Axam.exe
5328	Axam.exe
5468	Axam.exe
5532	Axam.exe
5540	Axam.exe
5668	Axam.exe
5728	Axam.exe
5800	Axam.exe
5860	Axam.exe
5856	Axam.exe
5252	Axam.exe
5964	Axam.exe
6036	Axam.exe
5128	Axam.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3816	4928	msedge.exe	98
PID 4928 wrote to memory of 3816	4928	msedge.exe	98
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 4684	4928	msedge.exe	99
PID 4928 wrote to memory of 1060	4928	msedge.exe	100
PID 4928 wrote to memory of 1060	4928	msedge.exe	100
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101
PID 4928 wrote to memory of 3428	4928	msedge.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\imhim.bat"
1⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7fff746246f8,0x7fff74624708,0x7fff74624718
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1324 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\death.bat" "
  2⤵
  PID:1524
- - C:\Windows\system32\net.exe
    net session
    3⤵
    PID:2744
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 session
      4⤵
      PID:4256
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Windows\System32 /r /d y
    3⤵
    - Modifies file permissions
    - Suspicious use of AdjustPrivilegeToken
    PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1428 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7964657004185971326,17114468070709219023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:5616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2832
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\90ac29a6-4ec8-4215-b11e-d27bc9467726_Delete-Windows-System-32-main.zip.726\Delete-Windows-System-32-main\README.md
  2⤵
  PID:3048

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\d613e2e1-687c-400d-b181-16553cbe9798_RussianRoulette-main.zip.798\RussianRoulette-main\Roulette\Roulette.js"
1⤵
PID:4392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delete_system_32.bat" "
1⤵
PID:5116

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:3188

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
1⤵
PID:1912
- C:\Windows\system32\nslookup.exe
  nslookup myip.opendns.com resolver1.opendns.com
  2⤵
  PID:4796
- C:\Windows\system32\netsh.exe
  netsh wlan show profiles
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  - System Network Configuration Discovery: Wi-Fi Discovery
  PID:1304
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:3380
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:3076
- C:\Windows\system32\find.exe
  find /i "IPv4"
  2⤵
  PID:3400
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get size
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4120
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get name
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3188
- C:\Windows\system32\systeminfo.exe
  systeminfo
  2⤵
  - Gathers system information
  PID:1464
- C:\Windows\system32\netsh.exe
  netsh advfirewall firewall add rule name="Port 1122 TCP" dir=in action=allow protocol=TCP localport=
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:1116
- C:\Windows\system32\netsh.exe
  netsh advfirewall firewall add rule name="Port 1122 UDP" dir=in action=allow protocol=UDP localport=
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4552
- C:\Windows\system32\netsh.exe
  netsh firewall set opmode disable
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:3748
- C:\Windows\system32\netsh.exe
  netsh firewall set opmode mode=DISABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:188
- C:\Windows\system32\netsh.exe
  netsh advfirewall set currentprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2212
- C:\Windows\system32\netsh.exe
  netsh advfirewall set domainprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:3136
- C:\Windows\system32\netsh.exe
  netsh advfirewall set privateprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2836
- C:\Windows\system32\netsh.exe
  netsh advfirewall set publicprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2692
- C:\Windows\system32\netsh.exe
  netsh advfirewall set allprofiles state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2276

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4500

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\New Text Document.bat"
1⤵
PID:2516
- C:\Windows\system32\nslookup.exe
  nslookup myip.opendns.com resolver1.opendns.com
  2⤵
  - Unexpected DNS network traffic destination
  PID:1240
- C:\Windows\system32\netsh.exe
  netsh wlan show profiles
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  - System Network Configuration Discovery: Wi-Fi Discovery
  PID:4416
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:2844
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:1920
- C:\Windows\system32\find.exe
  find /i "IPv4"
  2⤵
  PID:1068
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get size
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get name
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Windows\system32\systeminfo.exe
  systeminfo
  2⤵
  - Gathers system information
  PID:1136
- C:\Windows\system32\netsh.exe
  netsh advfirewall firewall add rule name="Port 1122 TCP" dir=in action=allow protocol=TCP localport=
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4100
- C:\Windows\system32\netsh.exe
  netsh advfirewall firewall add rule name="Port 1122 UDP" dir=in action=allow protocol=UDP localport=
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2460
- C:\Windows\system32\netsh.exe
  netsh firewall set opmode disable
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2712
- C:\Windows\system32\netsh.exe
  netsh firewall set opmode mode=DISABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2652
- C:\Windows\system32\netsh.exe
  netsh advfirewall set currentprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:5016
- C:\Windows\system32\netsh.exe
  netsh advfirewall set domainprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:4572
- C:\Windows\system32\netsh.exe
  netsh advfirewall set privateprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:1232
- C:\Windows\system32\netsh.exe
  netsh advfirewall set publicprofile state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:1792
- C:\Windows\system32\netsh.exe
  netsh advfirewall set allprofiles state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2556
- C:\Windows\system32\mode.com
  mode 1000
  2⤵
  PID:1560
- C:\Windows\system32\net.exe
  net stop "Windows Defender Service"
  2⤵
  PID:880
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "Windows Defender Service"
    3⤵
    PID:3880
- C:\Windows\system32\net.exe
  net stop "Windows Firewall"
  2⤵
  PID:5924
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "Windows Firewall"
    3⤵
    PID:4416
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM "chrome.exe" /T
  2⤵
  - Kills process with taskkill
  PID:2704
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM "firefox.exe" /T
  2⤵
  - Kills process with taskkill
  PID:6092
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM "ProcessHacker.exe" /T
  2⤵
  - Kills process with taskkill
  PID:2548
- C:\Windows\system32\taskkill.exe
  taskkill /F /IM "explorer.exe" /T
  2⤵
  - Kills process with taskkill
  PID:4236

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5572
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@5572
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5644
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 468
  2⤵
  - Program crash
  PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5572 -ip 5572
1⤵
PID:5684

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Browser Hijackers\BabylonToolbar.txt
1⤵
PID:5872

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\windows\jk.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6036

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Brontok.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Brontok.exe"
1⤵
PID:6104

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6136

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5348

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Amus.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5328

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5468

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Trololo.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5532

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5540

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NJRat.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\RevengeRAT.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5728

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\RevengeRAT.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5800

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5860

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\MadMan.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5856

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5252

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5964

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Mantas.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6036

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Nople.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
44bece4054174f5a1281bf9f1787867a

SHA1
29b718ceb54e82ddcfeb11fa3e3b14dd8c43c8fe

SHA256
5b549271cd6e1685657d580831a3814628a27d3c38bb125de874198018d3aeea

SHA512
243128b08b7364ade001ac7b573253e5cf72121877e0446f30a771367aaa0ff5670b32d8e5c0c3fe7352e7c58800280527493b69c6d96b2598c55e43a78fbfaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
49KB

MD5
3ebd26b041ab70d9a44c9d7824d02ec5

SHA1
70319ed70eab4bbdaf1e8fea8798bc15683ba238

SHA256
4cf82ad8e10a37a1bb1d4c3c6b75bc01d7fef4c04f4c6f6b63d490091bf0c6c7

SHA512
541e3ef66cb5002d03eb8fb5ff4bddf134b1814135764913354b23389027426577947b31ad8a4fc1cb857fcb345192f4080204270b2057359ba11bd864e4d206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
1fdc7d5f60f441782b608e81738dbef2

SHA1
74f699940fb527aee9bf21e8d6172b769c549ff4

SHA256
a1538cf05238cc6c7b0ec08ccda41ca1326209b03f3942dfc49194d79942c738

SHA512
7e481bba26d4662c714b714a78e5a002f43803d50637983650b1827237dd7ca0d773fa1b8b016092424d1f7910e753993a8f04fa81d791f98425f0c5cd5c79da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
37KB

MD5
a565ccff6135e8e99abe4ad671f4d3d6

SHA1
f79a78a29fbcc81bfae7ce0a46004af6ed392225

SHA256
a17516d251532620c2fd884c19b136eb3f5510d1bf8b5f51e1b3a90930eb1a63

SHA512
e1768c90e74c37425abc324b1901471636ac011d7d1a6dc8e56098d2284c7bf463143116bb95389f591917b68f8375cfb1ce61ba3c1de36a5794051e89a692d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
21KB

MD5
8e01662903be9168b6c368070e422741

SHA1
52d65becbc262c5599e90c3b50d5a0d0ce5de848

SHA256
ed502facbeb0931f103750cd14ac1eeef4d255ae7e84d95579f710a0564e017a

SHA512
42b810c5f1264f7f7937e4301ebd69d3fd05cd8a6f87883b054df28e7430966c033bab6eaee261a09fb8908d724ca2ff79ca10d9a51bd67bd26814f68bcbdb76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
21KB

MD5
1401e9fee77d1f2ac68382f3e92290d0

SHA1
3016320f4984fc3bea3b64f56900478a7eaecc53

SHA256
1681cf800cad8c704acc3eba63766b2bc724de769092153121f73a34c61f6564

SHA512
a4138eb2b7c6f777dc6b65294a1087501ea4f7ddc082c5455f5998fbee4bc16e28e4d11d0663011cb5889077b2557810a421d6569ab1b796fc94e0e2cd4193d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
398c110293d50515b14f6794507f6214

SHA1
4b1ef486ca6946848cb4bf90a3269eb3ee9c53bc

SHA256
04d4526dc9caa8dd4ad4b0711e929a91a3b6c07bf4a3d814e0fafeb00acc9715

SHA512
1b0f7eb26d720fbb28772915aa5318a1103d55d167bec169e62b25aa4ff59610558cf2f3947539886255f0fa919349b082158627dd87f68a81abac64ba038f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
18KB

MD5
217be7c2c2b94d492f2727a84a76a6cf

SHA1
10fd73eb330361e134f3f2c47ba0680e36c243c5

SHA256
b1641bab948ab5db030ec878e3aa76a0a94fd3a03b67f8e4ac7c53f8f4209df0

SHA512
b08ea76e5b6c4c32e081ca84f46dc1b748c33c1830c2ba11cfeb2932a9d43fbb48c4006da53f5aac264768a9eb32a408f49b8b83932d6c8694d44a1464210158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
59KB

MD5
677b60e336250eeada06d8327fc60579

SHA1
42dfd2a0ce32ab65e7451f49fbca24a197678b5e

SHA256
236fb6e6ac21ee7db3076e54681bf23d9c9ce9b9131af61e946cdb05f9ed208b

SHA512
61a7cfc0e6ae0b9e98bcb6af4eeb3e3c43226260fc0b9e1c48d9197c9f0f09e3eab908f08763da99ab91549859f9ff26e06bcfe941e52337dac3f4246e26b8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
45KB

