hxxp://google[.]com

Analysis

max time kernel
759s
max time network
738s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 18:22

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
238	raw.githubusercontent.com
237	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Hexachlorocyclohexane.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4656	taskkill.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{C177291D-C11B-4894-996E-5B16F5042294}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	calc.exe

Modifies registry key 1 TTPs 7 IoCs

Modify Registry

T1112

pid	Process
2288	reg.exe
3936	reg.exe
5508	reg.exe
2792	reg.exe
4832	reg.exe
6036	reg.exe
696	reg.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
4920	NOTEPAD.EXE
4336	notepad.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
2864	msedge.exe
2864	msedge.exe
5084	identity_helper.exe
5084	identity_helper.exe
4716	msedge.exe
4716	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
6100	msedge.exe
6100	msedge.exe
5828	mspaint.exe
5828	mspaint.exe
5648	mspaint.exe
5648	mspaint.exe
5504	mspaint.exe
5504	mspaint.exe
6112	mspaint.exe
6112	mspaint.exe
5872	mspaint.exe
5872	mspaint.exe
5516	mspaint.exe
5516	mspaint.exe
5560	mspaint.exe
5560	mspaint.exe
1240	mspaint.exe
1240	mspaint.exe
5832	mspaint.exe
5832	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5344	Hexachlorocyclohexane.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious behavior: SetClipboardViewer 8 IoCs

pid	Process
1012	mmc.exe
5860	mmc.exe
5884	mmc.exe
2456	mmc.exe
1772	mmc.exe
5256	mmc.exe
3788	mmc.exe
2492	mmc.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: 33	5416	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5416	AUDIODG.EXE
Token: SeDebugPrivilege	4656	taskkill.exe
Token: 33	2840	mmc.exe
Token: SeIncBasePriorityPrivilege	2840	mmc.exe
Token: 33	2840	mmc.exe
Token: SeIncBasePriorityPrivilege	2840	mmc.exe
Token: 33	2840	mmc.exe
Token: SeIncBasePriorityPrivilege	2840	mmc.exe
Token: 33	1012	mmc.exe
Token: SeIncBasePriorityPrivilege	1012	mmc.exe
Token: 33	1012	mmc.exe
Token: SeIncBasePriorityPrivilege	1012	mmc.exe
Token: 33	1012	mmc.exe
Token: SeIncBasePriorityPrivilege	1012	mmc.exe
Token: 33	5860	mmc.exe
Token: SeIncBasePriorityPrivilege	5860	mmc.exe
Token: 33	5860	mmc.exe
Token: SeIncBasePriorityPrivilege	5860	mmc.exe
Token: 33	5860	mmc.exe
Token: SeIncBasePriorityPrivilege	5860	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: 33	5884	mmc.exe
Token: SeIncBasePriorityPrivilege	5884	mmc.exe
Token: 33	2456	mmc.exe
Token: SeIncBasePriorityPrivilege	2456	mmc.exe
Token: 33	2456	mmc.exe
Token: SeIncBasePriorityPrivilege	2456	mmc.exe
Token: 33	2456	mmc.exe
Token: SeIncBasePriorityPrivilege	2456	mmc.exe
Token: 33	1772	mmc.exe
Token: SeIncBasePriorityPrivilege	1772	mmc.exe
Token: 33	1772	mmc.exe
Token: SeIncBasePriorityPrivilege	1772	mmc.exe
Token: 33	1772	mmc.exe
Token: SeIncBasePriorityPrivilege	1772	mmc.exe
Token: 33	5256	mmc.exe
Token: SeIncBasePriorityPrivilege	5256	mmc.exe
Token: 33	5256	mmc.exe
Token: SeIncBasePriorityPrivilege	5256	mmc.exe
Token: 33	5256	mmc.exe
Token: SeIncBasePriorityPrivilege	5256	mmc.exe
Token: 33	3788	mmc.exe
Token: SeIncBasePriorityPrivilege	3788	mmc.exe
Token: 33	3788	mmc.exe
Token: SeIncBasePriorityPrivilege	3788	mmc.exe
Token: 33	3788	mmc.exe
Token: SeIncBasePriorityPrivilege	3788	mmc.exe
Token: 33	2492	mmc.exe
Token: SeIncBasePriorityPrivilege	2492	mmc.exe
Token: 33	2492	mmc.exe
Token: SeIncBasePriorityPrivilege	2492	mmc.exe
Token: 33	2492	mmc.exe
Token: SeIncBasePriorityPrivilege	2492	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
6008	OpenWith.exe
4116	wordpad.exe
4116	wordpad.exe
4116	wordpad.exe
4116	wordpad.exe
4116	wordpad.exe
5828	mspaint.exe
5828	mspaint.exe
5828	mspaint.exe
5828	mspaint.exe
5492	mmc.exe
2840	mmc.exe
2840	mmc.exe
208	OpenWith.exe
3560	wordpad.exe
3560	wordpad.exe
3560	wordpad.exe
3560	wordpad.exe
3560	wordpad.exe
5648	mspaint.exe
5648	mspaint.exe
5648	mspaint.exe
5648	mspaint.exe
1420	mmc.exe
1012	mmc.exe
1012	mmc.exe
4124	OpenWith.exe
436	wordpad.exe
436	wordpad.exe
436	wordpad.exe
436	wordpad.exe
436	wordpad.exe
5504	mspaint.exe
5504	mspaint.exe
5504	mspaint.exe
5504	mspaint.exe
5944	mmc.exe
5860	mmc.exe
5860	mmc.exe
5312	OpenWith.exe
3208	wordpad.exe
3208	wordpad.exe
3208	wordpad.exe
3208	wordpad.exe
3208	wordpad.exe
6112	mspaint.exe
6112	mspaint.exe
6112	mspaint.exe
6112	mspaint.exe
1428	mmc.exe
5884	mmc.exe
5884	mmc.exe
3440	OpenWith.exe
4860	wordpad.exe
4860	wordpad.exe
4860	wordpad.exe
4860	wordpad.exe
4860	wordpad.exe
5872	mspaint.exe
5872	mspaint.exe
5872	mspaint.exe
5872	mspaint.exe
6120	mmc.exe
2456	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1552	2864	msedge.exe	83
PID 2864 wrote to memory of 1552	2864	msedge.exe	83
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 3296	2864	msedge.exe	84
PID 2864 wrote to memory of 1860	2864	msedge.exe	85
PID 2864 wrote to memory of 1860	2864	msedge.exe	85
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86
PID 2864 wrote to memory of 2868	2864	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2252,7714388755835952687,13873187677795133174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4968

