hxxps://download2393[.]mediafire[.]com/g89qse524x6gM4_8xohA_TWuZxdEkRNIoHxILjT4kFSgJtbRshtdH6OBvhDBy2_ODRFowOvROQBaZE3FKwQwb_oAB-lKMwuNIkpC_4HehcNR399pQye3gE0jBfiEePxp6G7hZBaZTO6VaMSPitbmlvtcxDIRaAycmodWoO6-2BGb/fkz5gfddt826621/Xfer+Records+Serum+v1[.]368+WIN-TCD[.]rar

Resubmissions

04-02-2024 11:57

240204-n4lgasaham 1

04-02-2024 11:41

240204-ntxrksgcf7 8

Analysis

max time kernel
733s
max time network
749s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2393.mediafire.com/g89qse524x6gM4_8xohA_TWuZxdEkRNIoHxILjT4kFSgJtbRshtdH6OBvhDBy2_ODRFowOvROQBaZE3FKwQwb_oAB-lKMwuNIkpC_4HehcNR399pQye3gE0jBfiEePxp6G7hZBaZTO6VaMSPitbmlvtcxDIRaAycmodWoO6-2BGb/fkz5gfddt826621/Xfer+Records+Serum+v1.368+WIN-TCD.rar

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
620	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
1216	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
4720	Serum_x64.exe
5352	lmms-1.2.2-win64.exe
1628	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
664	lmms.exe
4848	RemoteVstPlugin.exe

Loads dropped DLL 64 IoCs

pid	Process
4720	Serum_x64.exe
1628	lmms-1.2.2-win64.exe
1628	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
5352	lmms-1.2.2-win64.exe
5352	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
1628	lmms-1.2.2-win64.exe
5352	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe
664	lmms.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Splitted\0003-Strings and Flute.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc\tomita_clip.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\classic\drum.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Guitar\0004-Dist Guitar 4.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Companion\0119-Ghost Choir.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Cormi_Sound\0086-Organo_03.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\the_mysterious_bank_4\0024-pseudo_doublebass.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drums\snare07.ogg	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\TripleOscillator\Harmonium.xpf	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\plugins\ladspa\declip_1195.dll	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\latin\Tamb_hit.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\cr8000\Hat_o.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc\q_kick_2.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc\test.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\projects\demos\Thaledric-Armageddon.mmpz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\plugins\ladspa\ringmod_1188.dll	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Cormi_Sound\0104-Ice Rhodes2.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\SynthPiano\0037-FM Synth1.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Organ\0004-Organ 4.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\locale\qtmultimedia_hu.qm	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Cormi_Sound\0157-nostalgia.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\instruments\e_piano_accord02.ogg	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\BitInvader\sweep_pad.xpf	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\stk\rawwaves\snglpeak.raw	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc\warm_digi_808_click.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Cormi_Sound\0144-Inquietudine.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\projects\templates\ClubMix.mpt	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_fx\funky_stab.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\the_mysterious_bank_2\0014-synth_bell.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\plugins\ladspa\harmonic_gen_1220.dll	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\olivers-100\0073-Shimmer Swell.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\locale\qt_da.qm	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_bass\melodictone.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_hats\live_sound_oh.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\tr77\Tr77_snare.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\plugins\ladspa\karaoke_1409.dll	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Laba170bank\0032-Twang1.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Plucked\progressive-house-pluck.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\beats\rave_hihat01.ogg	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\classic\saw_wave_active.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\locale\fr.qm	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\AudioFileProcessor\Bass-Mania.xpf	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\olivers-100\0051-Agro Odds Lead.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_fx\electric_intro_to_a.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_perc\tom_tone.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Companion\0025-Wind Whistle.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drums\snare04.ogg	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_fx\entre.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\default\sample_track.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\r_n_b\clapfilt.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\tr606\TR606_Tom_H.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_fx\end_of_broadcast_day.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\classic\note_none.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\classic\unknown_file.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\themes\default\text_under.png	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\olivers-100\0105-Ominosity.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\latin\latin_guitar02.ogg	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\OpulenZ\Vibraphone.xpf	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\TripleOscillator\HiPad.xpf	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\samples\drumsynth\misc_electro\atmosphere_of_space.ds	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\the_mysterious_bank_2\0019-sine_pad.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\the_mysterious_bank\0016-sine_pad.xiz	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\locale\qt_help_gl.qm	lmms-1.2.2-win64.exe
File created	C:\Program Files\LMMS\data\presets\ZynAddSubFX\Strings\0073-Morph Strings1.xiz	lmms-1.2.2-win64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral2/files/0x00080000000231e6-1777.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\ = "LMMS Project (compressed)"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mmpz	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\open\command	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\open\command\ = "\"C:\\Program Files\\LMMS\\lmms.exe\" \"%1\""	lmms-1.2.2-win64.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\open\command\ = "\"C:\\Program Files\\LMMS\\lmms.exe\" \"%1\""	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mmpz\ = "LMMS Project (compressed)"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\DefaultIcon	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\DefaultIcon\ = "C:\\Program Files\\LMMS\\lmms.exe,1"	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\edit\command\ = "\"C:\\Program Files\\LMMS\\lmms.exe\" \"%1\""	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mmp\ = "LMMS Project"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\DefaultIcon	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\open	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\ = "LMMS Project"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\DefaultIcon\ = "C:\\Program Files\\LMMS\\lmms.exe,1"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\edit\command	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\edit\command\ = "\"C:\\Program Files\\LMMS\\lmms.exe\" \"%1\""	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\edit\command	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\ = "open"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\open\command	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\edit	lmms-1.2.2-win64.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\edit\ = "Edit LMMS Project"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project\shell\open	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\ = "open"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\edit	lmms-1.2.2-win64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LMMS Project (compressed)\shell\edit\ = "Edit LMMS Project (compressed)"	lmms-1.2.2-win64.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{A123382E-283D-42BD-BB0D-23C953FC936F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mmp	lmms-1.2.2-win64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 141728.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
664	lmms.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
4032	msedge.exe
4032	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
3784	msedge.exe
3784	msedge.exe
1216	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
1216	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
1256	7zFM.exe
1256	7zFM.exe
4344	msedge.exe
4344	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1256	7zFM.exe
664	lmms.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeRestorePrivilege	1288	7zFM.exe
Token: 35	1288	7zFM.exe
Token: SeRestorePrivilege	1256	7zFM.exe
Token: 35	1256	7zFM.exe
Token: SeSecurityPrivilege	1256	7zFM.exe
Token: 33	2036	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2036	AUDIODG.EXE
Token: SeShutdownPrivilege	3316	unregmp2.exe
Token: SeCreatePagefilePrivilege	3316	unregmp2.exe
Token: SeDebugPrivilege	2044	firefox.exe
Token: SeDebugPrivilege	2044	firefox.exe
Token: 33	3304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3304	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
2044	firefox.exe
2044	firefox.exe
2044	firefox.exe
4032	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4720	Serum_x64.exe
4720	Serum_x64.exe
4720	Serum_x64.exe
4720	Serum_x64.exe
4720	Serum_x64.exe
4696	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
2044	firefox.exe
5352	lmms-1.2.2-win64.exe
1628	lmms-1.2.2-win64.exe
5176	lmms-1.2.2-win64.exe
664	lmms.exe
664	lmms.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4408	4032	msedge.exe	83
PID 4032 wrote to memory of 4408	4032	msedge.exe	83
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 2532	4032	msedge.exe	84
PID 4032 wrote to memory of 440	4032	msedge.exe	85
PID 4032 wrote to memory of 440	4032	msedge.exe	85
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86
PID 4032 wrote to memory of 1312	4032	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2393.mediafire.com/g89qse524x6gM4_8xohA_TWuZxdEkRNIoHxILjT4kFSgJtbRshtdH6OBvhDBy2_ODRFowOvROQBaZE3FKwQwb_oAB-lKMwuNIkpC_4HehcNR399pQye3gE0jBfiEePxp6G7hZBaZTO6VaMSPitbmlvtcxDIRaAycmodWoO6-2BGb/fkz5gfddt826621/Xfer+Records+Serum+v1.368+WIN-TCD.rar
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6a8b46f8,0x7ffe6a8b4708,0x7ffe6a8b4718
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3784
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Xfer Records Serum v1.368 WIN-TCD.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1288
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Xfer Records Serum v1.368 WIN-TCD.rar"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
    3⤵
    - Executes dropped EXE
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\is-BDGG6.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-BDGG6.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp" /SL5="$2024E,202760713,792576,C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1216
    - - C:\Program Files\Vstplugins\Xfer\Serum_x64.exe
        