MD5
ea776124f8557fb1a52290cbb30b8476

SHA1
2e47297940114667f5dd3bd6e084dad7723eb1ab

SHA256
342b7f8773261fd3d2069bf3b087731366bd01c908ff51d315446da2dc0104b3

SHA512
7ed1fa32ffa6a5d228264b44c03ca2e0ee3bab579be86595c11d40c0f9f7736ae399ab4e6e6aaed78b02367e2b9392c8809ad30ca753f546606c923cf45b402e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
22KB

MD5
cc09b2f59a4470793a3f6698cbca5e63

SHA1
f39ce1b732a760a95946a83a0dd8280da4bf47d6

SHA256
213b48665f34b6d14647b6c61a1b59e0a4f10db9e819f9021f3f13f062b03af4

SHA512
94251d4ff7db9ffc769588de1e877993eb4a1c3f4a6a0c3cfd4097a6c2e48560fe8f2c035b04e6c40e83241ee1c561fa3731e2310f67ed1f8afc3852785eec9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
109KB

MD5
c4ea54408ec0f9e4fa1b5088be611555

SHA1
c4f43c099d8704d576f41c1a8768d2d9f8b5b540

SHA256
4419ca856acab73856ca62b85eb2a0ac121f40d941b95e88f77d896714b4b2ea

SHA512
1f0c6cdf5037020ded233fdb1796b06ee61e84d4a8100d4d5a11e0be7b7825b6b1dd930895152d50c8da2243582e4313335f0b3fbcdafd627c0e2bdf5907d85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
58795165fd616e7533d2fee408040605

SHA1
577e9fb5de2152fec8f871064351a45c5333f10e

SHA256
e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e

SHA512
b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
17KB

MD5
ff6c5c5e54367258b348fcfde412dc59

SHA1
9d7f64aa25175a828c56d2731ff4b838382514b5

SHA256
21280ad81c6d90567da562c854b3793155e1bdac7f3d209508c4b289c2cec277

SHA512
9a1825d154c4fce0107d910794e95d8ff6e3e9188072cfb1bfec5c32457a3130779550ecb8ee71b742410ca8fc2ea1c4aa784ed89f3c5d441aa3d59f4ae2ca3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
66KB

MD5
4a50a1dcfc922c0b3350932078ee8797

SHA1
62dd14086f16390f03aad740a601567a71ee0ce2

SHA256
b68117269e29aa79e0e4dbf5ef3ae5800ade7b5ab0d6514adbdcce7709b1b3ce

SHA512
fd8b5e9d49ab245b5495e916119b65fcf2312951b9eed3b70441653813b9bd2682b07842e67cb4ad9ed1cde142a41c7f720f0fd1091a61fcdbc97baf3149dab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\013d518ee7cc0f82_0

Filesize
6KB

MD5
11a906c3d833707d93b63df74c31d5a2

SHA1
079e04c403bf7d1709151c9040b4655b8c853f03

SHA256
468f1d478d288fb449d24b028d2c3a334e86ae9611d7d1b15b122bf5b278d9c4

SHA512
27ed99d3a848259c0fe0165b09d515766494a4539a5859e46b6deed229ba6a8d17587d7ad5c42c3483a94e4146ab1d6b31ecf15dc816a6cfd43434e47832fdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\01f90ba70226f21b_0

Filesize
6KB

MD5
1639fceb6ce9a7bac50f119c8f96831a

SHA1
c0ebbd1659835722985d6b473b9b0722bdcea0ad

SHA256
62f00ca92bb9b47c37299b4490b822eccb5c90d5b49a9be89fe60d60cc4b2c0f

SHA512
33e68b4ffaa5e772436d8c83737747dff3e5b7beed49c34fa4a5b41c0fb4dc871084a9887008dcf941b8bd3f23587fb8426bcd4e458c17ed10fd197f002bd181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0587842c7942e87a_0

Filesize
1KB

MD5
5a585dc89a55837c637d67f22bb83030

SHA1
13f0561d870d5db0521909fc84a44b6b5a9628ec

SHA256
e724e475dccaeeb434ef1723c626027796a17fe71e5ada70bf98d1e01cdb8d34

SHA512
42b4993f25f98cc49651a987db062db3ba675e9f0e23a7a9f2a1b21067e005f4ab5be12276d16fc22aea99f7e17dbb0d81fcc39cbf5590532382498548071226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09a7b9084a99801e_0

Filesize
3KB

MD5
81406ac57d63c8aaffd9fa3e93d23441

SHA1
4b2959cde0323088ad54b44e59dfd18730ce600b

SHA256
cb09fee990b5f8709c86bceb0ebc2be4ac568ad9b5f35bf0023629264f1b255f

SHA512
31f392f2a2aab9329a8cce6b6bab8f927f0a683c74192e2c84a78bdd5aebb800d4bf621755c28351d2f1e7cb2cf9983abdcc64338819ec7371005751ab687d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10c368e87e6b8b5d_0

Filesize
67KB

MD5
a3b3dbd76b5deb867f726c5bc1fb4d01

SHA1
822500ced0c2ba8fd3f77f895ffadf595731893d

SHA256
d07b4e4736430914c791bd11b70a7566b20fc5a5892368f7893e7a9e4b8c195f

SHA512
5c7d4efa87f82aeb58a08a05909c589c6ef29e4ef2b3037d22d5f175b633f2fb8e91207d83a91bdc3ea564c952f037cb1c087ecc7362947d969b82e309d33a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\12e2c4b18dbb728d_0

Filesize
3KB

MD5
0d3bc5f2dc755f806ba0f2d45e4883bf

SHA1
e3371fdd21f9e94037fdecdf60fb3dfe486b462b

SHA256
c5a29c97eaf9e8e4e891dc85213715c926b49a55f0d8f8aa106fd221adee89bb

SHA512
35be9986189601e6536ea7e4675e5a4fe11d1005e3e840a85ed6ff864aad769ce7a84b18aa14f3884cb586ab05346bf0ebac7d112919f9f5cdebeb82eca29e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13f162154fad7955_0

Filesize
14KB

MD5
0761c7caa2536bfeb78d1f9e55b57d7b

SHA1
a7b87c956841a7a3170fdfb3f9856e6210d49787

SHA256
5650b0be8a5eb805ec31c8875bc1064491b26a04e37f1fc049a34f207ccf1a89

SHA512
e55317e3536b9b644a0a88abcd30fc4bbf8930e7615cda1e78501d79dfc0465a1b18a89ea5217e0b68fbf49b3bdfe7a244bf4d4f296d447c365b2d60b2b4c849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\154000feacda5f15_0

Filesize
313B

MD5
23b10b9984e4578e977e024e1a08c29e

SHA1
f4b7b6827630ad263689667ca591c0d14e6aa600

SHA256
0fea5188993ab576a69dd1159e37f5b2c11c78120a499a9ba59dcca4b104997c

SHA512
2102a6ce8b51b99e7267bc2077fdc959f212203613a692726f3087d8b5421d61fb0f75b78000854d15d04ac6bc873a0474a3251f91136a2b0dc3ff7a0168efa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16af11a7a348424b_0

Filesize
4KB

MD5
fbc0bffb833b4bfb34d31d52a9b31cc9

SHA1
2f8a3ff27bd1bedf974538abf9bccc6c4cc7fa86

SHA256
87c8611d65091388ca9a7cecc8384a92f34c3b5e7342d64ff90366b708118e88

SHA512
bf8de5fc30ced4517754c07377297cfda9f69ff5b692272b91702d4a689ef24360f62edf3926f6352164069f158b4fe67393e9d44695ec5a46bb265b15edf5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\172b237bc017862d_0

Filesize
6KB

MD5
d6327748993e6cefa1dfdd7b01cf8574

SHA1
2b475328814729e45e58e5b97e4bbdcff3a625cd

SHA256
aa038a29816e05aac2c960c753fa215422c3c3b3d24628f251e5c7a9ffcb5f8d

SHA512
fda2e5da2a7cf8062d058ed72f46a3d21badbcf6513e9150975b33c36b1fcf823a75ab91a16a23fb445a66190c64831b5370236ce7fba8508039d9a4e3f6386c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17d3c4e19caf221e_0

Filesize
1KB

MD5
bb3cde667c76c30a82085f8d5d619d58

SHA1
561dc26963fccc74bcfd1d68755c65ef8c526360

SHA256
c4ea7803a099cb8b2da04b9e92640a2e35a164ffd670911b6f8f14ae7dd5b92f

SHA512
32e8756a8e30a495bc48edfeb4fbeb397f06418907d51f8f17d0cc904ef2d36ffd9aa56936744e4c273a124625537ec783785028fde422ebdb8bb12da61fae14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19152b7f8e8efcb9_0

Filesize
2KB

MD5
1d64f31036404a45968e3f35a86dc67f

SHA1
001d950673f4737a477f308dbd507d90f1371104

SHA256
c4511b077ab3a3f67f6d211ef41f7c20aee4088ee49f2c8444a5f706570096f7

SHA512
eaa8e04a8de7e165a19295d787a924e372293d634b1360fd117af371faeade1f8fc86f1ee10477f1afc79e40d98b14875b4f48f14ec257ef502121531f66c0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19fc1df34a20b146_0

Filesize
1KB

MD5
64c20a4ceb271e92627948880bcfe301

SHA1
da7d9968bdf96879dff22f3b8ff5a02a2aa04795

SHA256
fab9e93f122eac9002cf242585e6d3862ec9be4295a6c6df151d47f0fcc39f11

SHA512
7eb11078003423db12ecc0be629e7aa47f51714191c44f3383a7eee4d4ed6b5e247ac35149321b6e6b24a58d73d855564afee0f25372d308f3e5bacf650c1529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d04bef2abfa72c6_0

Filesize
1KB

MD5
42cc0c2ab24452213806e9057a892243

SHA1
41be8576ce03c0a462bdc208f73d858ebb4cba72

SHA256
7cfd5ecce356fb4fd8bf6a32422d212d977cd5b23ac86246fef3e2d10e301f8e

SHA512
ec3d510704fd3f80ffb61f11bd3ad384d54d0234676e41db86040a5828f80f040a5938f2de7dcb03bd00aa0f306dc91c47aaf09e6997db49de7aaf0e4cd8e47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2127222b73f24cdb_0

Filesize
1KB

MD5
a66028fab4da80290162109fea45c4e6

SHA1
4e3c35db5fe8187c8be17f59bd011f53ffbe3903

SHA256
55eb9a496f370daa2cdc7e330b10dd5dbbaaf76ba58cf27d753cedff087c5254

SHA512
198aaefec1f89f27a50824f199a4d5b856279f4af65d07bd28dc27184f05c9dcf2863a423beef7adc4c4ac9ac4316151edeebe8a18157db51d2105d8d734fe0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21c21c5d6a3777cf_0