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Hexachlorocyclohexane.exe.zip\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4920

C:\Users\Admin\Desktop\Hexachlorocyclohexane.exe
"C:\Users\Admin\Desktop\Hexachlorocyclohexane.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
PID:5344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im taskmgr.exe
  2⤵
  PID:5492
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  PID:4916
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:2288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoRun /t reg_dword /d 1 /f
  2⤵
  PID:3860
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoRun /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:3936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoControlPanel /t reg_dword /d 1 /f
  2⤵
  PID:3704
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\Explorer /v NoControlPanel /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:5508
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
  2⤵
  PID:1856
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:2792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
  2⤵
  PID:1988
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:4832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
  2⤵
  PID:5680
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:6036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
  2⤵
  PID:5984
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit /delete {current}
  2⤵
  PID:1284
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe" C:\Hexachlorocyclohexane\note.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4336
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:3928
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2360
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:4236
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4116
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:5192
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:1624
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4800
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:5856
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5828
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:4372
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5492
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2840
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:5948
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4588
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:5508
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3560
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:2128
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4532
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:5836
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5648
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:696
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1420
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1012
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:6120
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:464
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:4876
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:436
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:3240
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:1080
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:2544
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5504
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:5748
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5944
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5860
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:2060
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4228
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:2208
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3208
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:4376
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:2384
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:3204
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6112
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:5752
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1428
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5884
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:2712
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:692
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:4824
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4860
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:1808
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5440
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:1724
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5872
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:5764
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6120
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2456
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:5676
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5552
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:6068
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  PID:5972
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:5572
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:6088
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:3436
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5516
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:1576
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  PID:5140
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    PID:1772
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:1364
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1424
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:3156
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  PID:5724
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:5924
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:4160
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:3728
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:3500
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  PID:4504
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    PID:5256
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:4052
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5664
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:1208
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  PID:2020
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:2768
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5584
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:5700
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:1880
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  PID:2664
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    PID:3788
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:3896
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1604
- C:\Windows\SysWOW64\dxdiag.exe
  "C:\Windows\System32\dxdiag.exe"
  2⤵
  PID:1696
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  PID:3252
- C:\Windows\SysWOW64\charmap.exe
  "C:\Windows\System32\charmap.exe"
  2⤵
  PID:4504
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  PID:5640
- C:\Windows\SysWOW64\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:1668
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5832
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:5148
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  PID:1476
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: SetClipboardViewer
    - Suspicious use of AdjustPrivilegeToken
    PID:2492
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  PID:4540

C:\Users\Admin\Desktop\Hexachlorocyclohexane-safety.exe
"C:\Users\Admin\Desktop\Hexachlorocyclohexane-safety.exe"
1⤵
PID:5532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4124

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3896

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Hexachlorocyclohexane\note.txt

Filesize
135B

MD5
ea548ab9c32ef92afc59651fd2a5ee90

SHA1
ca2460f051f27aef42d117897dfb92eeb5571165

SHA256
7e29cc704a0dd5e22cb9f09310dbc255dd3b432c9f7b57255647be8692e122e6

SHA512
c642853aad342e8f466fa413ae64d7231efa090381163abe80921dbd21a22c329b2112a5015ae217758be1ddc4559dcdd621196c7dcc7cf28e51bea28c297f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
39KB

