hxxp://negr[.]com

Analysis

max time kernel
189s
max time network
216s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://negr.com

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2776	OneLaunch - Easy PDF_bc2yv.exe
2564	OneLaunch - Easy PDF_bc2yv.tmp
768	OneLaunch - Easy PDF_bc2yv.exe
900	OneLaunch - Easy PDF_bc2yv.tmp
648	OneLaunch Setup_bc2yv.exe
3284	OneLaunch Setup_bc2yv.tmp

Loads dropped DLL 7 IoCs

pid	Process
2564	OneLaunch - Easy PDF_bc2yv.tmp
2564	OneLaunch - Easy PDF_bc2yv.tmp
2564	OneLaunch - Easy PDF_bc2yv.tmp
900	OneLaunch - Easy PDF_bc2yv.tmp
3284	OneLaunch Setup_bc2yv.tmp
3284	OneLaunch Setup_bc2yv.tmp
3284	OneLaunch Setup_bc2yv.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
192	api.keen.io
204	api.keen.io
209	api.keen.io
212	api.keen.io
77	api.keen.io
78	api.keen.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1376	3284	WerFault.exe	139
2472	3284	WerFault.exe	139

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{310CCD09-FEBF-41E8-9551-3FACAFB050CC}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{CDAD4BD7-2AD5-45DD-B72E-67BD01F5E74C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\memz-master (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 432726.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier	msedge.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	204	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	209	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	212	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
564	msedge.exe
564	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
3188	msedge.exe
3188	msedge.exe
3448	msedge.exe
3448	msedge.exe
4832	msedge.exe
4832	msedge.exe
4656	msedge.exe
4656	msedge.exe
4360	msedge.exe
4360	msedge.exe
3076	identity_helper.exe
3076	identity_helper.exe
4844	msedge.exe
4844	msedge.exe
3132	msedge.exe
3132	msedge.exe
3044	msedge.exe
3044	msedge.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
2564	OneLaunch - Easy PDF_bc2yv.tmp
564	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4268	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
1080	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe
4728	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3580	MEMZ-Destructive.exe
3188	MEMZ-Destructive.exe
2012	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 1924	564	msedge.exe	78
PID 564 wrote to memory of 1924	564	msedge.exe	78
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 3420	564	msedge.exe	79
PID 564 wrote to memory of 2088	564	msedge.exe	80
PID 564 wrote to memory of 2088	564	msedge.exe	80
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81
PID 564 wrote to memory of 3832	564	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://negr.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc9d03cb8,0x7ffbc9d03cc8,0x7ffbc9d03cd8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,809164964878409968,8957047258039409505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7508 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe
  "C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe"
  2⤵
  - Executes dropped EXE
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\is-D3EDP.tmp\OneLaunch - Easy PDF_bc2yv.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-D3EDP.tmp\OneLaunch - Easy PDF_bc2yv.tmp" /SL5="$30268,2484380,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    PID:2564
  - - C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe
      "C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1OTM3NjQ0MzUyNyIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJlZGdlIiwidXRtX3Rlcm0iOiJjaGVhdGVybWFkLmNvbSIsImdjbGlkIjoiRUFJYUlRb2JDaE1JNm9HeXA3ZVZoUU1WOVdZVkNCMmRQZ0duRUFFWUFTQUFFZ0thbl9EX0J3RSIsImRpc3RpbmN0X2lkIjoiNGMwZjJlZmMtNWJkYi00NTI2LWFkNTAtOGYwNWUyNWNkZmQ5IiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRlYXN5cGRmLmNvbS9wZGYvbHA1Iiwid2hpdGVsYWJlbCI6ImVhc3lwZGYiLCJscGMiOjAsInV0bV9zb3VyY2UiOiJvaC1nZG4iLCJ1dG1fY29udGVudCI6IjY4MTAxNDIyODgyNSIsImluc3RhbGxfdGltZSI6MTcxMTU3NjUxNiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMjkuMi4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImEiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImEiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19kZXNrdG9wX3Nob3J0Y3V0X25hbWUiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19mb2N1c19jdXJzb3JfbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 /LAUNCHER /VERYSILENT
      4⤵
      Executes dropped EXE
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\is-FPLS6.tmp\OneLaunch - Easy PDF_bc2yv.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-FPLS6.tmp\OneLaunch - Easy PDF_bc2yv.tmp" /SL5="$A006E,2484380,893952,C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1OTM3NjQ0MzUyNyIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJlZGdlIiwidXRtX3Rlcm0iOiJjaGVhdGVybWFkLmNvbSIsImdjbGlkIjoiRUFJYUlRb2JDaE1JNm9HeXA3ZVZoUU1WOVdZVkNCMmRQZ0duRUFFWUFTQUFFZ0thbl9EX0J3RSIsImRpc3RpbmN0X2lkIjoiNGMwZjJlZmMtNWJkYi00NTI2LWFkNTAtOGYwNWUyNWNkZmQ5IiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRlYXN5cGRmLmNvbS9wZGYvbHA1Iiwid2hpdGVsYWJlbCI6ImVhc3lwZGYiLCJscGMiOjAsInV0bV9zb3VyY2UiOiJvaC1nZG4iLCJ1dG1fY29udGVudCI6IjY4MTAxNDIyODgyNSIsImluc3RhbGxfdGltZSI6MTcxMTU3NjUxNiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMjkuMi4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImEiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImEiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19kZXNrdG9wX3Nob3J0Y3V0X25hbWUiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19mb2N1c19jdXJzb3JfbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9 /LAUNCHER /VERYSILENT
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_bc2yv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_bc2yv.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1OTM3NjQ0MzUyNyIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJlZGdlIiwidXRtX3Rlcm0iOiJjaGVhdGVybWFkLmNvbSIsImdjbGlkIjoiRUFJYUlRb2JDaE1JNm9HeXA3ZVZoUU1WOVdZVkNCMmRQZ0duRUFFWUFTQUFFZ0thbl9EX0J3RSIsImRpc3RpbmN0X2lkIjoiNGMwZjJlZmMtNWJkYi00NTI2LWFkNTAtOGYwNWUyNWNkZmQ5IiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRlYXN5cGRmLmNvbS9wZGYvbHA1Iiwid2hpdGVsYWJlbCI6ImVhc3lwZGYiLCJscGMiOjAsInV0bV9zb3VyY2UiOiJvaC1nZG4iLCJ1dG1fY29udGVudCI6IjY4MTAxNDIyODgyNSIsImluc3RhbGxfdGltZSI6MTcxMTU3NjUxNiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMjkuMi4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImEiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImEiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19kZXNrdG9wX3Nob3J0Y3V0X25hbWUiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19mb2N1c19jdXJzb3JfbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
        6⤵
        Executes dropped EXE
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\is-AKSSR.tmp\OneLaunch Setup_bc2yv.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-AKSSR.tmp\OneLaunch Setup_bc2yv.tmp" /SL5="$40252,105360929,893952,C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_bc2yv.exe" /PDATA=eyJ1dG1fY2FtcGFpZ24iOiIxNzQyODAxMDA4NiIsImxvd2VyIjoiaGVhZGxpbmUzIiwidXRtX21lZGl1bSI6IjE1OTM3NjQ0MzUyNyIsInByb2ZpbGUiOiJwZGYiLCJtYWluIjoiaGVhZGxpbmUzIiwidWEiOiJlZGdlIiwidXRtX3Rlcm0iOiJjaGVhdGVybWFkLmNvbSIsImdjbGlkIjoiRUFJYUlRb2JDaE1JNm9HeXA3ZVZoUU1WOVdZVkNCMmRQZ0duRUFFWUFTQUFFZ0thbl9EX0J3RSIsImRpc3RpbmN0X2lkIjoiNGMwZjJlZmMtNWJkYi00NTI2LWFkNTAtOGYwNWUyNWNkZmQ5IiwibHBfdXJsIjoiaHR0cHM6Ly9nZXRlYXN5cGRmLmNvbS9wZGYvbHA1Iiwid2hpdGVsYWJlbCI6ImVhc3lwZGYiLCJscGMiOjAsInV0bV9zb3VyY2UiOiJvaC1nZG4iLCJ1dG1fY29udGVudCI6IjY4MTAxNDIyODgyNSIsImluc3RhbGxfdGltZSI6MTcxMTU3NjUxNiwiZGVmYXVsdF9icm93c2VyIjoiTVNFZGdlSFRNIiwiaW5pdGluYWxfdmVyc2lvbiI6IjUuMjkuMi4wIiwicGFja2FnZWRfYnJvd3NlciI6Ik5vbmUiLCJzcGxpdCI6ImEiLCJub19zcGxpdCI6ZmFsc2UsInNwbGl0MiI6ImEiLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19kZXNrdG9wX3Nob3J0Y3V0X25hbWUiOiJ2YXJpYXRpb24iLCJzZXJ2ZXJfc2lkZV9zcGxpdF8yNF8wM19mb2N1c19jdXJzb3JfbnRwIjoidmFyaWF0aW9uIiwic2VydmVyX3NpZGVfc3BsaXRfMjhfMTFfbnRwX2Rpc3RyaWJ1dGlvbiI6ImNvbnRyb2wiLCJlbmNvZGVkX3NwbGl0cyI6IjAwMCJ9
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 1528
        8⤵
        Program crash
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 1948
        8⤵
        Program crash
        
        PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3284 -ip 3284
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3284 -ip 3284
1⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc9d03cb8,0x7ffbc9d03cc8,0x7ffbc9d03cd8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,15474053343976006540,2731152429039809358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4600

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4268
- C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
  "C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3580
- C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
  "C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1080
- C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
  "C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2012
- C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
  "C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3188
- C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
  "C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9E4B0B2D27A373FE3E83A36F2D623056

Filesize
727B

MD5
288f86333b114f245acdd8059928b9af

SHA1
22837c723c97dc480d1d30608c48e3279b70d02d

SHA256
301a12625ade0babe259b2f262b545e1eaa9c75f04c9d7574987cc891d2c126d

SHA512
b5102b49b3c6b5c070608467709471fa2a089949fcc8612137f1b95151070d9e44fc494c10f1f8277ed57e171d62d1c3db0bd1c449cb59fe4ab487bb2b8fab6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
3b51e41d93df132b90a46d9f529a4a15

SHA1
adfcbfab7670e420b66f7530f9d866486186f352

SHA256
c14843a220b612d6c90a59232c764c088b50a939614955a23235d5418cea8084

SHA512
e04cbe221cf9e8bb01828d03922399d568b7d68d845fea670bc829f82d8e2eb88aa9a7d24a4b89c838cd7e0d90279e40c5ad07f5a6aeb8d0acef21fd8975f282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9E4B0B2D27A373FE3E83A36F2D623056

Filesize
404B

MD5
88bee1a7f36320d626b58516b7cb14c0

SHA1
ce75eeafdcd6861e439774c3e0face99cc85928a

SHA256
c8076f4ba7c3b127464431f58f6eda85405bb98d53939c6b3622a0e263b6d148

SHA512
c8a12efb345308c5028493774cf823e0b399e562fe20358050cabd28722ac3f209bfd2c39656963b6eec149d4b2ab45bbe7d081d1753526fcab2d53026e35021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
66752e58476e3d4fa9f278182db1a0a9

SHA1
0b2e689f031dce9ac99f649359cf6f5268ee3b53

SHA256
7f8a5130ad6d67683a4fbf94820af627d3f02116233643751a7c2843ad3449d8

SHA512
92b73e5be4ec005e163c23c47af3931dc44bcba7cda8f0cf8c841cbd783888335da7a89f47f4b24db3f4d17b45fdaaf78950ba4301b78899065296ca2b6cafcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea958981a441f0bf952e84ab54836db7

SHA1
138e5017fb3c202489a872c790f517d390bb0804

SHA256
06a0c1eb5dc028fda976e539fd79df266168895c39750dbb556f8a9e1b718487

SHA512
b7dc56f691f6005a08c7426bccd669a5d6d92f55987e5cd6f1c5441c9751050cb7c4c62be157b4c507e78f0603228db74932cedf31bb32c0299d35d3eb611344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99ce91cdb934440be4f63c78b0e0512d

SHA1
38f127eda2caef5709bf6b6ea6b0a2e4b99a0a27

SHA256
8319b0262dd5d1746a286600fc1bdbfb380f3d965cea8d60d87f4f5e90d27424

SHA512
6907b0446b2d4d8235fdc2aa23f088be0f44a2b1012ec8c3e2b71599d76b23e85a326e65d4a8a850806e3557b117dc362f92bd18a6e4314c2d0f7d74b811c2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
97KB

MD5
0d7724f75e74d4b244f1b5c04cd92e81

SHA1
f6a2c881a75823f7aa732943706cdfaa129a4f35

SHA256
6e7ec1cf378c215dc7ee9cd0c158c7025953525a37d7996252bd9bc191286c4c

SHA512
c25f2be229725faff4ad446675648dd7194526f6e7e6be79b3cc5d33ca36101b9f2cabb8ce3de8975cf9df7feba9a71f8b1ffc9e4c997b16e05055a4fa2091f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
50KB