        "C:\Program Files\Vstplugins\Xfer\Serum_x64.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8704 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,14104115671239443162,1566754435943820452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe
  "C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5352
- C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe
  "C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1628
- C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe
  "C:\Users\Admin\Downloads\lmms-1.2.2-win64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3272
- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
  "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "C:\Program Files (x86)\Vstplugins\Xfer\Serum.dll"
  2⤵
  PID:4840
- - C:\Program Files (x86)\Windows Media Player\setup_wm.exe
    "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "C:\Program Files (x86)\Vstplugins\Xfer\Serum.dll"
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\unregmp2.exe
    "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
    3⤵
    PID:2100
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
      4⤵
      Enumerates connected drives
      Suspicious use of AdjustPrivilegeToken
      PID:3316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.0.1179897769\522576126" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed367b34-4f83-4909-a2cd-1155af60d713} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1948 286154d9c58 gpu
    3⤵
    PID:512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.1.598071908\490242577" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df30db3b-cc87-4814-be02-1e287295afae} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2348 28614e3d558 socket
    3⤵
    - Checks processor information in registry
    PID:4840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.2.646557149\1400767613" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3240 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f90d96fc-a5a3-458c-a62b-70c3ff549f9b} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3132 28615467058 tab
    3⤵
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.3.486139180\304314333" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dc6b992-ee8e-4e73-99d7-7b95876402c2} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3600 286185feb58 tab
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.4.1010491539\2071731800" -childID 3 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f6ec9c-0897-4b6d-b2fe-1e696e00c75f} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3744 28617a93558 tab
    3⤵
    PID:724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.5.819445992\1553540538" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4380 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d18e1e3d-c74b-42eb-b0a2-d8cfce10acfc} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 4268 28608a5cd58 tab
    3⤵
    PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.6.1161924437\614356812" -childID 5 -isForBrowser -prefsHandle 2628 -prefMapHandle 4260 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08662b9a-a2ae-4f7b-808e-11555a1a7ad6} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3624 28608a60758 tab
    3⤵
    PID:3316

C:\Program Files\LMMS\lmms.exe
"C:\Program Files\LMMS\lmms.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:664
- C:\Program Files\LMMS\plugins\RemoteVstPlugin.exe
  "C:\Program Files\LMMS\plugins\RemoteVstPlugin.exe" 3 4 win32
  2⤵
  - Executes dropped EXE
  PID:4848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Vstplugins\Xfer\Serum.dll

Filesize
6.3MB

MD5
5c5c1436a6513b976979c5e5e9ef3bf8

SHA1
c6fca3b6e6d91e3f723e18fb2553b99d457e4541

SHA256
4c3aa2ae4db5df5721b857bdcbf0fbd843cfc3b280a768d416436bc0c3dd47c9

SHA512
408e0eea77b97a9cf7db31d0b14b4ab063a2684720ab174277abdb0889732bd540b41e8ae139102fe3cfe3772517b3288da092671a9c97d9539e41c96cba7545

Download Submit
C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Serum.ico

Filesize
16KB

MD5
fd339f6494134dfbbd63a832bb740273

SHA1
a378c6f06093d3a899e280d7c95a188a81856971

SHA256
7c029fa4527da5f1ee584ff39c26f74776a30711678225ed2684ddb1dfc2227c

SHA512
b0ddd3134010508ae8204aeabdc3245eb1ecf3e4a0aef865722fb9c885e8f9245280259da370430f3ec1383c29968dcceec114f3181192496c6b1d7a0c8c469e

Download Submit
C:\Program Files\Common Files\VST3\Xfer\desktop.ini

Filesize
45B

MD5
219983e644a372ec539e04b7da6a1562

SHA1
ea6b6fde11fe7dbad780d1c8f8462e5751ccda9f

SHA256
0e6e526114de654c25e3759d2db54a58ae73b642a92a54dce9993a3300e42797

SHA512
f9f8a63a158096706a2731bf007ebf89013e8513529811d5519e980b344e8bbfb404c2e25d8a24e01c2874f1f1e5f711f53acf796fbbfb66016f53e81810b52c

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum.ico

Filesize
16KB

MD5
94a0e05982477cc34ef1a1f3620f8ee0

SHA1
0f6210cf69b71a507cec8d7dee5238d206ffdf5a

SHA256
9bba3ffde88cf5b931e5efe69071f8c7a8714c02ae2737337a51196d67de4ba6

SHA512
7bc3cf1d7f9477064e25c7adea56ac59ccd6dd24586da6f52e40547a7f208b5cadcb315574e42c9f4d39abe050a89805e31d8f897a21c72ccc773ffa42e13d10

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.dll

Filesize
7.7MB

MD5
2448edd1a85b9fac716b4811dc061cf6

SHA1
7fc5be918d39a422beb2f636e55c0c8b0798bfe0

SHA256
3236ad6a9a848c5e1b6091505398e98ba8686e2c9fbf586535bfe59d7c453f69

SHA512
727b7a2678b5e92a9696a8f3ddda486071145c496dd0d2c51b69f7bc8e14d02d2d21788d724e6c3ead9a8179214c1721c638e732eef63ef2281e54f7c61dc973

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.dll

Filesize
5.9MB

MD5
f64b3e108985e5f50be0247d5e06e0b2

SHA1
4d74cf963523aacf5e564d51b5fb7f6fd4b69a57

SHA256
dafd1747bb58ebea4028a281b104261d3c6de8c8ccf9063c3d104f77fe49cf18

SHA512
f6ceb9d3b7aade80fed598e224a337f5d90bb04c4412c48a2a51ab5a2a958f23d054ac6215b14365df1c56c6e406f94c8bede7b81784e775833ed6e6acc88438

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.exe

Filesize
3.7MB

MD5
69c521c8c68e7d7da15f0cafec8a3072

SHA1
a9f4ef0836c4ab6a798ede59ad3e9b6e6d5aa3da

SHA256
a86787531cb4b017f5843c93ab8ee6f9d9ba13bd29d8d9e7e8af5ff9cba993d8

SHA512
7341f6868a033ce97fc53ef0669acd78222893b3fb849a8a834072d533a1cc107a73ae49d1103e7fb16911952f193bb1f44336ff55843552fbab0e5dea0b8628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
21KB