MD5
c4f5a2c5002e359af0ae86ac63179eb0

SHA1
1903cf0fa83fa9a59d1fb0be9437cc02f64debff

SHA256
bb62ea8d6bc7060f675b25ccd05900c2a524f2d90f49a3aed484ef288298ba3f

SHA512
c8ed901f7b73d8d47c77caae4ea06f79543d523f12b6e3c2cfe75bccbb8346c3369adb6f8e760383ac370dc6c7d458a7d9c3957c156922091a0da1bad370c8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1.2MB

MD5
6419b5f60bc594c792974f02862e4c81

SHA1
64854cd60caa5cbb3257ea79319cb6d941fedc6a

SHA256
9b6671504152b77b40db54ac9d92e3213de54eebc7da4c4d67a5162ec2d35f21

SHA512
f0f061a9773618b4536bedc4a0ed03e1c4d95fecc25f0248ea57dbf7e9ae1dba1685c1087db4675877b35fb885460772d6c01bb71c88e13685e1674225e5a7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
48KB

MD5
b5fc5b0b6968ae9340b5a7285f8edd3a

SHA1
efbe5d3d60642f18afdd151cc41bb88518aefc54

SHA256
6d883eeb269ae14cbd3dd15143d6834d949854568e7ae2d73f59df2651ae6d3c

SHA512
52d006f5ccfd86b8000647bbbf3777f14af65e79458c5bcc75abc630fed531579070127a9caeae052ed0aa4f9cf894d0d69d0c332f19e858047075849a879d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
44KB

MD5
13dfdb97d281300d71c174a2fc77becf

SHA1
1b32ac412fc8590aaeb759a5b067c67ea82bf73a

SHA256
4faa031aac3076939c79cf9dea70086d5712461b0f41e24b5d6c2a40aea09a66

SHA512
ce0499f97ce4332f9ebb7ee7265985d674478a7c5af0c9728b6b1e88f0b738c6d57c4d85d4a6a62c6d6534d15d0aa2ef0f869711417cea930d954f0a32ace2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
24KB

MD5
a5bb3bb3eda1301f6ac876a49d4b2f62

SHA1
1786309cdc2fb5c1d29cdac00dbdf13711f19f3a

SHA256
316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35

SHA512
f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
151KB

MD5
9925449f7f177b427f80409e607b8ca8

SHA1
6fd91d1d15b128810854bd7e128d5c3244fb1aa2

SHA256
91817b7094127130dbeec54ac02351503246a0b7d01b496dbd50006f05179003

SHA512
6a2d22b3207b68c80dfa9a3594b8cd0845162b58ccecefc4303ccba97d504900529f8e629771c0179ae87ff5a4e3f8fc9f674419ed98973c60d0149bfbdee887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
22KB

MD5
4706a7442fdd39a4da3e5be65fd6d2c4

SHA1
ec12e6ad1c460b2df53d0f27bd10becb1bad22b6

SHA256
18e182bbf8b402877e45bafdccf984e66a8ccec2ed9766e1ce521e9f73bb43a4

SHA512
f4a4907ecac396dd8173ed2c3a9c38d62e83c93b695fa905e1cf522050eef413317b4733240b66a10585379e2b55baca2a792b968f10a4acd140525ffb539b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
69KB

MD5
3d45c1dac333992c8f38ef2c309291ac

SHA1
e94c99df0999bf80e47ad0732a629ee89b35532d

SHA256
515c04c4bfdceeb1b8799e26efa765376166e22a826cefcc11a0a703f6876a0f

SHA512
68729df01791dfe621c8f0e0d27d34065a8799670d6e08391d64c0a183e04e647a3957902554bb60f4c364575c96267adc8fe75a521cc50f6d56b5b0c856b6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
46KB

MD5
f0d81b309d4441d6dc22bdcb9e9e7d01

SHA1
77e7510fd01735991f8eb242a8a20acf5c7326d6

SHA256
90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c

SHA512
79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
220KB

MD5
c758a89dcfa620f9bc138930fe891ca9

SHA1
f68be6d49724806db8f0fe1305e6d573d21b47ef

SHA256
c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4

SHA512
1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
796KB

MD5
37ed6c63b88c0f83abb8aa80965ce359

SHA1
5b93ff23eb6a84b39b9d49277426e5ac14c9242b

SHA256
82f352691818b5873d6f3096920978cc0a41b6cc008285c944ec755c6a3b203d

SHA512
4bbcd6b9e2eb871669d3c3ddc791dae2a7c7ac0ec0e75b7c0eacbee471ce23ee234faafb972e5420a73ddf6c3f4854ced4582f077fb0b443c86dbd739417191b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
32KB