MD5
f2b16b571550f3dcdc51e472f0edf5aa

SHA1
fd0faf02507b71a2fc1da1848be079ca5d7ed5f5

SHA256
646c9d597f378ae7be9979188878f9c0d263fd5eb3780d4a18e5d578fc18484e

SHA512
d1a0743a1d47071236ffe543e66b7025f94ca5d8d268982b313dafe1aa5028ce8bb9dbed20c2ecb9ab0767b9eccbcf1b11c67078208a57acb6cfaedc744599b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
49KB

MD5
a5d4d78a747e9ea06ee3c21c078743fb

SHA1
0cae4fe857533d1f23df582ab787a3d9ceb3ee2c

SHA256
4f8042ce225fb17a8c2609e7791c2cf52fc7a60bbcba0f8edefbd328ef7837f2

SHA512
d2d2b5c96ae1a432913820b9c6533bd9221c9f39e969d374f6cbc6747a331846f5b9fcc1f8b68edf314b3c6570aa85593e9bd37280a27ab1bfe4dcd859f89653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
190KB

MD5
ff98b9400c1a3ad12750f6c49a54573c

SHA1
2f66270f9b62b59ead5fa3feefdc0bbca8eb3431

SHA256
82c0fdc66e2a3c68a69fa81820f966bc5f4099cade2b2460469c0452688ed5ee

SHA512
d19d74e7fc3df8b0ac65d96de0d3f770ac129ab50cad6ad4d55c6b02c31f4c46dd5156e0c241b0194074a46d3a13aa4eb319acca1ea30e11676a0c7b6fec5c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
137KB

MD5
605c869b40d0b85acdab12e9023d4d7c

SHA1
78b10009cacbdf3d5c60042b287bf0ca1a43f948

SHA256
e3b18587d350a7ec79e53a6cb8ad03a2944635da52af5f9efe0f4b17dd7e469e

SHA512
d7d663b9df45b7aafa9bc61d3fe724223caa579ff7818b52d5c23eeeea76ffd9c7d3d10a7807beb83cdee5b74bbfcc62353ff285910d487855212aabf1a74c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
110KB

MD5
aeef15e975b1150c39ce4c0f7be8813c

SHA1
d31fb30ca5f6f6d9983495f60b40d104ba0534f6

SHA256
56678b42139a67cf0e21b7364f6b2ea8db3c168221c65b671c784d6170ff6b96

SHA512
e429b1b7f91adfc83294f35238249dbcb3e1f38b4dc37ef33a31e881240e1cd708b2847bae23e87c8f3fdf364659e3aca78373424c6af657520117077520cfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
134KB

MD5
33c3c5540b1ffdb273fa38d95c93f6bb

SHA1
e6b411b5a3276c6b483a6058b40f2f9f66eefc7d

SHA256
00dabee38833f18a2441d66a948ffe1f7ccb235e1627df88997861daf0adc842

SHA512
8bf6b090f82c16966c88108d30589e625c4e7746335c75623555bd1a129d53883e8a979484a86c0a1555d9e19dab0ef0d4bb09d1ca8bcda532c912778e1314dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
242KB

MD5
1062cd5142317e4fa358b3927b51fca9

SHA1
5426e16ba5796fcc278801c60c4d0ab5c67ad381

SHA256
bdd9ca6f3470feaa6f6f8c820007c8c178f280e274fdd1fc0f70828bd3ebda1d

SHA512
dbf51e3de71ff8026768845393bf12321600a33052da6bf3d01a91d0e219f6521bcae9c72f51974d98f09a2c85c2d183c263a005265a7e4c323c8b2409e5e878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
31KB

MD5
350b84ddd0f85e337e0d8cc8beefad39

SHA1
9dbbdfa5e3bb28e47b6d51096cd8f8bf5924edfe

SHA256
ea41dd8604a4fb57a74c9be60f8e61f670ce3cb19fa9ab400ceb69d2eb1374fc

SHA512
17fc716497181ac89d7b2b521c267a9b424a7328f637bee8087e86e356e20c6316cc83831e2eff0455fe68228c46c95ac429c85fe666a1552e39c9276187d356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
64KB

MD5
2680374cf985c514eafcb20ea6f1ad28

SHA1
c3e85bae977565c312b9567777b0e6c3ed46802d

SHA256
ab14b6ce56d9d5fffefa92f42485c5e83908f69ea1d263eccc0f19eade089e6c

SHA512
78b853346882acb8bea2ef03e8bc844f332b8b636359757d4495a6fee0da04abe3c2c82e3a73152032f499f718341981cf37076e5a16b50cdda9db68c0e7c3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
ce2bdc9ee291575700acedaca2d1a2c0

SHA1
817f29c93540b36b63dbec76ae0be774b6d2f4d0

SHA256
1ee77085d6e13fcdd5355d7167157d4671e3d3d96f75164d95dcfa6318e86d07

SHA512
0736e870fbd29fd1ff93a65cc07fc148b1350126d778b989570cdf01316b7eeebfafd4c3932dfd885d95c325e2a4664bcbeebc10f3b5e668bf164f692778fbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
19KB

MD5
973fc8ac60ac05d255f47b24e4d2f78f

SHA1
5d163f35156620f25a1247218c23113dcdae6e4b

SHA256
6482bf569b0a609368c4bf055a8aebaee53bf390bcf6438f495d13f4e860f19e

SHA512
486561f4c0c3c74a2d6826bc7841843c8ca15f4d0fa44f6758b9b92fb577ac3441c603fdfb42f518c5fb7fd3682fc52be50b9c902c5bba84c25ba11c2e06cc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
13e6fd01def320800652aa9d3c8b2c52

SHA1
e0fb93f15aa8596985bf708bdc3aba2df96a90f7

SHA256
718504054a7292d7d00dc186ed33afc07c8b48c21da2b7674aff474c6cdeb8e6

SHA512
c7be0490628ea34fb2527003c259d02f4ca8e33a38e407fb10965185907fa2e9da53c0037ea6d736451eb0e4954dc54ed43535be5c7ea2535382618a88383cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
21KB

MD5
2a9c2cbc302435839e27a88672d50a2b

SHA1
29885dc23257a96f4e6c4d171b03cf18ef47ee20

SHA256
7ea12866bb8954e45c73f93d05cc40faafefd8347e9b2ea8d21cbccd38842359

SHA512
431fbe824a834595102ea986088cc3dbd0f32401aae8e9cc59ee9f6a4de8f6acbd8ee2c7c9c7c5ab372cbb36b288d4bf5c75530f530620460c18b430e31a3874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
54KB

MD5
ebefb5a4b7753a36e45d54ab5331a771

SHA1
e7b2ed71f9ff7c673e97d1f8b24e068ccd95e7bd

SHA256
7a7df6c930705ab43fc7d6ae0d983f00231709f95a9d71e1a5302a4fd91a8cfe

SHA512
48ecb72583a7fe1ac1b6206057f7466a3fdde31ee84ac7d6dba8d181947d1f15fbb2de83017a6b1c6b93c96ae35cabf88bb65e464fed32021aa87af41a13c707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
61KB