MD5
f0d11cde238eb54a334858a3b0432a3f

SHA1
7c764fe6f00cab8058caeba38eb7482088a378f4

SHA256
579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96

SHA512
b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
27KB

MD5
c903342beeee1560403d9d905587779e

SHA1
929a6dcbb851e07be2722b02f4deb80e27473bbe

SHA256
e6bf3eb77ceb1283d04cfdac64bac46b447fa34e409be0e5f41b4186bbba9613

SHA512
091ee5cd22b90911e41af03bb8f0e60d0c95c03b8ea30759c821b6909ef02644e1710405dcdc52968d0853f5a54fac96b67ed0412ea125d0559ff9319a0bc62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
c10533650ab2ce04634865c72de4c069

SHA1
36a8d127fb45ffe2707d97806d4e75b491aad8e6

SHA256
12c27ab7264cb8fe40062da6606b6b572d787e7282239d948e01e813439bb69a

SHA512
9fe25a1f0228bd5c1b8ad365e221edef202fbc8ba11dc008d40198a2b8223caf211e74d16bc4fc293a088dc6af6f9080f9f45f5d6696d42232d800390807a7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
e2568dc8aefa8c3ebb4ddec59a6419cd

SHA1
f615c9c204fce05bcdb5ad84cc59a6a5fdcd1af1

SHA256
0438214740a4c0abeb3b9a11ece855637885d7e45d9f4be468fde2a4d122f8ab

SHA512
7b40d53c2bb2540e8dc389d3425d4b80ed6ecd40ee411748512f591bec9f6efdfb444b0aa04b31a25b660b0eda16c42773e0b090c41fa615c7756866e8e0cadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
41KB

MD5
3a29b21dc97aacf582c9e774af78f23b

SHA1
33dda75d04a3e22ba65120b8db4ac9373a40da5a

SHA256
0426ede46dac5d961980edc5f6ee7780c4d299a5ca2c0df9c901ce4aefec5317

SHA512
ae7e52b758ace3df48b42102f2a9ce20be99377cde7712ba125d530efa2ec329fb1715379dd31516193d788a665b3a38c1f85a10a54236091f9bafed2b8574e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
0936e8e3be8879878d00b35717ca5db7

SHA1
06f56f7c78fc500d7eb6be4f2b12d1ff242ddfb4

SHA256
476e77d776918072f1d364d07e9e0127511e2cfe5474fe5fcfd78d52a81e7003

SHA512
804d65530af03391dff8839b86b22843d4bd65e38a9452c2c198159e18e0477dce4451ae30da9a579c6bc0f1a123142793713b8ff4bcd05b00784d39afa3e821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
6b1b16f85974051df6884e2a9530b3d6

SHA1
8bb7aaa0d48d801968926b98fdd7db6684b7dc76

SHA256
659bf60207afa2ed2bf1647b11e7f86e9a25fc7bf627e313763a167c914d5a8c

SHA512
82b14d035931fbee8bb92bb2c340a0c97404ed2a749c763dfe45265ea541ad8834f848cbc7fac104e322a1184361b145aef0b52a02fe1c79d149c38e9b07b864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49da9a423c2b9ff0_0

Filesize
2KB

MD5
c0ef9ab4e4c3cc0c61c89db43a9b7e9d

SHA1
5267b2dbb2ebe55e2f6fa4b4d8f55affcfa4e377

SHA256
884bcabe9ef8a87fe94a0e02be7ee1ab53239040958cd9c2f3228d14750626e6

SHA512
718dc4cdb22d5dbdeafcf67770d842d574730441ccf3f17d4c339dbd87dfdfabfcb9187d421d831bcd55a10cfe71d2366adc0861627f923baee34a4c7edd6065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
6a57e4ab55a3ee91e86c4a5a1b1bf8a7

SHA1
c8a4332d87ad7297fce8daf178c647e7d93bf49d

SHA256
2d8985c3d4eed49a5b97233769039e707ae451722109877dedc6699788b8bfc4

SHA512
9060857c7db24b0edef0ef9749c5166d9f5af05bd740c9c7feb871ab05de1eb37c7a0f8796fb9fbbe31b423582ffa6669606de1ef3a74b1d0d4593e0659c8d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ebf8c96e847cab9_0

Filesize
131KB

MD5
bc2d4e05b2818e95a21c2d5ab4540a55

SHA1
e1b4224ca43b9f04b994739710ee61991d293318

SHA256
844bbaf770f3f3b69c9f7f5d74b11a1519937104320c69424a9172e660b2bf13

SHA512
7536e4b9a2a88b206e3e7422e33b1ff3cc3d0dfb890389ebb203f8f0df9c68468098be283b3f93be7e629eaa1533b4243533de8381740557a6b30ee0a66c22a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
8bbb14da832e6d7828bb622e9d091edb

SHA1
0bb88458fa2368d6f00bb7f1b18910eac115439c

SHA256
fb68f37f850bd4696a01db9d7edf94f5163458231829fb97321cfeea8bcbf75e

SHA512
2e6de6bc1791d699d3ce383be22b22b65d2a5f6dc086184ca61210093244a17cae200b5cba4c8852cfd054e9fe7607df6fe68445dfe3c86b214cd8c6a98a181c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5472a74b544006f8_0

Filesize
6KB

MD5
85f8493fb59042adcf8b95bd0c55f9af

SHA1
05b17ac23b305dd6bbc390eaccb42b5a70f68c40

SHA256
f2a510aee07ae48488804d803feef1c819104b7eafad20b397c18e7af79930cc

SHA512
193cf60eebb71be05c915decc9379fad42cbe8b6a53a9051e97b5b852edb9012451dd777cc9d1b2cfb732a38d8946af9d0d477f1c0e2f65ea1015605be52ae2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
13KB

MD5
7ae1057766b8f133786107410fe7b6be

SHA1
1b543c28477dbd1c06a319ec6839d912234c5517

SHA256
655223e3398805ec4437ff2641e85399643b68af63772865e0e375ed8e97f3b4

SHA512
5751c59d51548e840cee7fdd41a2eb8d8248c127ce6d101094d0a6fe16a7f382689288ba37bf9abadd50925451a0fe801292c1b75784e95a9a2c792a973c1e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a0703df20b370af_0

Filesize
3KB

MD5
8fc91a2a7a4801cff8602ebcc0efd4e0

SHA1
5aa6ba4c41676f388c5f562af877037221baed73

SHA256
53fa0937cc24844377e5e2b0555a031cee61198d72358c4cf1350305005872af

SHA512
866d9698d915a5f52ae3d5e534d646732200d58c48b672cc428a125227d1b7326e9a65f7331e455e82b89fa3f579b3c4010a75be84b0e27ce60ef97d93e16e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
2c9dce16f6d81958c05b88a99c065cdb

SHA1
5de8d663bbce6f2290fdbc2cc445cade70ffc165

SHA256
55ef8458dc48acdea94e4e71a9440df0227d35554e4face20aa85caeed2580dc

SHA512
c36725c8388bbbe50b17b07750225efd21fa08852716cdbe5563d09f0604766cd3ac85f6b2503bcc2bbfc5fd0bbd1ce891371dc4a8fb32bb0812d17470cc3b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794417c96d8ffeee_0