MD5
b5b483d38f560264bde7c9bad48e6463

SHA1
29d83f6105125b84ec9fbefcfc3fee2bea63ad7c

SHA256
35d47d81c0c908c38beec80690b9a405dd4803c2c50b686a243a70faac4ebef5

SHA512
cbabdaaadc46a472d5bfe83da7d0c2c7a9a77d4bf3fa57e91314434b59a84d587a26fb44d1d2d57944bd39619c099af7ebd77d42e0899d282780d3d951b13f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
32KB

MD5
f69ec88aaf8e4e6c8757a523eca2a6bd

SHA1
23c42b75e088886466fca7dc0295d0e3ff20568c

SHA256
a8ac8c6c9cae5af31953ff6be9933f5317856ed2305a921928ce21f87958f43e

SHA512
2b08955a87cd41a5cb97673eb086bad6049d388131813494f551d97ee95d5899a4dc4f9f3820f9a56c759cccf442ceda2c14eb10be440015aebb59cde48d5aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
18KB

MD5
c8c455ab19da7e8bb4696f87e371b9c5

SHA1
390a37075a618bc95df300b01e6aba12475a9636

SHA256
9471954c33755f2f04c4b15df89a61f742978a1c92b285a9c8cf3579495c2da5

SHA512
87e7de39d3a6baeca5fec54056f77303546d9947013ce936f28c9c32453fc3faf5d3bc6ecf229fe6f9e4ba1852956ad69d2e9f2d2a050ad88722a8697d800cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
182KB

MD5
c960e6d8e84b6319b567104f93b3b1ae

SHA1
cffcf94d7c71452df7074b9449188e51a2803f67

SHA256
edb99eeb632693de8cce9955bbdec6668ea6b5d5d025725e9510a879fa91f916

SHA512
3100f66b18d3f5e2405fb4811b3016852a665061d4a0caddcfe7299ca1212bbff4905e28d8ab5a87c818cc6f43ea12b98ce419bb6c56aa02e260edc3306e9374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
75KB

MD5
a55552f161b49edc154470debefa4f65

SHA1
63f7ff924b3c362671554beb4d749c532939890e

SHA256
56fcda6232121f4b5a05acfc7d71b024ae08252f18b8a6d00ec7955befc01d6f

SHA512
b9e4960357e322ddb2762b54a63286623bff0f22d0b6102905f17923a403aa65304ddb19874c7d112f9a9474f05fabb8792dadfc950cf156f8af19c0c677bac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
19KB

MD5
97f199034162b1283dbbbfb994def15a

SHA1
539f1d9814baa54fd3425ec0139f3cfa932301ab

SHA256
3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e

SHA512
ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
26KB

MD5
04e828bccba48dc32bec65c616caa180

SHA1
9d25e11bb9d00943bd2a9f4a9e9faba301019dbe

SHA256
57d1ff8880f9991163827758beb8b36cf54e5b105dc572383193cdf9f640ec41

SHA512
ebcf56546ac6d0c47d0ac36177fdff3e0836153fcbbe5e55a2a41e42767c6df6fa2ce0f505eaa9501edecce2d4862f6e83fbb61a22ef12388efe97e476a2b9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0714afdc3ab47c7c19ce6edb9831a974

SHA1
8ec216ebdd2bd99591bced9da0a064ffe2cdcfb6

SHA256
203473f158ae91841c697220377fab211cefd5ea8d9b7c171179c5e301bcf5e9

SHA512
7bfe067cdc46d2580f23cedcd8df86034df5b68370b2b007084acda7a59b61e57f873d0cd25efc81d8e92ce1c80d19980402f3f067e0b4ff538f76872ac6aea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
49fbddb3c9528616a6a2339531f9bf48

SHA1
c0e220e536c92f893c8db248cd9b777c2c07d1c1

SHA256
43ea815e68e7a1a5dc5a0db1ffd212ba691fb42bd4f7c6a252891da5d6ecd5e4

SHA512
df4a28f97a359395e0cf5e028f93c9742f86ef72f42fa927cf8d8848157371ba688bf726ab295012b2378af31ea49559aabfdc68deed6791bff06a1ed521f345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
59449ef25abe38888170623dc9d705e9

SHA1
f2b4da336a8a89d7b05193249c2e6c8404a9201c

SHA256
1f71c3705ff7ed17654752e20512383689745f603cd78a24b612140cff33ccc9

SHA512
71c87991132096d37aac025394478ba290d8e2429572a621fc9a8bae8694d043fb995fa9e2ab8bee9f99f2556fcbf7960ce23816ec67392fad4981a6c2c43b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
44e520aadd1e6b457b0691d4d026bbef

SHA1
2876f5f54db621f0ed48d70346683451a62e3374

SHA256
89e46e048eb8e88eca43dc2d77db23b8a01b501973cc6e67d911bb3cae32f194

SHA512
da8973b245d36100d980aad5b7af9d63a7b2f3e00873b9268c789090dcd15663ccc9850e1be45749b939271d860812efbf8f760b910c587d2d236d2ec98e4c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ba132668424cf6e261e09068f26351ad