MD5
58369f8becc4200239f51553b0fadf21

SHA1
773f84e2aff2b88deca38106da38c7514ea1f696

SHA256
92bb431496163783801ac5abcf91265cc326248495663a246db742160f327d4c

SHA512
4351924dc5f1af17c82993d5fc4e87a81784556ef014090371b1daf88276a139b29d3d6f35ee5ac11fef95fd9d69f578d80a07bfbb8ac420adc510579b020138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
17KB

MD5
45b7b5fb759dd5ec873fa32568a008ad

SHA1
3bea1730088c5b7a43d8502401bc037782d9bfe0

SHA256
a4876d13d7fe8f1fc4e8e28e37516406ad4556a50a52c3535442e40342b8b4f5

SHA512
a05a3aced3c7a30922db0b71fe24d99b6a8f6720db1acb92b9dd5b130ccd3d497c86db489d1da7412c532e4b189df619d4db8435ac06a485305884d99b3313d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
34KB

MD5
5407657f2fe2876d16960632f00fa49b

SHA1
00b2252249ffa82d783b525dbf21844c482bdbdd

SHA256
6c4c6f9845c39401cd699f730fd3550abaa07c90e48cfa871d9e6a9b4b1392d5

SHA512
ad137e9e42a0a65237808995b4650926d7a540b4f7bb21bb7196532b18c416ad9ccdf895e51eecc13414c33a48f488b87c962f921a2748600eaf2386af034aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
108KB

MD5
fe64f8fa026975cab844751630411fb7

SHA1
29d655731420738a2c17361a7767ff567c36c3d4

SHA256
50517095e816a8f559d124d870c6ae4835f746815c2f065ddc4a58285f001b7d

SHA512
3aeb354308a17f284196629bd4e58f7054356673556b3feb3489a32d249d64821bbc219e03516faf9984473f65be4503d27754565ecd52e3adcdfd017578b0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
18KB

MD5
6ed920e0f3a6447c3e5d86c552438db3

SHA1
4bd9cd1b552e1879e596c57e47b3813bd95dcafc

SHA256
e513c909d83dcbbbb9ba1b54f1cc8e6d6044ed212d04583d1629afef46eacad6

SHA512
ccd98e921f910e736fa59855a4aae6b170fed4fe359fc3790f92608b5f0ec03f2e92243fad55f51c8cb301003a4115d37c1ec4b7652e4109258b156744f3b1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
22KB

MD5
ac3ec9d3c40715ab2f87df505d811d17

SHA1
5f867debb2359dfe7e2efcddae5b4cdc3e358897

SHA256
62fdb1103fa5dc7b1c6306d9a8cbea1885f8426053eb49ebc264fc4dc669459d

SHA512
f90bed09dca63aa07dd7978fd389956a23694ccc084624408ccf6aaa0f47be83c386eb34ea23d43f25e9de356ef531dc0deec98f093db2debea2b7134e605a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
75KB

MD5
9cf12c3128e00baedfd109c84198a395

SHA1
1a3688037b302a255d18894c1a1e0d371518740e

SHA256
c95036d368c16e9553a54dfd0df08af22e9e2f675d5219ecfc2808da758e8bed

SHA512
e7e4b1d6783e2477b46787d33271e8568f859f06609a59eb0d6a2e81d70aa883954ab4720fad59b20fd5223cc863960fb96a1f9107debae95f098cb6d172511d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
83KB

MD5
b1a9399c22898253e248638047063862

SHA1
237ca6d16947cdbf14dcd9c00a88bb9d0ab422e7

SHA256
02afea774dd7985cefe44c7aedbd7315aac3af6e2b4ad7e34cfda2946f493096

SHA512
3824534f592b2fdd83e8ec7332b85edd292d20c451a95036c03f0a95eb23ad7b19ef780cb495a68c96e7ac843833f634edeba52c655f56686d2f7775bd90bea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
116KB

MD5
d908616943d73c675683a64b71f6f099

SHA1
d1507f194b4f0765df677ab07d4570e5ddc883df

SHA256
9cb38f97aaf3e0b6073b7d9ea2e4a742458b127e5d9843bddc29f4dd46cf9c53

SHA512
677447e1c274884bd50fef093305356069d39cf17d5c6cf425d9dfdcb4f9ee28d6e5f151aa38f9c47de243aab4f4bfedbf915c783bf0cc4ae544833ee69708f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
122KB

MD5
115fb369dbc525bda127e83461e66ffd

SHA1
51edcbd7fca1803f98428d552c1538ec9742b91d

SHA256
1f8ab5085bd80fff7777ce1cf9992fe3c6e8293a55a29e8bb0e829debc8bccb3

SHA512
abe36b37dd95272b4b2566f7c554a060e1203e6333c2c8d61e3691da74b595918819fe785714a3db08f7d7fd5472519446850d91462701dbcaef9af6bc21f177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
34KB

MD5
0cd99e7f42848700bd2232307fed9293

SHA1
50d98e5e3fae466620a828d16ba4ab3dbc6fbb7a

SHA256
fb5639cbcdf58611b1382c64576e3767e28a269f9b42f9d2d987a20b4705b59e

SHA512
749292a8e43ac1a524b9b6137edfe79bdc6a881bfe78ea0daaf2c59d4258199dc8b3e7105940658934f01a10ee0764372865bbc5f82b940c8f0e688a0e86cb89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
31KB

MD5
f492b28251fd3e8040396567b1f495d8

SHA1
2a6a78cb2349171116f871610a4080d974c4458f

SHA256
b6d5969d71f768bc7092d2568159ac6febb70740bf0edee24ef5b4700241414c

SHA512
d89533196564ce7cadfcfe0d59035dd69c94d56f99d6fb4f6da41153a62825cf0a7526d111adb7304d767d3c336f45be9867f1525e3ad75f4fd9752573a94be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec1efb76198a4b8c_0

Filesize
53KB

MD5
3dfed8c595d9ed6faa5d1e51326199a1

SHA1
5537a7fe51c533ef4f1188a230ed5b6ef1b43928

SHA256
18dc8b7599fb84d0373f64ad63ce61edcce0991d49b380e3106eb4ec37b1afe6

SHA512
e2ba1b3f1e93b2fbff4e7c233b7f3e3f6b66b06255746395b56e17b09887dd8bdf48e6c4ab6c3387e433f30e4b356234d87d12e1a0c2e7aafcc66757cf2b7529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
a82a680b4ec6937c32a61db0c1f64e60