Filesize
6KB

MD5
8a1cb779394cd20cd0d1a6b90353b099

SHA1
6de1b8d8e8b2911ad3b9d561510dcdcd15c9b00e

SHA256
49acd1c74437baa31041b334a47e6aa5120696989c7e5860ef04b90acdcefa61

SHA512
55374cd21955d796c702a01ddd9183828bec6b1ef0e711dbc06a28a995d29b1eafba2c9045702b3556568310832c98c47304c0c099a8665c156ff8857ffdf358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c3278ca440b0d12_0

Filesize
262B

MD5
39020d0e87402ce7fbe7a10d1e18c3fd

SHA1
3c33985225cafdd452d72ca03f96d7663c2b1ed3

SHA256
f57df34c61c32e65b1e4c85a5fe8c11cfd4070eae14ff0fa651b4d7783dc6db6

SHA512
067b09420645e2654c2e8922f6669f79021bc991b6c92402bbfac58241b5f046407b170a5e1c1a442008ae307b59dfa47477593650a6cb50b3538120160310cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
2aec434dc540fbe906b3ae13b80b0bdf

SHA1
25e9f909718a7ac60f54a304464da473fd97baeb

SHA256
2e838ff5454e799e94cb531156d46b97ddd3305bee54db5cb680ec5347f66bdf

SHA512
0287e3cbd8ab7e84811f8b46691adac71995f383170ffb7e766cb67fea4f330f77519daf9e1a52170790ca8dc8f3581aca4b6ec63f98dc2dde01ddb49d4e5b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
20KB

MD5
a8243b0469ef1c5d4a9a6afa9fe5aa0c

SHA1
cf891640516326d81bcdc2907fe6d44bd78c054a

SHA256
fa325460d67f952a04b36200946903c0e08c250c0e0f99366c91994bd83cbdaa

SHA512
34cb06646c6d8ccb1ba9cf390d1fd658f3127cc022e3325a2460bc77ed7b168d1829f269103a09a7d281cd4ea474d6d638562db2288e4cacedd06c7b2172129b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99355e6d825b2751_0

Filesize
2KB

MD5
30013eda2fc22801078695926dbf90c6

SHA1
0230c39834df2ba501ddc20f2e695be2671a3838

SHA256
d01cd1005d0a3f12328969772ceb6d4ca141402c24d68d58573a8daaa5ea67dc

SHA512
d89a63bcf010a79c8839c4bd8e0d9fe1144dba35887e59bd8d92e53f923765fba029251c2fd48790e8968bef785837f0042f79b51408a036c1ad522bbb5ba84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac97950144cbad04_0

Filesize
4KB

MD5
b1e600756e33246ffd37191b93c2bf99

SHA1
5a010971f5211fbc0da71f325c66524208f534c3

SHA256
e1e3e9b10f97c6d9e30d29cc366ff2400b312cee3e4b7973f8f642e32bc93107

SHA512
bbf8ffe440e8021871ee77a138f281100453627086bd4694566f2b53c24119c6da9307650cb331abab24364dac54aec1217a126e3d239a01b3e8c54669fb0dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
34KB

MD5
b02fa1ba279cd5fa8d942708de3fadb3

SHA1
79c266d5d73bb5d87c478df59fd9fb8f54e2e6a7

SHA256
9a52c84f47e94a23a37fb0a6924eb35e43ea2f73537ccb8175a57e77ae4cfc30

SHA512
98cd203497ee35c2c4ae0dcfff5421236025df8081eb04554a09856bbe8a6ad2ad45172fd4f5d50991ce04db12336ca93136e9c2628af4768eaff2b349c39612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
5816263f8badd564c18460db133c145f

SHA1
b9f98f9b8214a076fec7b6ff1aab792c0ee652d3

SHA256
8ef6c5a56b272e7cd57ddabc7193e1765ed12708d621bacec2d2bdedc69e8c94

SHA512
77b2e3fdcb958801d7a3a3b6be975293966e94ccc7a43dc8c05b6844b701edb394e08a6ac20535f4341073f296adfa276c9a37736831be40967aa9699f2faf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dab55ac20579e3e5_0

Filesize
289KB

MD5
33535eaa579d6085d9490f29290bef64

SHA1
5d46b5a9c2ac189e32a22010a2b0ea2e2f6b5c27

SHA256
d10c8d5ffc163bdcf3903ea7cfd040c57ec4d82b7a4418d5d9c14b2a0b1dc5c9

SHA512
d20209f79bd1773195c101a42bf96c0e0a8f417802ca65e7341b4d647f46c71c2f0a01740640a82eff0cda767d03082dc675b5a0bc84438ac2ec623fcb5538bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3c673e63fc243a1_0

Filesize
2KB

MD5
9c5a335ac8f77c4e82e25bc0c6c9ded0

SHA1
9bfa1cbe0a3fcd41774f695206d2075508fcdb0e

SHA256
7ef69f40f851f2a6b374a3085afc358c081d7c95cea92064eb6de659fb42068d

SHA512
dd54ddf1777813c45bd5fe6802776797157df6cf89ef4ea59aaabea089a7b23f81cc76c5923976fc876d071dfb9e351045f46baf66e661be6b398d3cc31331c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7dd968ace5a467f_0

Filesize
22KB

MD5
9e764d1309f95a95f9d8dd2d4c8b4046

SHA1
997f3ce939a39248c890380c7544f693f458c21e

SHA256
311cf11197682c77a27ca025af7e2e4069a5ec7eff668293e0afa9bc70de337d

SHA512
57e27e6a63635b22f330904d9c8f72d7fe2c466060b1258532c93289605ab122a97bde2cdab7b99a91e81bc8ce9495bf9247ea462a2668c91d0030cb2f201502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
b2eab91ba14a2b33a0e42fc14b7f988d

SHA1
7697720e9fee74f271bfd54ccf6f0eb067a829ba

SHA256
6f56a8d6602e8ac5b76c7739b5be659624c29b17b3fa413dec349a5f985cba44

SHA512
27a2412d00f5c638f8ca68599c8cd5a836ec3de7e3b84c8bfb2c825f03d35ed8a6e7fc108ad063f091d29cf786e236bc12fadc384e5e0a9f4cc71dd79b4b7fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a5dac77e3b5e8248ac6bfaafae76e71f

SHA1
a5317cb110f980bfbc9c46ae0de5d8394c551486

SHA256
293e4f5afa2ac773524531a2fe3318353713f1653d283b1c504b222456b51017

SHA512
2d0257fa60a27a0b8bd9f8322402e5eb8bd2f0b0f184867cb310989b68b7a09d407c0d45720dc23cc850bc44f86f8004efd7e29858227aa75ccd4e16bac97a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
e5558f45ad5b2483cee6ad042c76a50a

SHA1
a35c7db9c5bc0fc1f7d1881c1ae56c0145cce255

SHA256
953913763b73411f7139e654093560e72f3d578ba9e39b571d52360ed2659f4d

SHA512
2b96c7273e61b44d3696ba2dfdec81909e5bbb63b052ee87b8789a649d61dec3e3e18d26e3b22a652b7b88d859e0ceddb6069910e662ea3ab4ade800fad10a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
532157a4e2da9866e8542e35465042ee