SHA1
6b3c92605d819dda5ef524a91acb15cf6b3d5ce0

SHA256
214fd9d89dc127e77c550825c6f3f82104f3fd7fade033e9377b166f3c32bd16

SHA512
15e5e9d7104b00a93d64587526d8417bc1d1ffc7864cbbd292603046379d10573b2c6bfc69efc198c8f864d02c6574a3620941a3aecb31b00b1999cbfa97744e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
715c649fe0edcb609a6d637dd23aa2e4

SHA1
a8f123439fb720090279438c783b12ec97fb97f6

SHA256
3f85e6e19a9db14c145f613f3f41dc2ed394dee50eb3817da8e2d9dba90dd8c9

SHA512
feb2471ef50a6d9d4c2cceb7ee950cfb11b09e44d0e375a7e7afccbc0c3a3fd39fe929cbe58eb79e443725b5b0f556b75d9bee05a11060973ab2410d88bb1afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69116c94c8c31ff0cc44484c80b20055

SHA1
4d46d7688c7257108aa9005faf405c09e14f8ee6

SHA256
d486627b46585c4d9030cb1d4d9b2723db2d844aadd88712de4e380d031e4863

SHA512
efafa48dc4d6d33a939cfcb8bd48b70d80ba649991619163d806d068bd235075e623aae85f28df513aa26f08f5662a17c7ffb3240d32a100fbfd1a333c8bdd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c59decfd7154eff69eb5180797e65c4

SHA1
3ae1dccb0f360f78621267d9d4f8712bfb752740

SHA256
b5e655b91fbc1be4de25728cd7aa34c4aa44adfe2513bc558b5f49e1697b4491

SHA512
5fd2beccb6d41cdb706d05649addae55829f8c67cb169460ddcfbf45b8211d8574117843f8450a4e3276c19320952991387289598004a0db8ecd0cbadc7c2a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a8509c369a936c03342b7d52d692b026

SHA1
c70d4fbcf2f8eebd32e35f010ec561edf396f768

SHA256
1e4b16487314fec31436ead62e14a736838ec764fc2fa4b8e3ec203ad6681f8f

SHA512
21f693e6448bcf1f36eb755319ba122119e6cef3fb20a1a0e7ba4eacb07211401557b0f75a86660702d1ae3c2009ddbc26740ba0cd3ee1a4ad99432a47d13e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4dc7eccaeb0287848772002b205469ac

SHA1
aee0df895a0b2d87b7d7bbde47a70141980c1ff0

SHA256
2824467d309f9cf4bc0f1e8c7a7f1695fab155ecf45e718ad36e57a485985363

SHA512
b3d98746b20776e9c81747d90c5fbd01f272bfdfb015cf6d398a022198d2188e08b81a1ee7c41fc1d972adcce3fe29f578c6b4d1d8ad72f136d62585304d842e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cfa8140f2ec2d6d92707f867280d444

SHA1
dd9f1d8c36a310fb277c3e46f85daa2bd565778c

SHA256
f12804f43eb74982d6678190cd3f12f976af36cf609cb37df916118550d20143

SHA512
b60c473f266c3e309e3e1c32a3d6e073c164341148040fe33bf8264616efa4bb47635ad6e7bf63e76c3fcf11cac7704e81fbd8fdf83c30228bd90758bae6d67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a87511c7c48432bebdf7ca1ea7f1567a

SHA1
1e6066990c176b359036cbf2bfac3adafffca8f2

SHA256
77c51f3954e36c42f22189d761fc17299b2258c0b8ee81ddd6728826f394bcfd

SHA512
c634b16a9e24f64bd0e15c5c5bee5c764ead9b070eeea7e6cc17a33c96ae4e15cabc9e44a6171c3e4892be6e8634413ae6099adfc0838274bc5b8b00f282252d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80c18eba40eda7c7b31b782acdeb30c3

SHA1
17dbe86ab85c41ea19de497756ce3524530a39e9

SHA256
29bea6648326b7796412e511cc90a098a45df97ad1bce5bf6b7fbfc1e52eba4f

SHA512
f5be305fc0101cc6b041e87ad5b533eb7cafc7df142425a4477ab5500b4af5f59efa6564bed6be0eaef22d269666bce0cf69648e204e2f410d288a632abcd0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
093cecf30275e1eb4cfab36c0f2e5642

SHA1
b7961046fb6a19c66e45ff8cb168db08a230daf8

SHA256
cdf541334eba9ac0a85225e5d229a85cda8e1b1a7f6d1fbc8412a9230276c6c2

SHA512
f5553a464ffb067a0fc2841ce8af0aa5edced7d65bc19af91cdde5d628f640c33a119e66d0fc2f88ab988c861e8f2784663b501f7be10861b04c26e956a311db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a314f8f2e613b60f0c7cd5e4a77a3e23