Filesize
1KB

MD5
6cb4f918b4e4258debae8c6638e449a4

SHA1
aa12cbeffa32cbc3d15992ec9d4fb52bbafb4517

SHA256
2790495e2215a0653073f45ea2b972a1757c0fb19ae959b32a3a9c8c234e1994

SHA512
402975b51c759425e39e432286567735f87666130318a94ab44d77a2464c2bf59bf724451df58cef92e666cc8726f6c2fdb801ffad9d772683845ed8ed528486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22510e6f41637f30_0

Filesize
1KB

MD5
941cdd3e42ea299c507297f199990007

SHA1
d2187adfe4fa0cea71214c1a8b28e5bd038a4355

SHA256
7cffe19eac3496fa2941a854beb5e4d475bda0a8cf5f154614fb31cbb128d48a

SHA512
99cdc95a1e4e74c347b1d2e6ebca4bb6bc0ff51e2ef975c1177ad1ac67759ca0853c544247a29b069c3c5ba9f0971f3cebd62bd8f3b18da98311805aee4f7271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24bc1b34cae9933b_0

Filesize
20KB

MD5
ee4324bec4295d4cd0f962bacbed969a

SHA1
7782fe041088171a1075c138674f6afba51ee37f

SHA256
46fddcb1475fdac7f32efc83c2f38b5853c1f2dc3e949153f57f5354f28c217c

SHA512
e0fc33241c0be467b7512ba54e14863b3e5eca488f2a0c775c75eee812fac669d2cdc0c4c95d6ad59f06ac3ab225ac43b7e22692a34291622b8baab236b1723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25d24c50d6908129_0

Filesize
2KB

MD5
995054484f1a299df9a4117a97ac73c3

SHA1
6b0881c939591c9273193cda91b858092aaa051c

SHA256
b581de0dbae81b30257ef11e72c5b428eb590c61d57d7e28ea218e203f1d68bf

SHA512
be73c61ed77aa31e2c0f1b1af84249bdc94525d638417f4a511c170b5ca8804f31c4c28442ae8c2fdb6204c0cc980ed05b7b53e37c87075709ca3b4ea65f86f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2940f1b866286526_0

Filesize
4KB

MD5
f4d140694700688cfc015889f04a56e8

SHA1
fc7054e56bfe1397cfdf0413b9a54208b8b3b045

SHA256
7ea4b920c171c6cbffa3b483d560f61331f5ff2d2f97ba5a0e37885fddc40179

SHA512
2bc46c1fabce647deaa8ad0e66014467a46e9e09ba96f95afc98c5c558ce1612f59e73a4d96913be8f618ba1671e9617aedbc2ffe82d7537568088b4ecf7ff9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b1a8882c9eee352_0

Filesize
3KB

MD5
891cc6624c0652aa386f69a64a09a753

SHA1
1ad4e54a27251259588eee69d04efb00242ee68c

SHA256
2c3abcef6a3a62a52d1482425a8e40fb8927a0d585c4f485ba55b1dc3ccc1d9a

SHA512
ce6650bec4dec6c778529f0d7989272e60b517ce727460803f18681a0df46b5dfe209687d6eb894e9f11bf79fc4ac85d6bc41c3e274008c2d8ed7d3f112f34f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\317e25fb4e2730aa_0

Filesize
1KB

MD5
80f3d5727ae3578f2992b035d55d2c8b

SHA1
111052c0a0bb815df240ecfe99ad46df0fc273e5

SHA256
c80c42ba02c5d8f9c073b902564c8b74ae2157cde4c754a2f876ed013e2159d3

SHA512
f32021317fe4a5e952f0f0e0b74888812f50d605bd2388a424d568f8168860af7f1a9eda522d33ff09ad663eb22b746ed06f5ce2b6ddd4882340652e30851b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\398f89396d810049_0

Filesize
1KB

MD5
8b2f736ec15e37150d4ea59935f3d5fb

SHA1
a31cd83ff59583d60536881c8987accf88fc11bc

SHA256
537849f246af06fe15bfa483d6ceb3ba2dcb0682448a4b8ec00b6c07d2632b4f

SHA512
c5ac0feeb83e74837d58ca4a61ddf689cbb31b342647c9da1ff1c9a7f2f9882664ed02da8e57b75b5fcd720fbb4a5ae7b75467dfccd320285181b171a3afe440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\39e113aab00b8b7b_0

Filesize
24KB

MD5
7c52c92a83db2a4bda55cccdec02daf0

SHA1
17b5f44467da51fd7c843561017c27d003c6d293

SHA256
1d7ddac983e9fc5fd0ccc6e613b6f8cc08c1cdf28cafd6ae1c0c6b97eb468c18

SHA512
3e759bc9a47dba245c3cf6793db7bb79fa300331dce4459ebc01b09b085b3273e32ca71b8a00bd83720a160b5455cd8189f50bc2b284cee63fc7935c96390293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c878b9c6b2711ba_0

Filesize
1KB

MD5
3223bfc68c37803dc73306dedea37de4

SHA1
b4925633e9d318f5bc71e3d8c4ac3ee4d8397e8c

SHA256
cd224ef6708e32f0f6f881b8573d5c5d581381022c6195d57889c6f640b2fa15

SHA512
690393ace6e0596207e93f124447727d33fbb4fa81cfd28498d750f917994d5392222f549261a1fef22c4a0b243e65343e6a07b784e29194b80834f0b1a43944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44d5079ad5841b25_0

Filesize
7KB

MD5
123b7b81d32a86d72fdbed2d20b18515

SHA1
b7b308fae46f58a0e3b982b09e734989cc8e4263

SHA256
242750eb6c58661d34e0f26ff36f44c3c1883e308861ae19e9e8700398f6475b

SHA512
e340c1b1eb46111fa4a666325ad80904b667c14fcaa91c89e64dbf1df204277422ae8fe3f840b16abbcf5dc56887cd451da9b38fcbd035d4cb3389679ea4c61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47a4811439b25efc_0

Filesize
1KB

MD5
ea27125cfca8783581c7902344023689

SHA1
666da033004dd52fd6479777a0d82c1072d0fc9a

SHA256
e77996a6bcf0c1d6ea39798e93f69dad0e0d7d23581097720c5456683e1c50c6

SHA512
5f47837dcb1603430bb359420819479fe0f50e2acf113894abef9e96caa4b8d014c2de1d55591985cdf7b8e2b5375feca8818d22e29a9ebeb9430d78c4cda838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481a039d98aa0e8c_0

Filesize
286B

MD5
6f5cbedf4c0b6cd66d46606688227a20

SHA1
94d10bf3c7e4d1c80f5c278d61869f6b45313281

SHA256
9a142e2a1992778dbff0c19301f2586292aef2b858358bda956fbe318543b8f4

SHA512
07cc55e9a92c9fc8d132fb2cfbfbdf7d6c28477fdc430d5cd07ea31555db4eb8ee1455d46a77e6a78737e45495148ed33e3a18485284f8350e589338c5c713c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49c5284b87bca143_0

Filesize
2KB

MD5
e851a30cdab06d82efce955f497947fa

SHA1
a47a169f05231744ccfe2fda9dafc613e26b912d

SHA256
88c20f87f990b2ebf5b260acd662049d5af27c69fac0f65340ae69c79954ee4a

SHA512
82187afaa4a03208c9c8e2e343986711308ca3e7817f5504b6c61784b6bc23bf170a09cda8f9cc3ed8302ac1af411bc73078cd5a7e8676db3ead734a118df53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52d4fec1241d1282_0

Filesize
8KB

MD5
3722ce5ab1a1c00d87cbb99de626f3c1

SHA1
4655f62d6be8bc98678979eaa11a0defe2697188

SHA256
58f70a2da9a89ada0c72f4accad746fca124303bd8f1ee55076fc01cf2ee59f8

SHA512
71f2c6ed8b349aba112bc665d26ade069e5070f41c5dbc281755644cb25ed6497cddae766686362c369e14bcca3e9ecf98310b3484386845edc3177858ba9ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\545f9bf761103f1c_0

Filesize
1KB

MD5
ea858ea904f4e5001b19b0223c6a5f40

SHA1
55738c7a98e62653dcee37fbbb535a44787b0a57

SHA256
90ca7409f8a8b97572e66b68d3e5764e30c293400e2fdc318f833e048b4edece

SHA512
bb1eeb5b17e9b8ee8feef070ae28b2645ca8776eeaef959951167caa9d7e8fcbaa136c978eb6fac9cbe5ff05b96a901853ef4678613d49751c7690e46c4df7f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ec35e118a6ac2dd_0

Filesize
35KB

MD5
5557da9c48b62f3645e85155bde53bb9

SHA1
d86737f36e7c457281cab7764ffabd8f0739467d

SHA256
ad350adeb1b15ac40f8919befe5b15fad3b5b5d949261d94fcf3a4b9787e9926

SHA512
4e5f6860c424bf642f4b29d138c8c564ce54347b352767135a5dc5cbe63df3ed2f496177c054f06cae2f919aefc8abf7574ff574c1e626699d32c5ed3eaa7c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6168649e6abb0ac4_0

Filesize
1KB

MD5
d7a6d4a4967138cec7d2b37f7092a87b

SHA1
c84976b77b3d96dd812a56265ee999484d307386

SHA256
d3760694068548c0b3a07ddb40a86f3a74cb80bedd44599f4ba2e3ac0788cd5f

SHA512
d63b9a71251b25d2059c1a857bc25ebb2a5b2cb77d2c4fd6bc45151cb7f1a0dcc54f83badc9863a7785e85f4a50297de6e2da261d9a45ab5bb350afabb75ce11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62bb6b5b8c0b581d_0

Filesize
850B

MD5
61eb2604c0490f14801fcf4f702eaab1

SHA1
53a9f4211c7977a79c210101786426eb8b69bdcd

SHA256
f3b00bda116f2e8306feb7045247ef72d98d3d8b6ac022a77149f3866caca3c5

SHA512
0fb920af1a298e9b70ecf6cb9ba8acaf95bfcc1881814d5949b95893affac9d2dbedbcecc6527e5f173ca99f5411acbf929082bf3e44fab0082119185d440064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68e1efedbbd5316d_0

Filesize
24KB

MD5
b74bb76e9e92b3c5e3f99f7a3e3df4de

SHA1
8f2a2931f9bc06f20b8b8b029764f062b341d079

SHA256
60b96d0d1f9ef54e72f09be1fb28fd9b7c7f93c83a9b7fd5eea0652000b46fa3

SHA512
c6c5f23d25c8de442e0bf17d0847da8f3d7566e094b503dd8953d64038327de331c7aa406ea017fb25c5f393a442c29694fc02155549b238591b9a3561d22d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69c8d9c27c06a8a8_0