SHA1
059148806e4e1d0800684c5af9a1c4d7544afe09

SHA256
fa700d3d55c1e07081a9944c3364101368fc25b6e488d0adff42337ad26eec97

SHA512
e9a7a2cd2c6e1e0e98674b6db4694cfb3008747d3afd7a90fb1fbf2c846b3a32e7c6ec2af06365791f3446b78ed0aa61540aa2a01b33e240edad3a2377fe3290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2d507ca88018f32d42b87d791e31c8b

SHA1
f8b6eea34884d979fa65592676fdee90feb1f3f9

SHA256
8f0bce52b0755b7b1576cbe1b3a84e59e1e983f0fd04a6bdc71215c802e71cad

SHA512
beed0384bd5bce6a6cc88e990fea709890c9916f0fb640d7fecc5e01b0504a3998c9daab725199c97aaab0364533f4ebaadb862c596bdf9f23deb0aa036d7f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d180474ab3a99866281c0442ec118ed7

SHA1
8279e2fe601e55a5a907ae25ea3491f2cc036ab2

SHA256
c635c3e79019a92a04d8ec7a26ca9c057c59809b34e9fa9785e61d72542d7419

SHA512
b3c841667e6b9841e8a51d7987de28fb7e016303cb2d404d48502f48c1124224bdb1b5da6a954e4ea809e92477966a348312c7ffc1867f96b5688403cd2461de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3630ca6ef46ed7f17d24438538f6c0d

SHA1
e991e561e971a9ad8101a5b3f4398695aa5c85f2

SHA256
f2a6e492a3a2006d8be57f4aadf83149dbfabb12463a212448f8f49c5710dda0

SHA512
f7deca5315524ad0f47d90f8f928925b2b5c59ec9cfa577589bec5df1e73153f75aaafec16993abda2c3a253ea4d4a176e5d7703dedccf20751ffca8bdc71f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f78702ad8c543d8f495166452b95c50e

SHA1
a4eebe7fac5db4cfb141ded6dad8cf06f76bf190

SHA256
52e95ad5a65f20ca37ea2354113870967baad9f69ee14bd075b423a645a9c2c6

SHA512
80bf2c8efd1d776fd6710b3e81a03e36693d6eb16e092d4241ea51c923b7c70e75d7fbb5c9321f047d1f472a45784072d3f3d30b4afbc0eb500a7734029bd020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
641b4ad5d89d9e86809ce727b3e9c846

SHA1
bad43204414a7dbde417a9635371ebaca0342b77

SHA256
cb0a1c4c4027d4de61b70c439434958a44f3b59742d35cc7d91b6bebc67d58d4

SHA512
f03ad92fefd6f634a8732575a310221d2359f3169f5ef6dd48e64ca2f032bd8c01cc5a070b852d4698eddde22c56e55391b51560d3ec0afe724eba384f577e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
1100f781e678f2a7d028bf9693bf01e4

SHA1
143bd439ac174cf91a5e911b337ac9bf81119d2b

SHA256
2bce5201c976ebdefdfe45f58be0bfff7ad0f110897782acfffaaff0df49551c

SHA512
12dbfd1d8f9c4658511441c0b97cf4c8690be2cb69abf4a0476054727f9a27a22083137523b5ae0e294ef9dde628bcf01ade3be8dfb81186f471f39df1f15cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
986373713ba551dfda2a228d3c7c6528

SHA1
1912f61a8fbded601846564f7d7902caa1df3b76

SHA256
bfa10797cc96201fd4fa17599d86826d9746ec989d638a18761b373b2b5824f3

SHA512
545de80431823e846aba0b2ddc9860c6ed4e1fbf71085eff3d0eb7dfb3228ba46e49b888be944d7f2c17e8258392dcfd755e50af2530428974420ad2629cab57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
894112d59663f5a60d4967e391a43add

SHA1
d2db4da5329e2e12822728c5c6e5d545a5892f23

SHA256
ef054f61b34473d92ef6fefadd3be29fb28997b60dd2a617fea7dd793c11e9dd

SHA512
c4ba4ffdcb818f3e7e3757810ae3d4ee09fd4c322509d913812924dc2a05a5a41f83811597a71cefa58cf303f5db6b5bcea3c0702d736a4112fb1c51c9b18b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
2b11a290a85f97d76d2d918f557b8fc9

SHA1
c4fd558fe855524532083bcb66cc0419b5511330

SHA256
172a0f44ee741a08c0ee8b4cc4114b13ab137f8423b96ff959da881266031c9a

SHA512
2dfa323ca811084a1f289838fa9ce6463ff21cb5e0327a053e1f5a601e3d8ca0db4b41a18dab3a1b9a2d2332224ca4fb5d0207c99eac06de9b926af9b75d16cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
7e3d055dbbcfc86938e7080f1b4bc4c2

SHA1
55306aa61e797102a091317fbca36af32d94332a

SHA256
ddf9e2e7aa908e3cc64dae57f9ab418af5265b6a7b67655556a808b7795dcab2

SHA512
313112ec6c70f6f43535fe17673eaf08df583a0cb1a0beb45d8a5fa38e314ade72ec14948dc20439f438d8c8f64f9d045ba19c16fdf124c4145223ea65177958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f29c84f7d376aec7180761abd9614027

SHA1
0228d6dbad9f6ca7cb0120e813e699ae5cfdccec

SHA256
ee7111a87e4d8b6de33a967bdb0050bfa868ec09007df5e41c8da8a110c558f8

SHA512
7faf0980db8dbea8e9844c1842b709e6414de9a4ec587a72fec64eb5e585d0ae06763cabbf46160c7973f55c9e061ad55c7bc7fd632e0ff3a3e41069289f42d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6edd7661ca8d93cc3cdb196de63f6bcb

SHA1
6a02db94f04dc79db0ead7a4f1d7ab58341a20fa

SHA256
5509243c34126a45505cf7b331b9454b23c733f8db98b4913f06f9319578329a

SHA512
c12806c53dc8fcb02c4b62dabd585a7d2df0c8302fc5d8ecbca80ed77d2250b7f4292076fe7704fc6c31d9554b3702eef8d578afa972db1f34a389cf8866ee3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0773de3a3a505b4c25d687537265c03c66c210da\25b0d959-be24-4f9f-9b2c-2cb965a21406\index-dir\the-real-index

Filesize
96B

MD5
87fa92fd9e69ff865b9bf2fc90ca57ce

SHA1
bf8266a311728107a70a4ea46dc0f130f23ef1d0

SHA256
095b9616cc2b1093aa1e5bebb57025a2fdf5ca22b4fa88d91e5169bd6400d07e

SHA512
d9f8424b0aac0b73e3d16c34889b90ac1b2995bc83570bef7e576e7ed882dcb7431b083bdff8325a8afb6fd2b37ab7629a1047222f652cdbd100810aad33c6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0773de3a3a505b4c25d687537265c03c66c210da\25b0d959-be24-4f9f-9b2c-2cb965a21406\index-dir\the-real-index~RFe5f6a5b.TMP

Filesize
48B

MD5
99865555f50fc1714ff41899bf7a9b39

SHA1
e1d980a227c165a14851937030dfb970c7955b62

SHA256
3e680bd425679892f1846fc57553a4e8c0b73f7a08211521b8a8a30a7aef63ad

SHA512
8c721fb10fdb5c10358a679f47b3056b35f4175f38fc7ee2150797dab268e54759713bf7fd234508e184d828da346c8a3bd1b169b144691bd58c1413a39bf107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0773de3a3a505b4c25d687537265c03c66c210da\index.txt