SHA1
cea6c75f58d6dda3dba127dbf60559d347e3ab36

SHA256
fc5bce113422451e8e53dfe08037cfdde03c4fdcabbd3d85cf58bf0cb4315c53

SHA512
4c3b04020d4a49a9a8bf52dbd831442675d49b9d1653146715cd56fbeefe7b9da0ffd26bd95eba9dbcba57bea2922627421d46e4ed806e2beb14d04cbb452e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
19e2aad9cc2694b52d1619bbedb3e5a6

SHA1
599e2c804a31d7f0bf3d36c970805a0a7a080814

SHA256
4501fc280f08ec3ca863861936df6e2b54e717a90b641d86306993ef4f48bc42

SHA512
07189e8f53fb57c5d83cadfbd81766466f8c29541005066cfed2f8cc4bef2e48da211e8329b4342066998150bda94b7e9fb41667cb786822c3a0b963d1c7a2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5dd993cd04aaddf47da7c88307637860

SHA1
02c624789b9c97c78a05d78879f33f4af2863024

SHA256
42cd984e8a049b0682c687de5507e3e37fe2253fbab9fe35d2d3abcc5e26b896

SHA512
261e94909cf58f5e56ea041c9f45ff7fd1298dc3ab598c04ff88c758bb64edeca6b94aa703e19cfb0ed0bf1e95a32bb0dc14d4fbdf7a06f9e2fb4142124ddf8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8afab4938895c92694187f799e8671e9

SHA1
311ea38bea6242a7f165c2a0799f904f3f5ca20f

SHA256
2c78d1742b31f2b142531e8b9e23939a1361d62f74de9816b9419daa1594d683

SHA512
93b1468f1b62fec1dead35785eaac468163e37b8a7c8cf76e0b7b804e3343c82f866593115d60a0cc3977e87b8fe71d94b568261735fba966a26280273479c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
89b47ea8db8e9d4207cf4f0989384f9d

SHA1
84c5309250f4e697597cbe3d4f2e5e20e870347f

SHA256
907de583b83e00a7d40c801ecfb46766860eb159a233c7e1531a1363f36272a6

SHA512
78edfdb3dd7004c4a4be83d71d907378389811b0d630ec2610b8ce645f409819bf167b6074efd8636ffe27aefaa27ea16ee3ae407137321544b7a89e2b2bd402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9849694f-bd97-4f42-86d2-601e86c91bfe\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9849694f-bd97-4f42-86d2-601e86c91bfe\index-dir\the-real-index

Filesize
2KB

MD5
e7832628deebc6db865f6c2e8367dbe5

SHA1
b6a7e08078c79bf90a205fde22b1ce1b0ae9a8f1

SHA256
a863905657790fde9206c5855bcd3a912a34c087bb77d4db8399fa3beec32778

SHA512
72694cc2ccf7dfa679155450fef3f99efa4761eeb007b614080910b358b0a5d7e48f694c9484abb440fbf30f7b6401aabf41d553f00200f84318244f87abf452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9849694f-bd97-4f42-86d2-601e86c91bfe\index-dir\the-real-index

Filesize
2KB

MD5
008adbde32ef96a2dfb0acc4ee8f5878

SHA1
8224abc82221fc2c0c8bef0d1373ed4912980278

SHA256
7e08894254c8b8d03193b1c0b9d4a5bf6f4b0f8c008895523c152e077c1fd4bb

SHA512
0634643a1e5ded5088f98199ac8f22cd1580f75f1879a525edf0f3c82d469b2210305f2c565c2fa53c84057be98445566b548bec2e2606d1c057f59d4f8e13ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9849694f-bd97-4f42-86d2-601e86c91bfe\index-dir\the-real-index~RFe59cac8.TMP

Filesize
48B

MD5
c87dcc74ffba2435c03506113b81421a

SHA1
506a5d4dd9edacbed3414dd58945e28260e559d2

SHA256
f76c358dd18936058cb5c3efc8c29c0002839e1576398061b4534c1a0b97b80d

SHA512
ea31bef5398f81c1542e06467d8e348963bb41c30535e763264a5a4abceb3dab22b726b28a991f3c58965d45f041f706fedab90a727ffd064b2319cf41fc8d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b9921d82-65ab-4cc3-9472-5099875708d3\index-dir\the-real-index

Filesize
2KB

MD5
f74239ed850480b5366fd08f4ed058e0

SHA1
6a0aa7a8ff992e678104c1ac9a4f1d81ce61ef6d

SHA256
a47baa50f0965b09465cec458a85ada95bb01722f475d5424a7cc6b4efc42180

SHA512
8a8561ec3e8d78b0da5b3865332c8108b484f8177e7d2c399eb2e905476cdc698f79c0e23054f04c6b9af2926b937d84f819b734a01a2b6d901a46bbfe29fb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b9921d82-65ab-4cc3-9472-5099875708d3\index-dir\the-real-index~RFe594b67.TMP