SHA1
a1f0ea3449953b4bb4cee61f5ce4549abff41cb3

SHA256
ef1fc0dec8410255e1f248de7f12b9af16ed2d90824346a9d990e5fb320f334f

SHA512
575e97af73fbf8de5dfcee01242069c08f445d698e1470f023250ac803867e68d3968ec767af79562234537ac4dc6ba621ba6dac641a4de8e877b483e41301cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9a4aecb5fcffdbbc2d5a4158d7ac2423

SHA1
de7c27bb9f56fad162601673071ddf3340f1a776

SHA256
6665d8c07c1d05dad46be5969458384cdbdea5463570f70efeb1a6c4e0ae5da7

SHA512
ae65fa35839510fbbbe851014076b89094beee85aba5a5ff8a92c3740996618c2b8aa600395cdcf49462be0f96746bbee3e7b2ed313a42069b0537a4d670765d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cheatermad.com_0.indexeddb.leveldb\LOG.old

Filesize
748B

MD5
40f5aef9207fc74916b493f26775aae9

SHA1
8c1b89ea2fe5a4503e915cb8ceb3c560edfe8f27

SHA256
6ff29c744e787502c1f3e698ce3c6fc692bb537fab62f23a8d395d58b5471a3c

SHA512
d61519d3bafa092e24967c9ca511afb5aec606776a34eb1ef6555b70a69245c084cc703ec6a0a92521d63eb649b7fdc2c3def5db953d7f2196ba8116f1790d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_cheatermad.com_0.indexeddb.leveldb\LOG.old~RFe589f0a.TMP

Filesize
612B

MD5
d1d12e7e4165a1a63ea9f7c549277b3a

SHA1
0eef611d9dcbfc2c815b4db9d04b0d4f5ea7bc1c

SHA256
1d732995a8b32b66a7d3193a511d9937ac88c88eaab81eca06150d1140fee94e

SHA512
1fb4b5cff5a9c1b2abd81da651fd10f28883982389cff67bb51d69da654c8b31ee0c319c287c9f26ab1668c989ebf3d74df3749148bbd7a44aed321b803b63b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f020d091ad27ba8c4b4c8ffad34c6c5a

SHA1
667d5bfa58c20739777bad5297fc9671e71d96e2

SHA256
3f15ea20acfae4e83171bfaa21f627f7f06c741201ede766ef8c7eebf3f2e113

SHA512
ffbdb18c0022a7b7080caf4c1a8ae2153382d379742312d7e2c7dede2052fcaf9cff8978d851a1d77e96649681a082eecf55ea9286f5896b897a83b3daf5e9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
823b9e52f9fb8ac3f778853497ca7443

SHA1
1f13b4e2ecb68997ba660a66d3e84d02697319a1

SHA256
d2811e9e7b36fab92138c22c58eea15c65f01f37f7bcd298c64d588668154955

SHA512
5ecbfc0263b109a31c54eddd391e8ca2c698e6d0b7159ee52d8df540ad3c66fe774f03786e33fe5dcbd3081e5325b82290bf7043e1ef55c271d3b75c9e4fe50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da338c44d0014e1c6fa97be7478f79c0

SHA1
0bb67c33ffca79c2254d72afbbd53b542765e02d

SHA256
fa22e32abbbcecd6e94bd0fcb1c9b847cfb7836f8a61a1882e6e08fb7f1ac321

SHA512
2210834acec43d6e2015352260c1db256d88a581b800bbfac11c62c6befe33e460ae1ed79465d620d4560ade93306892f8ff27ea973df77ec821d9976d071634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0eb1d1f8dd5135784ece7201df23a31e

SHA1
80dc7f6c8a9743b22b0ac4c77fb64aba98b55f63

SHA256
50f12fe5f1a6e932ce02fc8f34226a104ddd901c011d0f41b97da55d47b9d79d

SHA512
122d50baae43cd3cdcbb68b2367df6836c65e6479165377a4c163091a1def76285d4c507c389daa036e136dda2daa5fc078f6c0a8baa858ad946eaea1bc4d9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
499c74255b452f5e1e273025e93ca557

SHA1
ab824475f2930769267cf89c9cbdd3a0b5680d36

SHA256
d0d9ea7a00e0b3d3d6e81607c2cf1115d49654a7f953842f7c11c156fa83e41a

SHA512
a17441058058bb35c344c3d2be5e4d8cc00f61d5f20059d85feca94a008ffc3b636236903739831d5ba4fd4075a992a32a6cd352fc35e2f85974f7166829c6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed5ba41bbd4d17124acd5ca127cd1b0a

SHA1
a35b25cda0e57133aaea5370a4d9930e53062616

SHA256
0194b054a1e8eb5f2165f2e30336052cfc705f72c045f5aef1ea6e38b39b14a8

SHA512
cc16ef44acfe9aa3fae9cad57927a115655329c16c0ef25fd9d36e772fea2969793d631a9ad22916a8a9db3f5709839e778c46f0ff84023a02b02cf132b073dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c22a5a489ae1b747d80f541926927886

SHA1
f3de5e026e5e78a9c2ce9c1dfa46433ee077e872

SHA256
e54dc63ad3cf1285c5a12655d7dae5230f498fcac19111b4a400e87f2fc7c83b

SHA512
2780fdcec48db998aa9abc39f6ca9ab39e31f3805a6e1e22382f90af014462457e26145f7aca327cd3fdc264e6f135fe9aad2507c069134f9794f4341038c36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9fbe25a0616b1837e1c05c19c26ccd91

SHA1
0423223070a2051e89f96f7dab7038d7ddecfa36

SHA256
5bfd914d74920f36f9ab31c10ddd0e5c2ae224db3ed47c539c1567b31faf83c9

SHA512
2515cb926d711f388356941866368a8539625d2a75b61d7e39eb38baf99170e08bf7ae6ab8e7a06e80e292471d8c6a2a450ed85c6b73bb8a77292458c3b3a765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
966b50b457b29ab7e506c5f124c6a2d2

SHA1
89bdd042aaf1a98a4c4e81e1b5084d646f064877

SHA256
f36c6b3f415874e49327a02f51f30b30fb998c28e3792c04f0145cfd7af3a1a0

SHA512
be8b7eebbd939deb34b2661dd1febbac258a954a0750ad57af6dc2c16635eb42b9651f68f028a34f9e837cd41649935e00d2d5a700bf6832e281a2a1f23c9128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
067cfb8f1ef2321489f5fbc7031d3723

SHA1
b446f3dfdf8913b95448bd8845918a0af9afd4b7

SHA256
7e2979243fcba283e13138b963d5f940aa9d8c3855f6ea27ca8c57a2e1febdbe

SHA512
15f8b1a2de83a7ec3313f3202075e265c512134701e9ed994ef83ebacb49aeea655f4c899a8d4efcc3e77df097af486a19cdc92a70528f97cc2b7dad5ac00119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
635acd273f0517c929204894245c61c3