Filesize
82B

MD5
66316865db03cb1db4944352a466268e

SHA1
14645f89960e921d6dc4d7b735e529053ab4b462

SHA256
7b75d0eab19e0a7a647262c99782dbf6be7d0ed2eec33ca8d2a5e9c26f3729ec

SHA512
a20f489bfe35af9a850c2a60c7d725cb9e0c6b6abb8d296e9543daec19a6f46c5ae0a403c0e9fa38ce57e9c155bed4163209c46ba071b370d8353e5258c833de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0773de3a3a505b4c25d687537265c03c66c210da\index.txt

Filesize
76B

MD5
36978b803ef57fdb23654c0b544a9abe

SHA1
16e207be928742a29d26936f322d9ba9e578c9bf

SHA256
79194899c1a5bff481fa093ebf6f4c89e580c99f11c3dcbd8bb085128123bbbb

SHA512
bfe9e1f9ee88574f3cbc48dc7e04d07d7d5d4dc49251ade2ea94353d001698ab91c921a95cc69e7c9d2fa0b6b7ae8d2821b3e7b66d6b8202713d7a704f899a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa9eaca1963632aaa229b0b157ce6d7c

SHA1
0b5f33d786fa3d919700b278f4cf7149ddf8c802

SHA256
08aa2a8fe5bae89279409c293ee31bb4cd0af0d6a8aeea3daf506e6d95d0f758

SHA512
123817a31313a97b432c13892964d22b7cbb7cdb0f807f8e7b43522c1716469c5c659db0092ee7597442ff4a9b5b00756918c151b7689f0294a21194bf314720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c17415461f468409785e54905bb02910

SHA1
8e3675c1ee39c2b049c70b07f45353624c94ff2f

SHA256
d6666d8d218bdacfd282b5bee45cc92ba70baab36800a4ca3003adb3ac495ea3

SHA512
befaf4941c40a13e19043db56dfa5cb2c3b8438df336d667428e9c45a2073d686523de1ccdd14b4d24ecc54c157a9c6007ec43294473a8129c5a949998e8ce37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c5e6e1883af6a0bf5efda7c5f2464889

SHA1
da891cb30c689043ac519be4ea1cbb5afb892fe3

SHA256
5ec08446b6b48d473a243272177cb5784796a51ffdf49c99b652715391cdd6a7

SHA512
d6c45922cfad5c6ea6b722d43466b3493f55c2196d8e59d3317940d5859606d4eeb31237dc3bc404d0aafd2930472ad1dd257e11484ae858b455e794e9c7ba5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
c0b246d7a9a29e7047d793d0ce3ffd52

SHA1
a2d4f663559bddbf9d9743134f3aa75193f79bfe

SHA256
52da9deb48826d4e64005ebdbd57225caac5c9855b7095bac960f52fb17f30d3

SHA512
7a6011f20387993856ef5c9858cfadb8a078cc7c729ddc26c5a65849bb251864410da6d18b0c695b1b98c433002fcb1f8c2d6c6ad9227d62e1dc2bffc5e68702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
65fd348393952bd102e92f38bd9a4066

SHA1
4d2d25714f2cc53396e65b724e0572a103031037

SHA256
5a25ee6f9cc067d9038efbf86c566500d8698ea4d9932b439cc3e11f08e322a1

SHA512
6248bef84c80f69114e502cafd10dd8e7283fb4ce7e941ff8455f01dc80b0741251fd4755476e39a9e8a78ad1bd02eb4a09fabecbe8135eb211380012c130ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
69aa989deac8f3f7990dba4cd1c33268

SHA1
ee6dcffe4b60c393c3bbe5a1b5aab3025265a375

SHA256
568feea650d057d87eb03d71580125bd6ca9effb13b77d05c8c0cc2065adfb46

SHA512
dcb1acfe71a877cd3ea9af93d466d2ebe50fc739fc5b6c766d86077a30d6af86cfeb846197a0a00306fbf9f5528c0c65dfa2c55a69175db5667cad4819b3fdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ec5af.TMP

Filesize
536B

MD5
e349501b2b8290226792ce4e8253dc48

SHA1
49663950cde7a877771905727bab1f7bdf0bef0f

SHA256
1d6a1b919f95907c2d6a467c721e64b117ef4ccf5b1a09e0bf129ae632ddf702

SHA512
218b51c00cddc1d92a5435eb63bd4c192fadbbf2e08cfced83f716d7cf8acde7f0003b73790b3a61a635f993e5d8c913b5bab10d40bb2dd2461b678f737b373e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb6c6c45a0802ad3a4808f0e6e3fe917

SHA1
96b00526773804367379a8a27720813cb26269b7

SHA256
2e333070bf2234828334bb704449d7c4c62d6d3f369dff8abd080a4819c3e38e

SHA512
d09c20c532ec369e2245c9145247fe844da8458e46f4b9c396427a5fc8cbdfc88017b893a5b3127b9fa5f3cfd714235e2fd8f52ad5a00c3de3a0b0c87d79f86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
359533565e0d4ad66ea00c287b4b6fcb

SHA1
9ec984a85270774a3e78422198533b8714f84d58

SHA256
36684ec0637f8e238ceda27d8848fe0482c9084fde59677848678815af714c91

SHA512
25f7eaf2bb28736280441aa5c7269dd613e0f46435a6887a0a7596ab35074b8dc2ba6968cdf645530cd24d1a6e9429f80f506e17f07cd6c036a3d7c31a6e1f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c466c67b1f61162b427607ba0a51322

SHA1
d25a54adabd9e9479d304219f2604620ee2f7096

SHA256
b1affcb1b00706d9c769a5ba87ad3c5c1b2e9db0534dde692feaba6a4a202151

SHA512
fcb52fd58d684100e236897d1dc3616529654a5c9304701e2084cbba236441311c026e209eaa7e343880ef2e384d36b978f3f7b79822d01d0de7cbeb6fa7a8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f94e909132d7ba8b4fc1a879ed7959bc

SHA1
b456efec1a4e98b3dfbf3ed09462b0da7244c71d

SHA256
e186c6b28d0a5ab3637e9e2f910c2d0ad2daed24e8540cb2028b751e13277fa3

SHA512
03be41f4761ea4dba7d4fab07575bf19f02d2add9f49de4815bf1c6f19579667e07f98149e8562d669a73c102de18d0989e1f710e034695fb92daa309147af97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
fc240c081ec382df4b74d591d7d37a45

SHA1
396e9d8accb2ff8b32e6c3957808cb87d23ad47c

SHA256
8cfeb277627a0fc9f2596c83dc37f9a3d8871293cd88dadd08f32098bf936038

SHA512
d8f83773c330b88b43f9ebc6220aa98368854e44a75b73a8575e7171f6c32e784d404e5a2e2e7787d3c71c0cfecdbb983631b639d9fee879b374d498d2ef0ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe

Filesize
59.2MB

MD5
b92e67b032b5c0b9608c4931c1a6f4af

SHA1
ec5394cc31bb91d4d4eb71fb2bc327d95988c3d6

SHA256
302a0f330fcb61c6d89b2ef9d456cb651794f95dc9b84b04b8d6870e874c5f8a

SHA512
de06f8c1b02610f5e6b65b82ad97fa7486c19a9c5d1bf75602c7ca4b01960c99870f5cb4de3883953a3c229810fd29af8e9c195249acf1890401123737d58548