Filesize
48B

MD5
d79511488e847fa3fc57b2e62b7e3225

SHA1
076da73d0ad0092f301d0ee46de9f97b5c98c688

SHA256
9107eb490e9ec461ba938fbf20883d33cf01b84b952c9fc9b61d89063fe1ebb6

SHA512
ec3be07ea297aa0f5f98b5c37b97d565bb104186672a2c76785329379a357d762b110383471484bd1006e8e9df8a07dd936ca891d1c2e6d205e5b301504f0444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfd02210-9589-4d0e-beae-90a20881ae31\index-dir\the-real-index

Filesize
624B

MD5
6de0c74624ba9fa038bed6e9ac47e75d

SHA1
6a49a6021a518d255b1f18f18b6059ac8ea88325

SHA256
bb523a91dc9d61f1a88d4cf17471f1441b90509b3c9418e0fce85a624ba95aa7

SHA512
793f05c235cf236efa8c59f64bc17fbd7e89176972678e27bf2a48a3bdf9a9eae130da785cc3af97481f3957d7370e26e148f485710ed9d1e3361deda3bdfb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfd02210-9589-4d0e-beae-90a20881ae31\index-dir\the-real-index~RFe59b28d.TMP

Filesize
48B

MD5
50a2e5c574b5f4974cebb14506f74eeb

SHA1
c115e6aed98bc0bbcdd1299948a9941bcf2cd623

SHA256
8c0973ccf0d297cfb699b5c91c2df1b9862eb111b5ca6383c071e84cafb54beb

SHA512
c5f7b54af02793703ed4e17e86b85b8d0700e8cd306048f40343402fd048556a953a7b4812b2ebc95ca22205fff545525bd9886a7428274d02241af178869e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
bcd567fcf6883244b53eedf04eff6965

SHA1
00dc175e816f27261081b930a326aa3654c879d4

SHA256
604cb482de3079aa9239cdd3068da6f1559047e9ead60c969c19f4fc32739746

SHA512
9e21c6cc50380592f345d6425b763d90f23ef4a3b10dbe6d583170b82c140060977ddf5fdc907725a05f92fd26b12201015e14994761a2387fac4f19706d247e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
49a432017f28b4400eade7115c465c8f

SHA1
6f0764efb6fd77376e7ddf5c361b012f92b8f454

SHA256
6535712e05f3e4c57452c97c6d655d003fc5df4eb4c87c277838175dd80470fa

SHA512
f4b803b8df30c9539c188c64d6c32cc261d57559693b858f21306a7cbb5c66624699000d305c0c33d9bca97f021d80ae2fe2294784f635021de104a8a44df815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d0c22414350bfa8138591de0bdeea760

SHA1
76aa2dc14574100c47cad2d1b29d501ddd0721e0

SHA256
65212bfbc78d1ab37e4bcba3bb0bd097988ca5cdd4590004b34f10df1f2a5ddd

SHA512
21a54b290cdd25e96d3a35e62bcd3829823d28f846aa59ae35a9eef855e2aaf1d37ab8f02dfffeb10971394d41c0465e0af0a6fc55e03bb81b3fae3a48ba600a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
4e5df19f5b6bda71fdf698ea7f166b93

SHA1
6b8911e0bf6a948ddb6c12686d7413db20d59c00

SHA256
5a91cfb7ff6925cfffbc4262fc0ea25c5db4c3e843fb9a6d4b9a718e85ce7233

SHA512
f306c1295aa6818934868d6a11e5bd6b28b10ae3de8c63971924859e70ecf5067c86e01dbe7789342fa1a009f154deff3c169617f6bb7ef6733a94abbdf37bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
7d74bcc1adc4fc60fb4846240249f803

SHA1
a8f9d5dc99f22b66921f609913a9451bb83bd627

SHA256
418f583536b3f5ed20e75a8ceaf73dcc986269dd17d99ce85273017a7e7c5e77

SHA512
7184587489b393465c89e04529c6563314973b20db48bc78121d2f6b4ab8d234f0a9590d51c25fb021263a7e20ed0b6ea61f267f5a881b304cdffbf2ee0b8365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
2615d0127f11e1bd49b58e9da562e45d

SHA1
c63e5fc35c5eb1b394bc17ea089cc07a47e6d11f

SHA256
a348b6ccdb0c985c03661da4ca1988020cf1964ed948575ac4de5fab595a6e85

SHA512
76b3f409efa883cc7360e3ff88742f0ea15f9baf3a05b50ae12b8b96a14f2fc665233f62a2b65a0d4dd24a9e1fc579939363deb0ef689fa7d57e5d0e61748e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
919376249216815d01ce6055775da7e2