SHA1
c0f39e3c8d2c310214e742e165d7e4a41ba7aff7

SHA256
0980d967986ab345bb8ff8fa04ce2d2b6a3c8c74643d775c93ccd52d60ebf271

SHA512
fb31e766f356dd91a9ebf1a97d5efe7940307a505617521ad5f5e1e924baa41adac8c78351459be61d7d4f97ce4702c4e206b1830788a9e20268808543e60b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a64731260de5a47edea3b57186fd3378

SHA1
19e262b5a64708bd144355a1f11f68c7dfef4175

SHA256
0c357e2f6970e5de02fb3316a161c533381d7401c325db22609d1fc223b63c94

SHA512
eecd0e2fe1c481a3c47860b13f865d7701b4eff4e3f64e7452a9f9c443f8c372fe343cee438368b67f5f7c6c962d5bb5c16ebfc108c381e14f7afd949d8c8d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e2ca97c670a619f757f35df33fad950a

SHA1
79e11523f4b194a6c408110a296a6f48d8cff943

SHA256
8d5e214dbfe3005c6ba9c67fb6b6dc66f9bc2a392cd50c7d1f2f3d91f0616bbd

SHA512
f9307293914ae4f4624ef55f51c98d3ecab5df3e490da15cd1891bacfdde7498a38fc8843342e1b715fbb5091646e70398f598f1f42b4601ea46f8ecd361d217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fbdc732028ca3ac05f08fd688578ce99

SHA1
f9a382f526efdef8946ea2b7d6830ac436e377fb

SHA256
b86777853e8777d3003db45deb91cc175756ba15f97c2992fd4ff6df40092fd4

SHA512
dd6432616663f75e49173fedccc5aef88459954657ee9d346815253822c64c579e56cc74da0fa795c4a4d1029abd5aebdf46da3ce1e4c7f6d258567b9c537de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
74c0a1f860b475ea51d4c8da99b2d4c9

SHA1
7ea96f7f6e953166141c9b9221e58118bd806b4d

SHA256
a49ff0cfe7d443a4a71184d7bdd2a90975718661138030dca69593091373f177

SHA512
bcc787063614963f2594ca93612a13ebf3367d8603e595cd639d1c906409be47bca73fd249f0665b953e3f52abdaab6b917f7c80eb2d4c9167c1a17d3b9cd305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
a24b2f50c94642e80a76e1efb4491734

SHA1
6e5097810ff5fc773f2275b84b3173701d134db6

SHA256
7cfd68b279bd3138aa6cc9981cb6afe55c892a15cca7f020bcce6d5c760b8f8a

SHA512
a3c4b9beeefd358280ac8f2c1837525e1c2b04b5c4d7fd81bb5b680c64d3326862f121164e32af22ecfd5974c6c6fe354deb4db36d42e2ecf116094961247841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584ed7.TMP

Filesize
48B

MD5
6dc3251cf255d9bab6f3d2d98f1e32d4

SHA1
794d49913e2831c97d7c65d1bd9d95d33081062f

SHA256
8e02fa5154f1353a9ed5e61265ee5a8365728d85ac37f331a95f66b6d2183010

SHA512
6a8ccd3c4776b3da128bbeac61caff47075306b82065aa0777213aa3bdb44d8c52eb1b74a6de3fd3ae8a4cb46899e69f2eae9506cb54e40eda7b10cef0698468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a6622117949c8684206c0cb656131007

SHA1
be7c0c38d4b1dbd47fda815b8f1bf9c77ef4786a

SHA256
aa08934b9c75ca873a050c6850051167e5c5b29befdd1e92c36e419e2781c010

SHA512
6d42c1a83dab0a912acbf7b89b898250a49e63e1cfda23519eb020168a68ebc91f7f92ee73677fb9a2e008d55994ec754fe7960d4698a63d3291143f4cd8ce6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ed3a31bbc8225f44ab1c3d6f8effe85e

SHA1
43f960187ab80e4a65994f63522280086c5cb70e

SHA256
179f97ca2e908f97e5579eedd3039eb17aab61bbb396504afe2191717d7ee6ee

SHA512
1e03e81c24a6750591c646f8bfb330c5f6c98144052cb33d1ff4e574fa5e1fe4c3fb1828a78bf7e00c06af227dc51f05c4fa3f0466c94965553148db4e6d1276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a3c6066d715b47888501124b2566287

SHA1
62554ccc88d89918fca27aa46aa21f1392061937

SHA256
1b4763e5a6cba0cd4a33a918bbb25dcb26ee86bbee7a95be9e0dcfe48646956f

SHA512
fa68cf80fe13549cea2fa4b9e21b1c3993650ddf00a9c484731f42c42ca17824cb7587b3fa3366818b315160d6aa9b519ef4bf1a6ade54191d9ea8d5b3281089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
616ef0400ea3167061ad1c09ec628e89

SHA1
5f4c6af9443cb4fd6638e251d574f821e2e1c1eb

SHA256
7635bc573d688d3d5923f7469b0ee4403a435a8ff30468b459bbc7ba7bb9fb21

SHA512
a2bbc67b5c36ef0a881b7ce90742f2ecebed60367cadfde1376f89e366b5f7ae0b422c11d4c0128b59051ad4c92a53bc5e8a7517408586d988e37d67805e5287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f869f2d96014f6953642259116d03a1d

SHA1
a7bc3a7e225e4e913cef594913849a4e64e31b15

SHA256
7b698e15580ff50d81fdb1d7a5c9fb62feab469b13dd2cca611202a069218ca7

SHA512
15dbc73eeafbe1f765cbd3a4c4098f83406a617a96ddb1e703274193ab5e097e59fc5ec4208b7cb62564fc0c63d59c935f45d3a27b93e346ee0a25cb159b0eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
10267531f54d86246c1ab541d7432fd7

SHA1
de5fd2dcd160fc9667652486a028bf333d5aa2df

SHA256
680fcd0dcc9b5ae8762edd4632fb013efd99f010f110bdfc7d3f949edb28e7e9

SHA512
1a9433a4d0631b512248ab6270f8d9e50de6752dd2ad23c335994c2be8e0e09fd840a272692986951f05a72651957544c7baf01af8907dd1bba6921aca1b8e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5b5521b682c488b2079458512eca6c13

SHA1
49139454a308803a785f0800bbf89f4ef49a1682

SHA256
e55de3ae3655b30278db7f90479557749f4ba3a795af510f09c17eaec7077a60

SHA512
d181469bd41dd0365d619ddc78a93ef2d076dc5061b32131704d82e58f0c994f56d336819121331ef1b701dd75c5d9f35f236ad6337bf5bad84915b3ce3a7460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d3529c039dca4395b960832c1be47067