Filesize
1KB

MD5
efbcfd50552c187d80b204ec485d6292

SHA1
8620dbfd3531e52510333693b95094669740d71a

SHA256
4d54bbb6c3dcc7aad18c153885e420d243a2c4551e8dc37a9576e81c3447d500

SHA512
80937737da3183122d34f5ed5f5694c2f92fdd4b160808040ff2d83648e095a166e96a696d687bde549fc9fa0aa61317274ef428a9380a040c19733cc5bef308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d0b78a7984afdac_0

Filesize
2KB

MD5
5e54b0760d18e0afd04c3ce10ea66fa9

SHA1
928ea643d6ebc9423a942dda4255ecaa80f9a82a

SHA256
e834ec63ded5b48faa96bb248e760800ce7ebf5200e2de1a556e499599b26cf4

SHA512
4a8f5a5ed6d7dda18b43b4c51400fa3653055b2fa72c1da1a596aeb647cbbc067dc1c6117898661c5993673d893acf112558ba256bcfcc2fe234b92b2d891673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\769c061e8cd16503_0

Filesize
1KB

MD5
a19b63f9de44c2f5699c3e2b7a0270a3

SHA1
01ca88afbedce15e3152b3251bc7ea87e5155520

SHA256
f6c4a2e515a5ff9f92942c6404a76dda1de3b71e4f2ecda1d0850e89a37f62d0

SHA512
5acc15cf3ff766d17cf1f69799e5cefeefe12a30c4deb31e4bbcf1408f40e6c4419c0e35889b82d377ebeceeec59441034e9da72c30a733bdd18b83040194ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b4311b2387bfb57_0

Filesize
1KB

MD5
5cfe04cd713f390057eee38b2e9260b7

SHA1
4bf804432b5ac62ead492b40e068744bc1c8d98a

SHA256
edfbf2a5433419c1e1653db437194148b82ba9a626503765318907332da75f23

SHA512
ce920b9335db9c4e4e98aebfa41185ffca0864fbfd2c48c19f3adb404e98de3af3688bc610a182a1fc805645ea5a6de9b980227f113e4fe7e273649bd669eac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83884321280c179f_0

Filesize
1KB

MD5
15eaf63fda08cc80cc76c79a38f21df6

SHA1
fea2eafb77d5c078f51bcaebfdfa9bf14e2fc8f5

SHA256
82845fc3c2573a5591c43ae9c96c833615b3abbac6aa516163d8616a6b5680e5

SHA512
0de1badee3c469ca941aa9023638be4f16bd84fd074c915d9e141594f1292572195133e612b3d16a02c96bf1d3e8d1b2e31b09ff90a604262529656f62c1ea58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83b4cd320063f228_0

Filesize
1KB

MD5
e329537b31c5612515b9725ca9f5d452

SHA1
24daf29b41f8519dfb5acb5db7f1eebda46214c4

SHA256
c0a5f51aec504b9931a49eb85df0217f72acd4b9935cb7af351641ea40fe02c5

SHA512
2d752cfadfefed8b617bd01d4a48a361d6c02c69ff25439a1b10f16e09ef10030cf158d2ca6a05ecd389ba121597dfc4e2289c6893ba7cba5d6fb9f735693caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89a9d41f71fa94a8_0

Filesize
1KB

MD5
0671bc4f0565d3cbbc0c4b0c568cd5ba

SHA1
12aa1350bbc14afcdba0c25063f78bc872524476

SHA256
c0d098a7159793a013c5816cce182642a7c835de24c9eeb64ff8f3a774d5763a

SHA512
a0960ed8584e0e35805cbd22bbc95c84ed81269088a170dbfc7b59a04bd66e08774e8c73c75a2b35e1fc000727e2053d0b99fd5c40bba85c36685350ed415f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89db893576032902_0

Filesize
2KB

MD5
263b784c593b6e67edacc92fecdd410e

SHA1
5e8e8d303c6e0331f60bc9ad161016b281ea7aa1

SHA256
28812d70a292e55b49ab49ad7fd7f4c14eead697e338e7934421ae22208ca0b0

SHA512
6c4cc5f902f4d0bbc4a3e5613f6831df2d8a9133ffb2ca7a8a5d4694459f65e346dc1c4ed80f3e849b4965bba0b0d18ed8f775e704b78c5895a38d4fff1f62eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a97abef9c409a22_0

Filesize
2KB

MD5
7b4cd1f58ce51b7c18fa9fef3a9bd5c2

SHA1
662a80f03145bea3b3ff2820cb29e44e2a75e601

SHA256
49424e11df9206dfec7bf4f19e11c5522c820b0e30078b0a2e2d118dce8ed9bf

SHA512
14b46027c1c45fb001efedeef8869ffdb056ef6ce31ea463409ddd8c7c0ab2c633e3ff9b29a07e8cacb977d8704f2354fb672eb4ffbd66e8cc9c546624f3dfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8cd4eae1c08033a9_0

Filesize
2KB

MD5
1d9eb22bbd1668bd7fe47b973e914d5b

SHA1
5138e6094a6d9f89a4f6613f997315d59d3b00c9

SHA256
c7327dbafbc80875f5de06bf0778bb3be975f256b4a6131899a99e25d44accc5

SHA512
6882077ae0c51146da68064c326f4bcc89c4d820c8c2008fe9c070720708354390175b1a65bc8c6d1d880553bfa01defe8bc0db027579ec4131639f8ea1776d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b94093e6cbbbbcd_0

Filesize
2KB

MD5
be717435931b6d50dc9786244c7599ab

SHA1
c0f03711772da7ff12e2b74fcaf436ba38c0b1d1

SHA256
9092e387dac1e3c5819db4daaf663ab747a834cea61860764e80d958dbc5b808

SHA512
18bbf9bc55ca012268799efef2ee977079e11084067482e0ff2e1751ac231d343906f6adfff6ec8f4f2937dba3989e5f55da16fa926525991b654c90b22d5f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9ea396efede0864b_0

Filesize
1KB

MD5
cb4630931991062d409bebd7081f6a8a

SHA1
ba92299e67c40a54a46ec32fed48e5efc47d9d0f

SHA256
3cbd14732044c79090e2a9712bfb85f32bc4bf74df30a08e80811b60408de1c3

SHA512
53bd61f7ec3290dccab0de6d15049b0a4fb585027226bd3ae1e7f635955f3fb58894573975ad4cd7c5a177858361547dcdf159421d7f9657af1f69741c126bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a24e7986ec3623cd_0

Filesize
2KB

MD5
ee3afba701d9e21c096d20647195f5e9

SHA1
ad536dcf41df5bf1e0aa9e59d647611d3bb02a2b

SHA256
9404b38db70d43caa5da2ce764bea58e19e3a5866623324a415ef38f4394bb39

SHA512
d4f26242676f57b96615babd8d2517ff5598b63c88a20f257eab81b05032635dc466cea0c95b0547b06f57feb0ee7f0affc69b3ac61a6b216a643879fc7b18bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a69226eb7e1fcb4a_0

Filesize
1KB

MD5
5758a4eb8577e48bbe0ffbc1a213cd39

SHA1
30b0895e575db6baec19518b87810789feab8aaf

SHA256
72dda1fd5b8ec93f59c274ee38ea25a2e290c1a7003eef033873ca02ba0b35e3

SHA512
e31b388c65a985819f359468531f1f2d23c3cde1d817ef0287b47cfaa05077c63727db6af81012103050420f8813db3823d3e5e97362c7775bdb6328570c992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a851b595bd85f42b_0

Filesize
1KB

MD5
bcb947ac18470f08ac64bc4a30eb1027

SHA1
ef306d9badabc70dce7919d5d8314847b3b5c932

SHA256
78b0cc6fadc2ec176ebb94f3fd6a47cccb302a64a26b4d1c5277e7bb8a0d2566

SHA512
da991ef7dec6f8e692bb134895b0856a740a66d285e4497d6d9e9cdbca1cff7af08688c85bb4a08a49f1d3cf6a2cb6e28c592b33add26935ce308edc3eb9ae64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a92fc2d2b9d9f0a4_0

Filesize
1KB

MD5
d08265320b48b6d04cf3c0f32b8ce7c1

SHA1
a0124f3ff716379d6a5abc7505332af7ced5129d

SHA256
8c2292e9b65a861261cf3022ca2c052a7a61990c8038503214fef106c61d4f8d

SHA512
29fbbfab717442be9e4f5bcd35e45a19ae5344d016060a2ccf2a2097e3d63b2c40921898adb035381b78d9829eab63a99c8780d017395009062c46cdc085ffa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b190a9e98a3382ef_0

Filesize
1KB

MD5
d88b039c6ea001ebb62b8b7a88ba9b9d

SHA1
a149d0d5982694f198c429ca936ed6d62dffae74

SHA256
414b4ea04cd634e90781bfc3cee8b746bf3d46e9d6d2ac71c867219cd0c53c45

SHA512
cf38f8b26c84a279bb2647f0c5d135808c038f8a6b145d6f84137be860ce5c11ee8ce53ab763857053571df1f20e8f8a6fbe8c8bbe693a64eb45f279c31fbb06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b77cc7fdb69c2940_0

Filesize
1022B

MD5
7be0f67712d3303cb9ec8ddcbb25ad98

SHA1
7d2965ffb7e58d34c183f2233192b3fa34b5f262

SHA256
9ce9b7e4a62bb371ce8e77daf923e7315cf55667f09559f830508ef623c47f61

SHA512
f6d16caefdc152ec6eafced82b4abfc54a2c6047aaeb2123444cfaff8ddf0e10f045b574bbc81c81da85de016f2b0d4abf721cc6d21cbcd4eaae7a375691c047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b97c948285070cc1_0

Filesize
1KB

MD5
460b61ce0b7fe40b0b8018e7db10483f

SHA1
14c1be304e70d807d21f81b3cc9651d2dfabd7c3

SHA256
c1f85774ce6472104601b350fd753021d2b1f2eebaf7f06503af2eec0e17247d

SHA512
53e2c4cf9b21051edc327a31f13d4fb1070082f22276dd805fef161d92e5145f7044aa7d1d06713a287073621a3c868e628041590aab6aab66a0a1073061423f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba872977e7eafed0_0

Filesize
1KB

MD5
1646416ab5d8b6e470952fa0d2a3e6fa

SHA1
30fa219b6804d8ddf6cace377060f29bb09a0784

SHA256
0ef0e6b124f19ae735c8f1989d76073c63a47c5394be78b0bba54ef503f0eb86

SHA512
ee43e200a2a3e500005add645cbe2df42fda34c22bb2837ad82e1a1f317d2cc5ca0a42cd982d80f2b1cf1ba97c5bd542bb555d47870c17397bc923c26a6d7013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb73c6570251aa2d_0

Filesize
34KB

MD5
451e187c27d351f9b96bccbb082bce28

SHA1
7d1f03356ba0a588c943dd9b961ba0963012aa45

SHA256
9916fa6b92f8cd4e3a1d582cc424bea4e676a6d517f7498294ebcbf8d4baeaa8

SHA512
4cee1556fb609a4e3c2ef760f264b7dc935291589ac1531001077b7ad45c5e3c8cd53f4af4200f29e65a41fe5e535e58b930f37d8f2d0529009f375e0018b5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c041c29b492faf43_0