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe

Filesize
5.1MB

MD5
13f64492e59fbf56660c8d0f8cdc1621

SHA1
6d5d7ee39467dbf6b913a750c92621eefc33620a

SHA256
e0f5454e2208bac275e663729062e89c0e216da5753682a66d1029dfa98c09c8

SHA512
759f1039cc1ceac9b67062649600361ba65d3e6359f319229276e238f3062a3a991ff6cbd306e3fe4c6b7b88b6eb61ad3e96f7eefd5c0eca5b8a5f6496ccd79d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8E4D7C4B\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe

Filesize
12.4MB

MD5
a67ecb9cb43eba248f5e1b4d4c23846c

SHA1
df7ff1571dd857cae52e4753f607d5d286421225

SHA256
50af2e54364d76a3d6b586c1c512cd792bef65193279a1ecae26b1c12bd845ea

SHA512
46abd4a90be14b98cc4d147e838a63c1626989e4ad9914a216b872f10e0d2b88e971e05552d3c491ba4425659da410050e38f37d514d82901f6f948e5fa3d630

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BDGG6.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Filesize
3.0MB

MD5
ede7579ea135a0b8caaeaebcd76ff500

SHA1
99eb17f3c7b96275e44472046ec2cd6a48c9d677

SHA256
5eea98260d9712ae1adce8c2d4fe394a36f0a22611f6f0f85d158db5d1f46513

SHA512
1c2dd5d70fd0a46ac3de68b6e3201f70501056c1bd8301ab6b0d2a56dabdc782ac5aaf4aba354c771cb81c137c1b3a41021c9bfc90873fe52a528765f378c17d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BDGG6.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Filesize
1.5MB

MD5
80d0e426d2e54f7a0c9140347363aaab

SHA1
821ce0d6052bf2fc37cd45f3bab792ba714e6c35

SHA256
f4446330a72959243482719987d4e5fa29860c02af952b11ffa060bc0cd1aed1

SHA512
fcf95002f2a171c72fbaac1bbfc0dd9ac00070e56d2cc58c1474d749a3a2b1960d0816d8267c7b522df09751dd461c553ab848087bf30c95f3283c6feb1abe80

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6E8E.tmp\StartMenu.dll

Filesize
9KB

MD5
000ca2d1e21f4b461b2c8b888b098a4a

SHA1
42fafc505d2fe16657fa5ebbd5ccd89c3b386637

SHA256
e5ef538f9ada994299a0860c26f68ae0649495f68d388b910a05cba00d3ee365

SHA512
ba0b2960c95fff4428999adc02f82c88b59aef464f2057be0b8d93c523293e84a9b8edd73d9a8dcfac96d9340a7d09815c8ebd5cfb317bca81e07855d08e0fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6E8E.tmp\System.dll

Filesize
23KB

MD5
125aebb055446fb52aa5956cf99e8a9a

SHA1
6b58fd08a8ff2763219cc6b0dcdb875f9970f850

SHA256
2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

SHA512
5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6E8E.tmp\ioSpecial.ini

Filesize
688B

MD5
183e0301271273e4513eef65f7566a5d

SHA1
afe6e5215a15deb06b2f96ca7e0c2532c4b7c4ec

SHA256
d73e34c8f520d934376818c96e606fe93ed126d040ca1bdecdf0b6889c0401c4

SHA512
9bb9d7da0cdd227e01abfc20ed94322b5bc8503f7f7212538b054a20e1bb72bd32f6cb3f05da37dfc37a35da1c3d8a11c5d0c533c7945f15efb76ebc0b604073

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6E8E.tmp\ioSpecial.ini

Filesize
551B

MD5
bf9cef49b633a0ca7eb34b764a4aa232

SHA1
fd9367f91aaed847146b5a8da0f8008d40ba9c97

SHA256
3757722064559f666b6b2b0ce94186199dab138a5246753bc5a953347b87a4bc

SHA512
f4957aa1fbab29626312b978fa56c0d58ecbc2c637db9f1b18391abaf3a643b95fb640064e13be93efdaef42c10c53046a76f7c0ee92fed6cbde0105254dae43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6E8E.tmp\ioSpecial.ini

Filesize
551B

MD5
c84097eaaea5e8e35a4e294b7a88a428

SHA1
7adaba232e319bd7ad617ba75bf686245be863ad

SHA256
20db5c9b3a584aa831c2638ca9aa8dd1757064a3809fcbce616933bba8acb176

SHA512
5ccb02bfa07abc8bdfa8cdac227a2b8ee93549d8fb5a952869dde644e79ac6792f7f1fdaf3fa0422db57604d661649034db69f4f46b033dec34420e55ae9f579

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6E30.tmp\InstallOptions.dll

Filesize
18KB

MD5
adec63bd08a185bffe6fda335d29df87

SHA1
23f37d31f3b1c07547ad4fa2747305a04ac09b54

SHA256
dbd0068d46077ee1ace4eaafc3312389c29af22d306c5757a1a29a93146604a9

SHA512
44bb32fa41b0c2b41d637f15dd2cab84ad6f9dae39febb263923eeee19d1c80d65ba3939ab87d34fbb28af6a6f867c21daab5810d289e309451c67ef6f65a88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6E30.tmp\UserInfo.dll

Filesize
6KB

MD5
7f780de67db61a924bebc0cafaded3ad

SHA1
3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

SHA256
9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

SHA512
8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6E30.tmp\ioSpecial.ini

Filesize
688B

MD5
61bbb659f981f869202e4b727a3d7de3

SHA1
338f2d443fbb04b6bd59d79523be63bfe68884e4

SHA256
4080253facb8a615582130a8b3324aa32d19d2189c1528c6684772e41e279ca6

SHA512
d060063792a2b1be353f389c040293b9914904d09853f47cfea91ad16f6853d6fff70347af298db617455db2c861469cea9f7f1eb27ccf47546be8ccfbcad7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6E30.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6F1A.tmp\ioSpecial.ini

Filesize
727B

MD5
7a2e5dba9fcf40e1296e863b34331b10

SHA1
7b4fa1a2905cca28e0f71f34a9bb483b745b9f19

SHA256
3bd91efa832114a5d8eee778e2e70768249578ee33d2a93c6f42e077d09714eb

SHA512
f4f3a738d4627deee5a716cdf6315548a58ee7415f9f9cc39cda581091ce5a91610e0272e00a9670829d059e37d403c9e5e63cb282ba3b081abeddea42972321

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6F1A.tmp\ioSpecial.ini

Filesize
727B

MD5
b769d5f9afabaaa05b631eb627763cf4

SHA1
0a18c8de7c78764bbfcef94d24beca77c9bfda90

SHA256
0cfe7656f9ce5fb24186bcd4fbbbae6fdfc5c2a43fe81a59b34b65d7cfdaa30b

SHA512
5b959ed1eadc41ab09f159c838fe6f835381bbf8721eada4b72b18168ce364893d87c7f93f08ff2526e5fbafa91aa4b5c74cd7c059259031530b65da8570cb06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn6F1A.tmp\modern-header.bmp