SHA1
dd9536b31a28606515b31ae7f5f3e735e38b68c7

SHA256
22e684aa8beef01fae7acce5731513f7e71a401fa9615eaa112a544a939ee75a

SHA512
ce7f8b1ddac96cb3756306ca162a6069c09c1a0191c7a74138b67266804d3fcbd7d3bd8c9ef651d276c329687f4a7caf558a5012e228c7a98956be4406d701e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9ff3c903f5439879c361ed940378535b

SHA1
ab2d2ab272be101b79b8f30572fa6d3664c74e2f

SHA256
14841af5ba8a96902873bf2d49555fc95d26bc33ff9eda15ce719b7bf366b29b

SHA512
ef82dfcb7b9eb55b5a6fd2ea9cfbf5e19b952771cab841af4198d3843c76dd135d845aec8dc7fa5710664745e5f8922906f16378efef9aff2def039052b6b8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d00889f990fa8adde2921d8e9dacb66f

SHA1
4db58ee4b0e267f5d9caa5bc9885cfec0888a412

SHA256
2f5a02e91fff4cd52974ff11b31f2cdd7c4b16c688ce81c0e42019e33d585ac3

SHA512
918ee1717ec81e964927592c9c111ddba8b88f8e3c1345e74e20788017c4ef1fefe20f24c9c08d272bb8d3087ffca562f3516fa4a9a8076fb66953a95f54edbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58121c.TMP

Filesize
1KB

MD5
f117c382c054b0f6b5c57e6530d13722

SHA1
e37696bc279baf207dd7243d112f9f7783299068

SHA256
ca592feb5387b4de9759e1fcabe72af03b4c54d383f46a008ff1c98fa6e837f2

SHA512
de68deb46cc164aa9b79482224ab32085c28af99889e3b5751f92921238a77dc6f54c50d941dba946168b4018b3f7e3a0becb93ace99cfd2086dce39c740bb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
271f79dc2069bcd0e68813d0f059724e

SHA1
a210d5edf352a5b49f87f9ee543baaf719179a90

SHA256
351ff8000df743ea7470e2a1b6630ec7f45dd97e0548e32eefdc7faa1ac84e08

SHA512
1a54590b9135651bce928dd82e6669f494a091cebe183a511d272b2b6c41dbafb8f77262cce10b15e596774072b63f62fa8283f3da573d91835f2b64423d36f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6f3389ddf2b6b375a7ad66653cba852

SHA1
1efcf1c12d902eb7cfac79779cd3b3639e5992a8

SHA256
003194964db3f156f1f4505b2848ef475134a4698f5a2fb07bc17b27e0fa3e05

SHA512
e9b4728e6d9c58259b231664139c634d18ee07415df1b8c7cdeb0f58bfc65988d922673d8df11f1a83950b52fe3e23ba7fd0a2b5bdd90d26d757cec8a15acd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e380754cbc949ffb1295e980c7e8dcea

SHA1
17b31e13b639bd9c6ce1e3a34b90d01cfc4bfd88

SHA256
4b55a1a3794da89524d8fba5e9c16efe481463ec1e9464e2bba7a81837527d96

SHA512
b0527d202114aee91e600ec1253a49c0c443d607c93e9cb5be18ea9098f07e43834a53e139b293d858f195e8ebcb0c9535881920150ad835d139e65252794f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

Filesize
77.2MB

MD5
cc7f12abd07e27080f689d1149590641

SHA1
c7f33b0f0d9db3863a6954d1d3bb28267cfa98d2

SHA256
94903317054dfaba8b257e5fb4745ee03590d0a01c9d91bdd9be885feb6d6e06

SHA512
585d2f8ac968be6d8df4e6569e8b509f7c8a283a16f1cabd524e3601ec31c8e2c8e60de09d949b15c7d818e93355e51c8a6271d176935d03733df62a393731ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup.exe

Filesize
56.8MB

MD5
009c38b41f1a00771f30c29a58071ab1

SHA1
43c528ec59af6f0cc536ee64b037cfbe55b86e5b

SHA256
f95c2245ecaeccace284981ed4b2e9d3a06e276a01ea2aa0b5f7fb1b25833db6

SHA512
0b295954f989b5ea254bd90ee1ec6deb01f9bc70f388522fa64bb8794a16b65b42a4a27ba1d20a34e7317a30466d2159e83c3fd1ef61a46d6a372d098bb338ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\OneLaunch Setup_bc2yv.exe

Filesize
37.8MB

MD5
5b1a7fb7181e6be4a865c49316eb7106

SHA1
1ce441a946cbc0c249aa1ddd907c9b4804f79907

SHA256
8092cca033363996b73abbc72683b7c80b9490c76f068acc4d16270acbd65bf0

SHA512
8d9e8a118727cf75524716a3bec844e5c83d350bf1578b04dfc23934d052cf0a408945b2b949d7c2956782609112f10026e88636b77249d789b43f03ab781ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0J0FF.tmp\checkmark-11-light.png

Filesize
369B

MD5
45898d8f9f466da1b6f47ff21d3fed75

SHA1
6566135e7f8098b9eb12aac882e7a57cb64f39ff

SHA256
7999903171dedab53305b45b098d9adde30532d290616adb9dbec7d2d029bded

SHA512
b4dc0d02a81f76fc507d28e427a844bf45c283b92c807d798cb09533ef9c3e69fafad089c7200b603c51fdf0f2b2d878b77abcc0334d9ed3bd7cfc3224508218

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0J0FF.tmp\min-11-light.png

Filesize
5KB

MD5
ae83cb00d3895eb95c9c4d0d88403147

SHA1
936954c807f179a4db43fda0e494af14c0ee8698

SHA256
fef9a507556a330f457eac557c0f430c8993de5b61638c455a3f4311b0bd47a3

SHA512
528bde4f156ddb7699e94ef4cbf4c9e00c2a844e4b985b73bf4e813f81f1a202122caa30ba4f2204a96c38ffcc49dbeade72ec938c16405e2961a7dbf526368a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D3EDP.tmp\OneLaunch - Easy PDF_bc2yv.tmp

Filesize
2.8MB

MD5
de12d5d8b75f6465bbe0a6768594ebe6

SHA1
1f5072a010c22f0b1ab9dfe752f4f5ccaf9de94e

SHA256
189e0c46fb03d6791635e0e545e95b60c08e4958c1473f94611164421fe57f29

SHA512
6481d19c95157e88a78602177949a69c1331b436b33f0b56d0173a485c913e5d1dae1c8b88c7e3c09a3a80af384adda72b37c440db2e0bfb49ddba79e28c8c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D3EDP.tmp\OneLaunch - Easy PDF_bc2yv.tmp