Filesize
2KB

MD5
8e5edbb64a6c2e70ec35b4880ba28990

SHA1
231e32e77b4617f2f42678db74c726b96a5e576a

SHA256
3c9608a55f6ec61ca7aea1aa18b999241a26e3ea70461746c56b8bc1e528d0b2

SHA512
8ee9b4afdba5ef35abc7d894e1b14faddea7909dd1c00dfdf10767d63fdaac636faefdacaf3c54fc0661b1aef2d96ea152f63d7e4306c4ff2ce9d5f942bd8802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2b4e8597e4738ff_0

Filesize
1KB

MD5
deb62616bc5a266b1cb14c150759747b

SHA1
d94944066141cf97f317baf1b28cbc4f392d6182

SHA256
ed9a82b87818fa9df4717411e2f5029ff04801ca95edcbf04e3c14732b58215c

SHA512
2f3d3d51ffc12af2e843f971b8e3e57209bafd21a963103016a6754073f83acf67db615e5572552b9608920534f218ee105e99f2f0b1902d8c436274d828f05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c48fe8f94ea085b9_0

Filesize
4KB

MD5
5d446fdeb931bdd2fa413cde8c45f2f5

SHA1
fcdd3318fabcf2736a1a82743409c7c400a51d93

SHA256
2c1a219c361a432c373444c9935feea270a1d11ccf0d046f7b59f4fd240064fe

SHA512
b22e2f7a426faa4ac5354b893a7223c7effbae8634cff2ace3340e71b43b5bae6fd088fefd420ac476715feb9ebf03c5d75ffc245a119311969aa40afe5bbbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c62f099180e4e42b_0

Filesize
155KB

MD5
c4a5118ad7c6cd0dd9e5993a9a9b3080

SHA1
3ba156ee9f05d58f00ddbcb99a2e30ac390b58f3

SHA256
01e6e7386f7f47108f4e17904b7e8484c9e1a0372a07c4ee40e4204268b5629a

SHA512
556b12824515f98bbb9ea848f484c3b077a0579ca1787664c5727e654633ed0b2c7ce11a7d69dd6844959b40e28e962a65af6767150e56451d6afabe62ceeab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c916ae6dbdf101a4_0

Filesize
1KB

MD5
3a904d31e8fd52d3a7278f239a87132d

SHA1
d90b89f35231d2f800c7fb1bef6179fa30dacd8e

SHA256
e08eb48266ff12cbcd638296b2f843dc1def1fc0fa093fa65fca66e482149ce0

SHA512
326ef9fa141a0bd22f695cd6db5cbdd6c1524665b17fa8895f1d106d042ce14cad6def924a691fe4ab3eda979e9eebbc50e54c2493879c5e414c0d6f5f810325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd5d5f2f9af6bb44_0

Filesize
12KB

MD5
1d4cf6e4da9c50374d6eccc0d35811a4

SHA1
2915dd7851d060563610aceec87762a92a8d6683

SHA256
1687accaaf514cafe84b7fb12de894ce19628087316f8047919024548f567a91

SHA512
fb21b3c55761f8366f42d5114b77654ab582d2760b8b904f76ed856c7184561c40e0ca16abc5bf01aa34cb63ac468df93128da266f7b0cea5bb7a902b08f13b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf89c1b1aabc0399_0

Filesize
1KB

MD5
65de326891c56caa4d2f2fc449f5c947

SHA1
df19e20b5ff8342158fbd86f6b4ed27089073c8f

SHA256
37a29c00de417d2ad911ec4baccbcba3a233064570205297bbe412404d46f40e

SHA512
ec0202ae597e671c73ebe79e7385575ee16f0587f1d0c1490f708b942ec053c9c45770b1031f1583cc835d835dc07d7c0ea4dd7baf1a3fb3e87adb64edf6c348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee63056e09487e_0

Filesize
269B

MD5
d38b00b1c09c1f82121dd279597ead8a

SHA1
6077f64d14192bbfcb1895876f115bfab9b1e323

SHA256
53a0dbdc2503521f91c784fe1fa1d86a5ee3ea3b19a887b3205270cc90e000e6

SHA512
99d3dae36ce477a77f29b7d18a3076165502562a52d9a76db71eceaeacd24b15115b2b5b425af7d967ab17775d0bbc214958f264d368f794bbee9ec1d925e890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d96890d33e3a1aeb_0

Filesize
2KB

MD5
c453637f231aa2980ba48757525d918c

SHA1
0638f7d05058b14294a026b36f45308d73f94e04

SHA256
89884b828c5c96318d10af8477eaa43e062c29f197c6f4374c271b53d70637ec

SHA512
b360d0917a37ee9e934f510a135f8fb019f07c00b8ef4577299850613f0f458d8dfcb359ea745420c99f1ce14069fee7c56fe467f4ee49feaf70971f5025dffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db80d672a14a2d79_0

Filesize
1KB

MD5
2bc249bac9acbddff7651e18c41dc248

SHA1
b8a8a09a72fc123a77c804d97c89ede82ac91eed

SHA256
3021728beddc9fa87a0d8c351e2fb285179c708bea10cb9f7e4489d6aa16a941

SHA512
1748f00442cb90c54185a389310022427ce10edbb7f18752d5f2d3a8b0decfbe3979dbc79c93fbe58f73c4987f320ba9f9f75816fbab089ebdb5fe3f17778d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dce3001693bfcf17_0

Filesize
989B

MD5
83a19cd0937e88ec55ae1db386fd6c05

SHA1
3733329f17f192a3564e189500e8b890b4bfca1f

SHA256
36d8114d6a49fadff4a6ef5eb8e8eb8d31e9de238bf5417c2a91be1cf9fa9807

SHA512
c373b5713fe93a66915f1018fbfd368cb040ceb955df23b6034abc9f5577a2a2c62cc6560c5fb524ba8730f40bc78beb2dd107cc6a68f1b986bea9e33bc29164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0

Filesize
1KB

MD5
5492ba041984e6b9f8707db957328897

SHA1
aea7b1bdf65920e447ed028b87f5aceab7bc0e36

SHA256
1610e407a9655410ce189a35c1599d16c574dc660441b89caffcb2e86ee3fad6

SHA512
80427aebc119e8fac17ce7941d756f57668bd3e79087dfccd9c3c743f1ff00d1cecf7efe39e83b1d8d9ab8e0d955805bf540903da0cec048ca2eaf626bbcd969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e43f8d2f78e0c1f2_0

Filesize
18KB

MD5
eb2ef4d98ce18ecd6de703ca7b3695ca

SHA1
e1c127f3188052a519035432076e405f73a3249c

SHA256
03819f9f70733a38cdbf28ca5fab91ef8302118c4df19cbda5ea32444223c5a5

SHA512
d4c6ab54533b6d3640dab3bcbe7235f8dce04fc6edc5f677c7dfadd61f3ded1e2a1f59d06dab282b002bddc69da7cddd073fb5351f6efd2d076a9690e562f126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5411017fc547b9d_0

Filesize
1KB

MD5
e37c03fb19eb6258b6ed33315f67c000

SHA1
c9338b5787a5041102ce640112559b0fa9f5490e

SHA256
3f976645206418e549346477b15390d0dfaf823da41b529c938ee26b12b3a72e

SHA512
1ce24e1f7137873e2646947489143eb18841cc227cdebc34efd0f642da0c05f262c08b3ab5cf5f556dfe4cb3deb437dad558391d32aad0369e3a5130dfdddf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eab6493a0dbfe79f_0

Filesize
1KB

MD5
eda09042bef7a8ce515a859a06f1850f

SHA1
37fc8a1b288db9f920cfd67216af0af5da6b0742

SHA256
01401572b932de8d28887d6e72f56eaf4fd4c01b1c6e4c73f30d7c7e79471812

SHA512
fa7c487c9c27a6dbe64f18211afb05eac37edaab0b49b18c97aabb48f37824279c0ac02978ce20f619f0efb0a5404e21710c334d81ceff045f1cab46f027fc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb26559e0822d249_0

Filesize
70KB

MD5
8960f3d07956f1e740782f236c02cf43

SHA1
0b054b4d19cf098c8009daa027332c3fe5b2a8e6

SHA256
67a393b9a15a125c83e2aa06f72a821dbd9c45f686735e0b632ba665efbfd65e

SHA512
c74583fe395a0a7522d998d654c9c2543b8160b4046611a7b7408625bd247917a4f88664382c5ebc3b0ec0f8974202521e5d23bd2af00d83e3f9944cac61d00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee08c28427b16c56_0

Filesize
1KB

MD5
8a5ed0fb5f94ef39ebaccaa5e57e234a

SHA1
0352c617dd1e74313ed5e6ce1539c59d4115fdab

SHA256
0ba5581e8c145729aaabff2980508bd50c798aa6e5ac6aae6666c6aa2bc03102

SHA512
179b5e611ad94072c55f5358aee303a46cc0a7d5f2d067a8f46c0b6a68dd1ccd40af177bf2fbba6daf715004f7241a73dddce56f5e04c29c825b8d5ab580608e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef69ae87f07a0e56_0

Filesize
1KB

MD5
965b937eeef94afe0a6ced0b4e9df9a1

SHA1
1c0319ddb731bb11a07bb1f4a5ea8f651377aeaa

SHA256
02971f25c80742e69a5d0bdb33ea53af3c64455611727507765ee263adc18f33

SHA512
1f821ce7cfc458977b4304a70fbd71f322aff21f9aff1f619e08768db2e6b1a1bf817b1b3895b320c11edd64e9c6fff361de4ba298382c1bf1850e340d8323c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0572c9ab2f19dd1_0

Filesize
10KB

MD5
04f576da6514be04780028df908dcbf9

SHA1
04e95c621c6218b9cc6637e08c4e02b8467e8de5

SHA256
127734d316f794c815cdbfad279bb909c379590a51d7b3c7f282d574362c31bb

SHA512
be7d70cf6e772629cba8be6dea3524610381501489ac2ddc2a6dfc7a8b5a0091884974c92b1b58bd84e5619c37f6c788c365815fee38142652232050c6f9d718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2508f9f774dff5a_0

Filesize
11KB

MD5
743221423414276b36c5875f6c4ba7c2

SHA1
0b81d128d6383cd158e24a668f4b12c1b1e39b7d

SHA256
da2082baff0e1f101f141230596a64e095d2d9091cc9c06cbf8e356fecf21449

SHA512
8b696ead0ef011d6f171f0c7ae692cf1b941e0bf2021ab2eeb366b804cebe4c0ab79a59a0dba8417204d7566aace13066d6109f2d914a0baa496825d10d8445f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f735b670a4f7a234_0