Filesize
9KB

MD5
106c17cc344131ab993224f2b8145850

SHA1
2355e22ffa7690fc5ebe9dbc6166922e3939e632

SHA256
f77071e483e5323be298afcc2af5d4d2b5ceeeb455d33e2827999a1b916db603

SHA512
e971e527b869d5514e1ed35a795db91bcae4ac707e8cc2a756e9f313a225049720cfe27e52b799880bc0b9b6852e9532ba544bcfac01aa6a62649985aa2224c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
2KB

MD5
f62fa11ede9416154c38deb780cf72f6

SHA1
b619b33629891734a9c0b91d5ae021bde0a9185f

SHA256
f8f71b5b546e7fbca33dd129bf8f83b4ff0d68171ad98ee89e6fc800216f5bc3

SHA512
4f42e31caac9a1b0d1f00dcc1325d876923cfe773fdeaff55ee35ed18723371e23102f91c8bda3f13ba18d63cdf5c69f9d247a70329edc3aa962d0289612a9e7

Download Submit
C:\Users\Admin\AppData\Local\Xfer\Serum\SkinCache\SkinCacheInfo.txt

Filesize
7B

MD5
7a1920d61156abc05a60135aefe8bc67

SHA1
808d7dca8a74d84af27a2d6602c3d786de45fe1e

SHA256
21b111cbfe6e8fca2d181c43f53ad548b22e38aca955b9824706a504b0a07a2d

SHA512
94abfc7b11f4311e8e279b580907fefc1118690479fb7e13f0c22ade816bc2b63346498833b0241eec2b09e15172e13027dc85024bacb7bc40c150f4131f7292

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
21ee66eab17467ba4b418716d8fdbf72

SHA1
775eeb79c1a5b5391e1a43a2d802a93521bc112d

SHA256
09de579eae859a6531b85cdd01f73204bbd32e7fcdef6a972a0d97db20812f21

SHA512
51c8eecef4934d04a9bb63e6026a24e51cf2abfc03177b5b8790ef4edbe1e2b0d4d61c2885a62e9e30feca0d4f1e05b53b5cd9ae42d91fd3059ff0dda5e5355f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\6d42dccd-373f-42c7-b9d1-3490d945ef4c

Filesize
11KB

MD5
767738f6d6fc62de8ed008d2c78075aa

SHA1
5a8cc93bfe9eabd2ee2a30fe8501af2f6f0d7ef6

SHA256
c0fa0f32ec3e57bab8bc44abb131530ba6c06d762df2cc6514839bf73d5d8d81

SHA512
478c435ab72b79f57088da42b310fa846481fc222d0434941d43ce14401a72bdf626826625541af95388764a37913bf0765c9c56ab9558dd81e7311548d8e560

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\b60ec70a-926a-4c64-9a3d-b8e4f33f5292

Filesize
746B

MD5
36349497c19727a303d676c5dbbafcb6

SHA1
c11c5f7438f6c36150bb896704512b25ce4729f9

SHA256
31fa0dc8e107c4852b4a520c32f3baa088d1417163c745a59396acb92f76504e

SHA512
dafe19fcbc2b1ac97a5576011df47605aebff71970f375905317987593f2144c4cf67f145600199ef030cf904ae72bbb8446be80db970e1a14c0ca8abf6865b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
3a96ea6698531a8eb39edf21a81833e9

SHA1
abf4b25948c5007c46bc6d0131436a45022618c4

SHA256
23f6bf58125761cfdda67a2ca57b0c08bb5f01111f43a168302b8cfe735b3a86

SHA512
184f3109a75e11e8e1f9990b06b7c91966a7064d1f01fe6111d7fef581bf9714eadb7e21f02c03c7dc31594dfd6820c4b83a3f6ed2e5b0cb7570fd1dcda4845b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs.js

Filesize
6KB

MD5
3f27b71747373149fdee626f015ff989

SHA1
7e3eaa4a09530b7a1fff2a7fafb866551cd4ee9a

SHA256
6a441a762e1696df324e8092face9b72c9f10d08c181ed443a928a8780992cf6

SHA512
effda48fccba2d4c170cbe6f1db143eff453311044e399df293c0807c6f85b8a1a7e03c41a2a40bb0096dad989f89baf527f418f1a506930fa0f306adbfcdb66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore.jsonlz4

Filesize
884B

MD5
7be98457e4ac4ab25599b9fbb4554218

SHA1
70c84253274758f70d36760cbe0be1536837b171

SHA256
de489ea5981859c2672e68635d0f767119ba582413b4895b52d209261534dd39

SHA512
8a157029101b464d615c3dae8de98f6cf461c4ec62433aba1fa80b474bf778b49c2cc5ab3d6a0843a1e2f21890ba4152a39220633a8f49b0815488eecf6ecaae

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 141728.crdownload

Filesize
35.1MB

MD5
8a5e80d496c3052a2057098dcbb1293f

SHA1
f26b1be68206eaa0b36f1ee057bda45b45070a30

SHA256
5f20af1d782468507417d0785826b1f064fadba88ed1691e2def269922ace56b

SHA512
e99d92bec376c548c0b3f8569fa43414efe9fa3f24d43a23c281a526a5a4c94642ddd0103a369b5feebe0b63f00c2633925be7a22ed3ccd70ef7c599fb424351

Download Submit
C:\Users\Admin\Downloads\Xfer Records Serum v1.368 WIN-TCD.rar

Filesize
24.8MB

MD5
1bcf2a460c5711a92bc9d03a9552c8e7

SHA1
3025d8419b5937863c728d1b7614061288859f12

SHA256
0e77d2ab312e393f3c1efe838901518e69ecb6e066db126316e6c374d8b5e4b1

SHA512
c093e9d8bd533e07e84ac007e2f21eecf8590559a660882770db0f162432c5ba9d5854a90a78a5fa02dd557b405b830962ce18059131782cfb20e78fcb38833b

Download Submit
C:\Users\Admin\Downloads\Xfer Records Serum v1.368 WIN-TCD.rar

Filesize
14.9MB

MD5
faf4821e9068b3a36d6290e014e664f7

SHA1
79dfe264e058f3680f1ec49caa4997abdea92836

SHA256
89cfbd97103e88486e436075d75dc2d59a53f3403ebed7e0f7ef3bbe17c6e4f7

SHA512
763a0768239a00e7d6f7ab3948d9ae7c0cbe50fa7422117f46758894fd1e1c6964615207227c29842850d124c78fa50217793eb05efc81df4b58577ab20d7ab6

Download Submit
memory/620-174-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/620-297-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/620-168-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/620-176-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/664-5303-0x0000000000F00000-0x0000000001392000-memory.dmp

Filesize
4.6MB

Download
memory/1216-193-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-183-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-187-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1216-296-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-185-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-177-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1216-179-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-188-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-175-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1216-284-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/1628-5292-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/1628-2203-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/1628-2205-0x000000006AF00000-0x000000006AF0D000-memory.dmp

Filesize
52KB

Download
memory/5176-2210-0x000000006D040000-0x000000006D04A000-memory.dmp

Filesize
40KB

Download
memory/5176-4173-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5176-5040-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5176-3663-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5176-2922-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5176-2209-0x000000006AF00000-0x000000006AF0D000-memory.dmp

Filesize
52KB

Download
memory/5176-2207-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5176-5289-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5352-2201-0x000000006AF00000-0x000000006AF0D000-memory.dmp

Filesize
52KB

Download
memory/5352-2197-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/5352-5304-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download