Filesize
2.9MB

MD5
8df1ba54639e5585cbc614d4b23daf68

SHA1
46491089fb7863c48ee1737b8a49e173a42c015b

SHA256
a7b36b3ddaff87957e2955888cca472c338ae651459c006a56b538f1fc44069f

SHA512
9bbdd31840c2ce540ea5f319daa4eb12cc5ffc74392ca3719f6cf494de3ac8d79560711aafe0a67a6a26ca95027564c504b46683a0eca828a15605500af8081a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FPLS6.tmp\OneLaunch - Easy PDF_bc2yv.tmp

Filesize
3.0MB

MD5
85d47f2a6d939986007fa2d190170e51

SHA1
0ec2d02eb26641a9086e65592d66cf7b02c0be0e

SHA256
20c2362e9dbeb727a15d1ac17ae8a450a4f0c71ac436c53397e9ca55a22f4507

SHA512
a9c406b776430418165e9ed2da319852ccbcfbd6ceaf6a866bdae1667ac8c440e59d9270122b530d27c14b2e559cd50ef9d23dd155b52e34ada97bfce04dfa90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JLN15.tmp\Win32Library.dll

Filesize
47KB

MD5
2bc86843519fb3ff164531f172a86c8a

SHA1
06c3375f00d73a387c4c9d1443e68af2e625159c

SHA256
e1673868c355fac124a2ede086d14e91baae9c32e3a3a62f8c9840ac1be3c99a

SHA512
2f8a9aeb329bb13bfe9906df3e4365f36c890c11de4ca05ce6fa0af09ad25ef6253a4ac98bc853aeb88b561b7fe5fe3c0fb6ee439715c6de849c8a403b3c43f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JLN15.tmp\min-rest.bmp

Filesize
24KB

MD5
c577153bb859664c6c2c3c45304257e3

SHA1
7c6a339789dd6eff769d57bf1203d6d9380c961e

SHA256
6a47789770b3b8314acb942093d0ad304e99e0b69fbb812d88921a421ecceea2

SHA512
7e813061b45c0e9c7452f71ab2780f560420156841e519c1cfe418426a186d05b255ab7d24dc8c77ee31b91083aadbcc2620c95386304f51b9332ea69471f0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JLN15.tmp\onelaunch.png

Filesize
70KB

MD5
d3110fb775ee7fd24426503d67840c25

SHA1
54f649c8bf3af2ad3a4d92cd8b1397bad1a49a75

SHA256
f8392390dc81756e79ec5f359dbdcac3b4bd219b5188a429b814fc51aabb6e36

SHA512
f6b79f728be17c9060edb2df2dac2b0f59a4dffd8c416e7e957bc3fa4696f4237e5969647309f5425a6297f189e351e20c99c642f90d1476050285929657c32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JLN15.tmp\pdf.png

Filesize
19KB

MD5
485cd5451b6a5e12380aa2e181abf046

SHA1
e1fe4637b2568aa8b26057ba6e653c0d37c8abc8

SHA256
1d227c280d121311a0c7ec32acf8da0ffb34090da2c4c1e47cca701cd8b32c47

SHA512
3dd90236103a52b112bfe4b90ba1bf985fec0d23f70f21ee7b2d677a0f29e929266fb1f2abb37e06a0029448f08e0feb5d4f8612115a7e81b05de0a5875a85f3

Download Submit
C:\Users\Admin\Downloads\OneLaunch - Easy PDF_bc2yv.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 432726.crdownload

Filesize
3.2MB

MD5
35959bd2ae75ce973b8b5211be569564

SHA1
93fd060775455887aca406f39a4b480d9a20a7b2

SHA256
8764acf87eb99ff5fc07e21a38fc0e93e94f1a0ab73290928fb10b426a44a09a

SHA512
2c1a97b1e3cc8f90a5e72a081fcc1a62013ed043c2943d1d5b66c5cb7f43e86ff3cc75cec17667c7b5f8dcb43d372a53f121db65b879a868fcab233f3ad7b219

Download Submit
memory/648-1886-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/648-1881-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/648-1975-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/768-1982-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/768-1862-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/900-1981-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/900-1878-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/2564-1897-0x0000000072E50000-0x0000000073601000-memory.dmp

Filesize
7.7MB

Download
memory/2564-1634-0x0000000072E50000-0x0000000073601000-memory.dmp

Filesize
7.7MB

Download
memory/2564-1855-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1888-0x0000000002F20000-0x0000000002F30000-memory.dmp

Filesize
64KB

Download
memory/2564-1849-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2564-1868-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/2564-1899-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1906-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1614-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/2564-1632-0x0000000008BD0000-0x0000000008BE4000-memory.dmp

Filesize
80KB

Download
memory/2564-1884-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2564-1633-0x0000000073BA0000-0x0000000073BB4000-memory.dmp

Filesize
80KB

Download
memory/2564-1628-0x0000000002F20000-0x0000000002F30000-memory.dmp

Filesize
64KB

Download
memory/2564-1661-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1636-0x0000000008BF0000-0x0000000008C82000-memory.dmp

Filesize
584KB

Download
memory/2564-1663-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1662-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1659-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1658-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1660-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1850-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1979-0x00000000030D0000-0x0000000003210000-memory.dmp

Filesize
1.2MB

Download
memory/2564-1978-0x0000000072E50000-0x0000000073601000-memory.dmp

Filesize
7.7MB

Download
memory/2776-1980-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2776-1608-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2776-1844-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3284-1909-0x0000000002F70000-0x00000000030B0000-memory.dmp

Filesize
1.2MB

Download
memory/3284-1974-0x0000000002F70000-0x00000000030B0000-memory.dmp

Filesize
1.2MB

Download
memory/3284-1973-0x0000000072E50000-0x0000000073601000-memory.dmp

Filesize
7.7MB

Download
memory/3284-1972-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3284-1912-0x0000000002F70000-0x00000000030B0000-memory.dmp

Filesize
1.2MB

Download
memory/3284-1907-0x0000000002E90000-0x0000000002EA0000-memory.dmp

Filesize
64KB

Download
memory/3284-1911-0x0000000002F70000-0x00000000030B0000-memory.dmp

Filesize
1.2MB

Download
memory/3284-1910-0x0000000072E50000-0x0000000073601000-memory.dmp

Filesize
7.7MB

Download
memory/3284-1908-0x000000006F110000-0x000000006F124000-memory.dmp

Filesize
80KB

Download
memory/3284-1905-0x0000000006990000-0x00000000069A4000-memory.dmp

Filesize
80KB

Download
memory/3284-1898-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download