Filesize
1KB

MD5
8a1e3ea5f9ae821e2f3c961d61f34d27

SHA1
4204895dce35421521864677f33785d9e434047e

SHA256
b9a1dc36d6103a87e0be092a8dec4f983fbccd52303b97c598300ecad4919f4d

SHA512
4c698a29ac90cda30ef0dc58881c9872c17801e141d881a2fe8e3d80b3a7f2c2d9b7fb57bd5b00ac05b6f85a26fbf32971e79d2e24fedc77c65f0e74e1feb9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd66fe581b302149_0

Filesize
2KB

MD5
846c8f17e494817cb8b95a2bd8b4f308

SHA1
9f7a9448f1fc0b3641f8de35fcbf59d38c966103

SHA256
9dfd001ca15957ec6c6628f98675cb70a315e111d6313d29f9049a914dd17c04

SHA512
3b0114b12d78674d5f8932939d7b8fdae44576b4416682d864442c9c3856a4de9c337d4d50460e91ac337eeaf17e4f17c833fcb6b49ef82fc9f2216d8e6dfd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fed0cd31909da4d4_0

Filesize
1KB

MD5
bc5c459dbf6438ef1582177ef4e7eded

SHA1
76bfd20b7d47d36aeabb411c932c4c78928a5c9c

SHA256
6cabd0328e4361eef95adf08f138b2c03a567561ce0e3cfeaf2a8e0af60baa73

SHA512
979cc388a7dbddad1df23f9e3a8e8d77eb55eea46bace956a84c0d64290f46d6814793d2850d5e1b69c9ae2347cdbc3b2e6b8648ecc0bbad69d1ed0c964cfeeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
24a41c7a9bb8176935e86af1469272af

SHA1
c7aaca8078a39acde2e47bc5b3348df31abd9745

SHA256
b56c95db87a529eabc51889c3a6f01c2bbe6980baf555706fc9bac88d9d3c29a

SHA512
efb1f4a66803cb75210e11cffc48050c561d86f89a42d57901498e46caa6804669b46ce4701e5fbd1afb55786d60a8598f6c6822176e0cc48222fc3a831bbcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
83d0433c8235f0e05366d19ee5a9c1c0

SHA1
e4945d8d8bd2ed1df50661287177b8b7c2e74ecf

SHA256
084fe38848088fcfd47aab10f24ba065abe64c4b746ce2ed04bf705043cd14ca

SHA512
726cf13d377063e4c4eec30b3868019f5d513167c56e18d554dc7d35ff795fb767a9ff27b1a96b8fbb6c8ce871b4cf1b51112d613f4df25fdeb720612cb8ce7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
00d67cd6f6b97a837d3fc2c66e5046bb

SHA1
77f3d40aad68cb21b0928f548e19a46fd3cfd31a

SHA256
7b379d13fff83b1c6b84924c3ddd3d1629e5a909e64cfadf735b2f1e052fb327

SHA512
62749b230716e7f9b9c901d22c1c28a655b901fb2c3488d1b517e6859b6506726ac39c0e424ac19c87fbb4ef01b5a1c0e9b987ad20ba0cc97d6d7cdc1ee6bf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b46aa98718ecde1faa5eeb014812f8a3

SHA1
c9f652f61cb0afc7800c0f5a2823f24d3656f1ea

SHA256
e31de1827a72b0a7802e6d0ccfd8f009336ed8be89608605e9524c209ac40893

SHA512
0de30bfbc879a54854b45ccb16d6293aeda547a2fd6eace9644cdff7c1e3e6f020a4ee3216b6b1a70305b2d8169c889a06bebc472a8e019de8c7b298c720179b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b212abe7e3cfd36b7c839554b5f2a656

SHA1
a222d6aa16b3f7a7a6f6c006b9ce1ac82e7b4a66

SHA256
0d5f7dd90510cdce3dbc6fd6c2dd86a87f67c85f7ee05f7cc23d3dcf933f103f

SHA512
b44ceb1b27dc3d9b694857b1b9e4cba40e2ad51c9d2d06cf4dd5708b8026d9547e9ce2d907a5f1f36065fda3b86b84483c382b7a2709ba067f151a17ff2ea32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9483c4449927e80a848fcdb0191b285f

SHA1
373bd3655033c58f0a369c7e1ab6fc656ba49a81

SHA256
da4515741f17cf0c91d907e1e14adba749cd939dcbcb64a8a835ff9023873f88

SHA512
83ebbc57c6702cc2c774911d00e4188e5275a811a60a07f891a5bc486c7a962294c4feef347e6ce37ecdd4f96499e93f308266119a1fdf869a18c32191b3047b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23c59b4643a41b074f6de5ff3de9fa70

SHA1
0f3bab53bce1aca3d6fab82db3b195414245bf7a

SHA256
4f45df1354a8889d8dea10e5f087b072321806842f0d1bd64e7a6e1ee27559fc

SHA512
5f3d2392c1abe3f89b61d1dcc411ca46b812c64fd01969d88eb7568dd937f6cb9ad66b6529ea4b2b7e34d717f5e62e55cab87291f2ec5a6fc572fff9e12b39dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0988631cdcec65711db8f805d7fdbbd9

SHA1
3f347df7c4698d46333fe53f9f7b01fbe75cf02c

SHA256
987be0b51102a2827077e7cdf4a5c4de8fa40670f49f8c836cf6b0144969721e

SHA512
4c676908a903e646752658f23990689a623ceafed6afecc419db5ee0ce4547271780222d0ad604a5f81ba61059ecf512a8777b2e734fec01066ce5922ba1e3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
91ef26e840756251645ee75640b7c751

SHA1
c8f82970831db76734637a3fbf6e1d802c5acf9d

SHA256
1b4e1da7add0d1133a3a60a6cc40a446f529aafc43282bd1749e123e7307a443

SHA512
37d68b3874683b9cf73b70773543ee2495c9d8efda747a1de8814470e200461ce84e9e7288380e4626a05fc479e772e586c47b11de2fef5eed24817528d3978a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dad722a3ba185076cf05ee21449b2253

SHA1
85ce51d05d3cb0d61f2287e11f2824779e74048c

SHA256
08153d41e4dd20c1f0738334369ceaf52eb63e5e1d23fe707e25e39f10e1a987

SHA512
fccd93e42184eb568a6647fb0a9819ba9c243494dbbbf189f28bc824e0034385dc9d038343035c65d12094cee726496d5b8d9823175a32775f528c24377eb8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b90725a95b073c4fee9dac619230f528

SHA1
0c0a5c6e5c193a4e6ea635395dd70984aff3b180

SHA256
bdfa76635dba302c93f9c44ff8effd36f715eba256934ca2c37501f44369686b

SHA512
379415e41fda7587cdc57a322aa7157b16e4e447ff8eb7fe0f81fe6bc8e9eaeb2160925fbbb075771549d2d8c1a045338af97b183150c92117fb57f37f11588b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1d52617ba1231baded8d19250de2ae1

SHA1
1f82aba38d6d4e7d5651a3b600f21b67562befd8

SHA256
267abae9c3f1e4c2e68184f86ea3d47e7241161f7fcaf7b23b2950642b4f2c9f

SHA512
0436ac67926b5b27a413c26103edab6508837939d021ecaf8ad45f86317751c2f7093d2b4f496290a829a368e0e6f5d649cc6bd86669e61a15b072c79baa2691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb16f4684079fdb9fe407e25a88036c6

SHA1
8fddb2471477680f6fc310e824bb31a71a8b6daf

SHA256
22cefcf5f65cb109fe3bd468fe340f58af46c928992cd2815900917f5045e61a

SHA512
de4c1ee6c38f88d2ede375af66291eff3f16ec9ffd3c0c8a5687dedec407e0f81bdd647ccbafc28e5f5500ec7f707921acd49e46dd490ef8720213f90222e841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a523a3a41c4d760e3f15a72e96964315

SHA1
333e3e260d67a54f9c11d50e18d980556094a85b

SHA256
cd5660a0626366963338f14e1e02b44e8ffb6cf49091651ca3aa46e33925a0b2

SHA512
82ed22f3626a1e8ab308d3e6cb1dbf5e52be3512e9de64fd957d66d58c3c3ca4949172645816cba36696a0b1e47ca6636916e00e8e3947f61627f8535b9b0b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9179a8fa2feb68c66127a9106fd7b310

SHA1
0b43a04251b1a67921a4547d72b928a0693e1ae2

SHA256
3a5b69eeed9516bad726547b89886a78dbd16ec7a6c2d7686b52856a68b4074c

SHA512
1c1092ae66e93637085a2846aae645b40b481225b30fb93d5c644c7e396698618de4638912b00df056809166a16140d8817a11202fb14b59e3c4740acb41d879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92f471078d43d6baeb1049e2402f2cdd

SHA1
41a06cdfe0794da490d9c8c5919cb4c27aa30dcb

SHA256
315c0a4ffad0b16b7a95243f1886346418b3ce7e1acaaa7b2a1235e9f4cc6306

SHA512
761406a7c6a8e2e8feae3caf877952ff3cbf1f668842da81a1c1b38acb87965d16d87a0534b525a31860e9adbf19a9aaa254ba13d53b7d68b0d133657b08f3f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dce8f80710c594ded31067082475a35c

SHA1
7aab7455f67d5209479f1a4cb05ad6aebcef2fdf

SHA256
09b3de2c98f2d59785cc2242104c5442de79856dcd1f5e031c685dc4288a03c8

SHA512
32629c568774acb28ba2c66c499f41c68b694b18c69f9e2fa9d43a69fad48173a0c2aee261a1f1813ce7e9716f8ebe7577469e57255a09239f245397137b15e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dc01b4a4939a0598b8e88b73df206bc3

SHA1
d2a7c0a40d5aa17c7271bf896f3e5cbd3b0258db

SHA256
a2e35121aacceef2d99f10cc87968e50af9cf6e5804598ea73ab24f592c6ee6d

SHA512
c2496d2b20642e16fe3ef8b8931e5877d5d8e2b0a06ef7d356ff26f5a3d91d2e3d42849954511b66b14e87d1e16fae339745aadbde112a1bec86a1e4c6c27ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6bdf19c6dc4cb23ecfa6ba85d0c4c4b

SHA1
0ae84c4ea24b623b898b4d1283e3125a3499543b

SHA256
ef10fde7c5c8b3862a3a62895639d415dee6882c26987f96deaae770073469ff

SHA512
3fbe2e82e131c47620aa84041e28a2a72cec8b1fb4967f2bb61b9b2f58f7e177e546288fb16bb183c1b9528632d7641007110efde107cad16cca4a3b11d52417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27f4531f4752102bf0ea0729d5de0d13

SHA1
b1d0b44ca60447e6093fecb0b707d3f546c12fc9

SHA256
8ed759c8d35be451496aa70faa0ef6d3b6dcfc29eecc7a143b94232296031560

SHA512
7026caea91b6e5f637d2137434b3f746070db2382549625143953b409694d00276c5211965811e65d5ea744075d61568403f5157cd5c16eb830781e0d37e476f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f311bb8bd578ccecf0346b34d8eabf5c

SHA1
87651122c91f5dd130f2683a7d316afa235200d5

SHA256
810c2e435b992706246b180b4ca761b3e8b154d13ccb9aa3863f8d46d73279b2

SHA512
7f816515a4a0cc729a10638082fd0dcde81e3737a4e0693646749d0ab9291263246c9965b4c18d0b7f9d8d9dc258ca075ab00c8ee72125401cf8ea823d76b457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a7e8853f3e4c3ee097a53c418d01208

SHA1
da60175ead74504f7f829ddadb4b9acf16530dc5

SHA256
98f5c2ab06cb310d39717202751ae688464821e4ab32bfb0b2c0bdaa765ef0cd

SHA512
eedc29e8300824132419a180a9777a9447122adca38fd93f1522850fb285502dfb3af08326dacf00f7a232915cb82e51c73c2cc0da05287ac8d2b2d687771f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
918888d41cbf3351b6d3da2b48d01fb1

SHA1
5c6bccca1edbea8e93cfe182ac0888282432959e

SHA256
7cfacbe99d6cbeb5f0e2361385225ebe1f79c427cd23278b9cd5e1fe16c4d279

SHA512
24f9646db529ede27dbe883cac923e4d3e5b7bbec69c3a4cd9ab8b0efa41ce6d7195ee0121017c5752398474eb16028891c735eaa1631c3eaad860494bcd8486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dccaf219bb22db6ee2a6b8f505ac5ee2

SHA1
7f133c08528e6ba9dd5f7a13faa1416127d008b7

SHA256
2388fc4528e19961b991615b12c6dbb6a22f86cdf5746dedd60eb43f9ca99b6b

SHA512
a128ee56e4766c8ed8f4bc093b6e764c60c26e81302077c8124ef11177ffb0698c0cf1a5dc2a82e7b34fac688fa506664eae98ca5924b68dd792ae1ec35ea6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93e39189fa56ca072f12a4488dceb50d

SHA1
3fcaa932199ed9412f1f9db4a8a774132e8d0202

SHA256
aea393f6338f3493bc85a9456a75e78d1fdc66e8fa4e8c979780c9294ff5782c

SHA512
9fe5ffb38880a9c285cf3eefcc1d661154243e9a5eac783eebbf02dcc04154b21d72825e19ec63fc21dede3965180e1d20f45d28d7e644e2728fef14d177a598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ee8cf5b871a69868c891974182c7b44

SHA1
92b12e40a4c955404ae65516d5e5dafd8a8baebb

SHA256
fd8e04eace828f5a569f0b8b792c2e1bf14a13e1935e209f1e1d74c747ab9d65

SHA512
60a52afbce3e087eedd96651dd623b76a83923b7fdd3936d666db52364fedb61c322e657924da7f6f86188a7addbb410474b61df8f174dd5432467c0393a74f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e899757c81f10cd30c156e91b2df512e

SHA1
a1998d31851a0db52079c912b18c471767795a15

SHA256
f469a8fbbc0baab674ad0584b40810eb41b4961e9c31adf1927eefe17346dba5

SHA512
a51a66df420fc081b24e1f8e470a095b17bf25b71c9f448b3178e2744fc3237300ed4e2655bac4af197076a7a8e06618955add1d3836a3cbfaf1b0c86c775741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b25f763ef1e78b3b1570722d82642be9

SHA1
b6557f54ced52825a9d6b76a4fd9a1789c739f09

SHA256
d738c4dbf660a41ac505f9763cae87da528813a0ba46fea633eb9b2ff5c85b51

SHA512
650473400e110ecaf2c9c114793c0dce2787b58f4b843f98e144b5114d8e5fd7118c802a01496315166fce3e0552759a8a96d884f33f60382100a1a422d98a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8f2b90f1c7c323cf6edd552407b23c

SHA1
784b6f8825ddfdfc8a487e01af2f0304d0a37638

SHA256
8ab836ebdf79e31d56698e3867c6838866af2ef47c8a9f5fd9b60dcac8f436cd

SHA512
38581f17a05c636ceeb6b7a0a178ee5d38ba2d6408daa82014d945b853ad5d00b2eedb13c17437f567dcbfe49500c5ab1454559aff99fdde0d21c94597a91074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ead0251a8d59e5ff1a5dbef49126559

SHA1
17120539531d6b33494eb9ab6c5045c2050677f4

SHA256
702c8118a4a03d0a916e5af25e3a7b97da97d9d247e250876985807868e2e3f9

SHA512
32572ffe8e8136cb0c06f65223928d93c10db864150946335ff60f26937bcc322558cf39453bc199dd6e5e9d6dca8051c815955ab8f24fdd4ba8bbeafe001ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b68d2e71e95b1b38a340f12a93e80ca

SHA1
60f12baea37fb84c5315e42e556d01c8efd3cc16

SHA256
62b5c32ea18810f13eef320414c83212dfec7132bfd61b257d3faf34af0beb71

SHA512
e1a0452674f0d25f3bdf00e499df834b7b5d187e7fbf1f08ac9cdb47703084586b915ea4a4eb44a7c94004b2be68e099368a8b61e06b139b050e71f10fd5e341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc0af83d1b0c7b1dd4522e4e89411127

SHA1
1e3e27df59e9c29687162c83f1358bf741042a95

SHA256
6f91e4364e5c1d7bee77f0f6c2185a1dfd7f49590b431f78de55eafcce3aac90

SHA512
211cf583b427e60a0fcaff7101ec8b186a9b18e7df255fd51b18591d8566c07966cb8b2f2771c30754870d90f19a1a3865718d009b95fe75b080c4219e5b69c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
174f92de39c725931448199bba71b62d

SHA1
982bc6388b29f383c9f05c4d8c8588f32cd99d56

SHA256
8da93476464791ac72c3ea13c0bf41b2f6a373d76f2daad6a2246ade448d6f62

SHA512
210013e428a77e09307f7066cfbb94bd0c82446095527fe5db358476f4b10953ed8732a78b6d58d8f3c341668434b82687d55cf379c7b76b58ad2290df471faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4246894a250819ca30f221109688a0d7

SHA1
c0abee44ded3796fb79b356e29e59aa6f723e7fa

SHA256
f1de63d47de9ca93c7dcfdcbe7eaa19fa30c2ce181e8d85a4f5ff1c3d33e6e8b

SHA512
62a77f1cb7826d9b9ce165215926c3edacd687aa69640ff84f9c7918b1e5200a5e176eb989315445edb636d0675bb360365ee93d99415b8f8d9178bce49b541e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b023fe87c195a3a3c348207e4df75464

SHA1
c778a52b250fd6db54e0ba0fa52becdf3d392900

SHA256
33efdd90cacade399b7af24223b432a4088172c7e1c1785a49a343a7bf1b4c51

SHA512
688e1fbb1ece9a08bee7a0159bed8878dcd6240dd836b3b064bbac5c3eacce19ad891786aefa122d06b1ee987d7cb4bc628e9fef90537548e5d62607912a1dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b9721bc1508ea86ddcb976a62d40841

SHA1
230d7ca9d5b3c566ad3de6047ebfbfd0789aef6c

SHA256
4a5113eafe32cb4fd884c36a1430019f58875c508cde81fdd74055b3e2702406

SHA512
93bead575396852d47a03471dcbf150278eb0902c49fb6abb2da5c1cc66577524514ca603fd0449faa8f0ef55149bd91293d49fa4c9f520fe2e5d07917f010f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f8ce28adcc567ac3c85d72a6ef6bf84d

SHA1
c4a5a40050dda233e6ba8dd81dae069172311b2a

SHA256
de8ba253f02a1ee575718f09276f1eab25030972f3b27b045b1b9c4f45b98257

SHA512
c4bc54eec1ff6743e1eb5b16a5e58f35a58d3c357a0bbf6a85a1d2b9d2454c5f8ff76616fb5f8314e63d51d4e2404cc99b7fcbaa109f2b426c0456455da5285e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21a5364e9a311088fa1e686baf61aaf1

SHA1
c200677fc4bae48f63038cbb169f0a3b3846e517

SHA256
d55d75222acaac9cc22e534f3fd879b65c108d31592a2539e1c7ee6ebcee6c9d

SHA512
2579a83e085abae0fbcf4846f2c5703b702020cd80a56a07adbf2e97c41fe86b196a7cfcce0b0c2ef24113079021b5bfdc662e53645afe7df1648bb194fe57d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38cd9d95d13b9f1408c4a7ce38f27941

SHA1
dbf1d0239beef85e7f8b98ab5c07c742638a78b4

SHA256
20bc6e19a105ea14f45d63873036d0a00af485ea331368173a79cae187e5e36c

SHA512
cdd506fb661eff5a560498abe345115f8e7290a7303c7608e2bacc34f3128df477e030e6ac285925acb2c85d8bcd8496494e85a909221261451514a5f3b1f571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79c5dc81bb4bf3fe8f16a18863fe8c0c

SHA1
405eb8bd98615e9e447d16fdd45450016b8f0b31

SHA256
da6fb714308abf1a76fb30d00334965d6a8c1ce9e7f85caffddc27e793c6d1cb

SHA512
6e4fe3320123b078513de2f0b479e59c540ec814e73faf4d0045d9ccd8c1669c11b8b1b5eaf9c93e73bd110297e74f399fa65e29b899fe6b6a31db0090eac1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c7290a389b7b8519122ea7dd77a9c248

SHA1
27bc09e996a2d2cb07c8166201021712c28c790e

SHA256
901ec8e9fe1b47fbeee46b85fca1d93b4c35868e83822c3ea7c0c16558e2b9d5

SHA512
a4800cb38e8a7ef8dc4a431fa24d4fb2406ab05e8fdbedd96511ac281a8ba3e3462c40d3bdd0a4f1e3399f2874bb73fe3bdb5bf3843ff28a3ffe6609cdb4c5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c2cbdc5606adb360d864fd8cc060345

SHA1
06e93b23671f10f4884ea9aca020cbe69f018670

SHA256
4637a88d6d6cf05587c96168baca70df873df00f1b240352f2d6ffd869918042

SHA512
d5ba7707336091619d8891c36268dfddfc98966372e9e15cfb1a85da0ad4875e580060a675e5a6b2506e587a519889f7f7b199709e49318235a85467adc84393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cbd8eecefa3de57d8a530b6fb8c4f575

SHA1
362382a5725f666d7e2792e452a48fb50358f7c3

SHA256
cab8fcbd0e0dee404b2707dfc2166153aa1f47d6d617f95f11be61a93a37dd9d

SHA512
5b1dd5ae60d57851d6f9eb328d5cf36b9bd5b9c422609bf55059afdb7f16fd69fb998581ec28f4455845592f37211097659d616903b37e0ef592643ce0ee51b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
944416f5db58a09a69957f6367addc6d

SHA1
8134f6e99ce67cb03764d7892123bec5a3b65beb

SHA256
16ed6d8c060ba8474b8ad85fdfd9aacf8048001bca62073181156462c0c95557

SHA512
b1e93594896644239d7a6460ad7d604839c97272e6577e588404cd7c78ec4f0e0dccef457b837ec1d3c00c20233f04d5a4af7aeb79f3e82b8a14e84fdd9aae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2360c3bfcce33a98a763e710bc17c0b7

SHA1
e21b2b4dbda4c27febf6312ccce9969e51190cb1

SHA256
c07a3a336ed5096833eb55095f91149698aee6471365f03f01d4bc409fb76068

SHA512
7da22b17dcf6aa17c67ec932af12f77decfd72fa439be1d8d49ca7a33c17efb088dbb70c1e5123cf6d3bd0b6ff4d8e916f9121891cbe50c942e9bd333d88d3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1938fc231df4da0ac60baa0ebb2e990

SHA1
07d98accd4a55ef49a49bd431053527ba4296c8b

SHA256
f8798782df8658ca6f2b558009e75f40b09647aef1a5286966279daf6bfe3f3e

SHA512
f1602fa3fd66ea038090891bf2a48501a301bdb3550a6f2fc619f340ee192ee2e0ca3696266603669eae6a2df3d78f3f29e28e1c672cc7c182651ff1785042da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
87bf446873eddd33ea8d7ab3fb8b927c

SHA1
7457876af5c0ac8846a5c60f0a18c739a7d0f112

SHA256
7b92aa2a9046769acecbe9046009196ffa541aca67959b6b3b91afacbc25a95d

SHA512
5a822b69fcdbf929dd9d840d06d86015e98706aa726286882364911a21dcc27ca3a524ddf08154bb7a1b87b7fa07eb8046734b8378b6e0e2827063d2489f928d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ec01.TMP

Filesize
871B

MD5
2d53f65f666f98f3254b35494cf41c02

SHA1
45b01a10a095faa09a4d0e5b7fac411890d8131b

SHA256
5057741ec8e31fe6b11990b5e62906f58ed0b3fce0651bdcada3b32f26c7996f

SHA512
3a7a926c6a80aee3499277d0d247d46e5323356049685be291704db7ac0be49c4b5099c9ae41fd5038a7beae3a318822901e2e372ab6c06f0e047ed2732dd938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d2c8faa0a0c75a4279fa75abe16b494

SHA1
705634131d96047dc9304bc1c800f0d3c5a806e2

SHA256
bed2d1ffb4a3fa0226861d19320a4844f3ff2593d233516aa11771bfb0517cf7

SHA512
dde9e77a39445b2165e98b7cc67de6d6f9e2f78fb71fa474f76bc038c9b8ed712624d514cf9600ccd4916b49017465892b1b20a1f1829eb3f56e50b40594e7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0bddfa953095e775e704d798a17c3695

SHA1
eb74072c3833ac3a058e21b7b04135314a649e80

SHA256
0f2689ff122a6d780cf2ba8137b72f6124c4e7d940b5ca3176bcab5cb7d86010

SHA512
ca2c65b40357d50b0d0ace1bbf232d6098a2c07a6da81ebd6d8c6ba93b055f44ba4d98619fc5013aea32a4df81fee32fb93cb8bbb34c98489a818ef455613dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef4fa9c119734a160e1f62bfdea2efcb

SHA1
577c960bcdd757275b3e4dc08404ddf98d0e7fa8

SHA256
d18530ba6b506df9268615a8827b3c42bf5dfe98480ea5eeee98774b3f70db9b

SHA512
a69b447c1950e5264ae0a127a7f163bb2cea7c49fb20c6a0b8256b75b511bb1952bcb74e5814842b171901802303eabb2d2638a3b3969742b1b4794938fa0b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5bbc658ad47abf08a8a564e58dacd911

SHA1
4fb7e408bae311ebd75ee132295ef594eb2e8641

SHA256
02788ea1fb717b2afcc1b7c167240aface6e6dc273ca98153cbe5044e883ab83

SHA512
23bac0324c92322d3a1e1c71a277ef490b3086493b45b7fb0206f82e18e8643e15be6a8f72b843caf8ec904d41af82f31da8aab344b41a429c034cccd5df7d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e53433b185ce93a2e3088091f9a7a98f

SHA1
650206b06c1388206d439669191c22d12228c8d1

SHA256
1808ed80ac867aa2634afbc73e78d6c1d32f6b95970311cd1b4301e0438a22b4

SHA512
a5061f91fccce676c3f6e244961bb9fdc45814f8da23074eb7858289b9323c8fb254d1f9033a1233a1c009c5f8c52aafd2988e8654da4b2dd4fc7e212c62a5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a896d1f3c35733cb813dfeef4e6e0783

SHA1
a24be3ae0ef1f236e3a222967c3bfe0ec4e69c02

SHA256
ea8e25659715a41472563dff0a1d962458fa3dee881a11161a7d2be567889169

SHA512
fbf804f82e8861a3e1109a1dc9f6d5ea44223336b6217d2ad0948bdb9c9fdbd7f9c07e897132b75951e513152d180e69258751edc066b7ca2c92e6458ad7bba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48f9f6e75c29d9a43dfecd6393de1df8

SHA1
c74948d26dc4098682ce01d8800046c8b4ea8c48

SHA256
86c7ff1feddc0bb77b991c4894b102d0450d4af947d3c6af0a7acec12bd82407

SHA512
517846465efaf92c631d2f7e30434365b78d2128704fe0639f046d7853b09ecd09374111ae3bf532c082ced2a94d5c20faed88977544310446bae0204ee20ab1

Download Submit
C:\Users\Admin\AppData\Roaming\Axam.exe

Filesize
11KB

MD5
0fbf8022619ba56c545b20d172bf3b87

SHA1
752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

SHA256
4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

SHA512
e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

Download Submit
C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Desktop\New Text Document.bat

Filesize
2KB

MD5
e201d58f2e7e64828ab5f6ada6c16f55

SHA1
3b8cd942176a020e7bee7ecb9dfe2714111c9d9a

SHA256
8b515e5fef4bf198eb37b562ec30923f3a4724e8c4e93119adcc81e2ff6a4fb1

SHA512
38dfa4892b83a49e37bef44f00c2390efd5b2ad7fbb8f5087b938da762208aa9c8de80c9f9a7fe58f41b32b6aaed2176eceb77ccca9b3960cc573a04cf2b9515

Download Submit
C:\Users\Admin\Downloads\Delete-Windows-System-32-main.zip

Filesize
928B

MD5
b2b8478b8b13aafd7fe027d22b61edd0

SHA1
db6b89a19b3cf466f6fe13651c8bf34861972e4e

SHA256
43cb37284a4654f2d468097706771b155f43a82d230428a5fb08134670be0147

SHA512
42fe15b9a0ba484b089ae0bbf68d3d37e111a4ce5a3ab9f866866983574ee713f203d05994bf2fa62ec720166cc9dbd831c57a031e8098b1c003347b6ded1ccd

Download Submit
C:\Users\Admin\Downloads\RussianRoulette-main.zip

Filesize
5KB

MD5
0940040bffc2be780d75e0e65e7c600b

SHA1
fa7041a9b2d3a3b91e9bcab210c5f17a5792de85

SHA256
9e567f5a2563b7b5886c0d229919fcad409fae2730e8c20ec28b3d4c23c06b6d

SHA512
969ad4873b94c006fee7d0613d00682d74eda8cfc75480118a7cef132be532d55b77f945ab195992e5871f3d33929efa13bc50a3e6245aad5c2d096a860772db

Download Submit
C:\Users\Admin\Downloads\System32Deleter-master.zip

Filesize
10KB

MD5
3d6842076aadb4688284913895284357

SHA1
256d136d0a45866ca52bce8d109747c1df921bc2

SHA256
7ced34089f148c1e44dafd039d1b683dac9d08bfbb6b61325b24353ee34892a9

SHA512
420238f12f1066fbbe47e0ad68a0a8392bded53317bc9026e78e5490823978a04b4359acd4b3b19aa08b59898f23bf53bb71b9402405552ace80f223a7e67d48

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 793104.crdownload

Filesize
1KB

MD5
79458fa61b7e5a1d43260d43f1cf6bfd

SHA1
ce6311f4d199ebcaac0d6caba34cded115b04461

SHA256
91d9ddc3ca1de34c47304c6e5490ffcbb8253ab32ba4a1c0c4784bfeed326b50

SHA512
a7d5217aa589d32efb627345005897fd5cc22d80d8953138b79e6c03f7aea683e031b0e24ca160910149720e51a02ee30a9efdb66ac14f6d6870dfeefcfcbf2a

Download Submit
C:\Users\Admin\Downloads\delete_system_32.bat

Filesize
556B

MD5
5fc88a9258e9a26aa6addcd7049bdfed

SHA1
01a4e564d408772a2f8a0d7b6ec225cc03b3d387

SHA256
2e9d98637fc98110c0fb85e2868b65627f2340372e0322ab5d2230a1fabcdcab

SHA512
db6b93f0cf0b870af9031ca59302c83fcec354ed2270821ac40a370128a7ee0074805aaca8dad60ab05b30dea0266e8f8044419aa1aa25222bc8e5520e9f8814

Download Submit
\??\c:\windows\jk.bat

Filesize
3KB

MD5
a725af7c07b52549023be73328e55809

SHA1
c9d8072aaac80f6cf1edfaeaba6c934196631c81

SHA256
e009a52eeb2138531c799905010f7677b0fdd4190abe4ac0a25e0e15eb30d865

SHA512
d4cd904da5c6a5c6112d212b218abc76429da0e4d6382f4fbd9ca51a976eedef26e202607ff6041c4de7e9db783f62e5a24ee560fed068945aef69fa5491a3ce

Download Submit
memory/5128-2484-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5252-2450-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5328-2374-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5348-2369-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5468-2381-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5532-2387-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5540-2401-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5572-2329-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5668-2405-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5728-2409-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5752-2328-0x0000000002660000-0x00000000028CB000-memory.dmp

Filesize
2.4MB

Download
memory/5752-2348-0x0000000002660000-0x00000000028CB000-memory.dmp

Filesize
2.4MB

Download
memory/5752-2330-0x0000000002660000-0x00000000028CB000-memory.dmp

Filesize
2.4MB

Download
memory/5800-2415-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5856-2443-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5860-2427-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5964-2460-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6036-2477-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6104-2347-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6136-2367-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6136-2349-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download