SHA1
09c11218542151b0ee7842ee3f6abf8336abcb8b

SHA256
ea0175dba6a3ea4ec865cbdfe29f714b71393e8dc8d424c0593b363f24da2115

SHA512
50155e9662350dbeffa146c8d5bd86fced7e3c801b1dedfebc485941be7dd3782f0cac92bb5b46cceb15e9a362eaf4620e39b499c3dc3f0ff6dcc907b1f23ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
0ba006118ecd6d9f34cb82ed17bf5be8

SHA1
2ad6e9092e79f25b4bfe927eab94d8d2ba64295e

SHA256
75773da83839bf7c4f6ef18bb611977acaa451a946f465fd37b51dbc7fee2821

SHA512
2b064caf754f51a70376fc1ec18932afea548df59d026cd2e7c5c01fe69a2299152be0fcd9d7ab7800e27bfb4e3a12b7327baa0de7b921556febf2647aa4788f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59387b.TMP

Filesize
89B

MD5
bd330f9fdf31174000f9f38af1bf47eb

SHA1
3b52b9f78c9ee5ad04de83fae8c4ad131fefb842

SHA256
f79ffb36277e894d028f69eba6e76ec555869767b09b620e16c0c5ee357931d2

SHA512
60822b34752057919ce565e8452ca66dc7393dfa4e65be8d4b24c510e20c8d554e8d19a35afe60a96c72ee618b9aafd149dd47bda71c08ce0288942d7cb0d7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3f3ab7885735116498e118413899a630

SHA1
359a8cad44f9c20caa642a76d5a1c97d7bceb240

SHA256
479402b7de85a276ba48c28e240b151c93868e083bb4348b0a590154a8554aaf

SHA512
88a2494a7ec9c64b878b1814f432b8892250de4e447a7cb85afb2da7825ff325b095a826d7659078a05cf9cabe5130046b9c966dc5177ae7ed017561025d3175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59a195.TMP

Filesize
48B

MD5
de4336374ed7ca8f60ceaa42c2c6e8f2

SHA1
d36436cf251c9274624aa14439c2ed01333e4770

SHA256
772e88e8494879e24281d9d7d4ea8b97ea028f87e9ef7db61bca9c31dd2f74bf

SHA512
fd68e0c264d1a6d0965a4a3e2aee7aaba5eecab9f6ad9e30bd0398f31187b1758480deff6e256244c275ce2231e351d84373613003151f68c46c74d721f1d2a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45dee34ea187eef850fc96a44880118f

SHA1
bc2ef815d9ec8f5d8824d8b36ab8bd50a2b7d89d

SHA256
a0e4730736aab4662341528cbc4dde32378ce54456ceb30b7a66f6c6ebc3f420

SHA512
10b61da7ac77b9420f0fcc36491963d97153af132594837a9fc6f3736a94fded4b020e17cad7a8e12cbf11f8cfe37952157091222e4afde13266f60acc4bf470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
120caad11150811c3cd35f99dc0582cd

SHA1
87ceab9b105b118e4ba0dfbcea53154e37cfaf0a

SHA256
23e0667ebffd9af579f7e386d12e0265bb66603d2495c9a11c11d07c33dac1ec

SHA512
2f0f65f9c8cc4bb64c8eafe701fbb29802a3a19404a99ee22d4723d6a7b7da1d21e9f929c39c4deee16c26f3b9c0a630506eb452d3e414d91502c48ae3f6b2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68d8c23a1bd151903dec01a77ac5ae42

SHA1
a515af97d99bf6ddefe7e086f952074062cde9ce

SHA256
d8b3832b4468b0b95103aff53bf16661edfbd75ff2068d80a05610bf986ab1ed

SHA512
39071d1ceedba66bc9b1f4c58afbe23e9a86a386aca9ee540b2e073e167f18b7c5ab9666ca211700f9c2088dd8c399d2ad0d0b7b730daea7179c963496886229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9d003b17d082d56d8c8f55e0dd07172

SHA1
31d332f73296a46f6c54ac6f0dc5804fd2851c6a

SHA256
70558bb8c6bb5ff780d1595caafb090c0c52dc05d2ff705ea111627e68477f4b

SHA512
f8ae25ed3097ea68ec9875499022327d3c063b0d066eb79ba8595f372f957916c43e2c2648befe0548ca03ccf7407720a18aa8e175f245db59dc16394890f71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a889234a3f596ee38eef96ff66408aca

SHA1
63ac281d6a66573ba52db9dc6173e70a97d6a24e

SHA256
2ac9cdb15cd763147058831ceb6cb33deb3fb43f5638cc87f5f877721f276a91

SHA512
0dcb958282467f35629b55fae9153ed1b0d181ba79d59e178cc7de4e7ce1b22ecfd87780241670aa09e73a0ed87d6df9ba5b3b8a0ca92c1c3abfb1c655ef3abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2df706de069a8568e8cf6309eb4c12c

SHA1
0823b68409381f36c2eed77d2ea196488d237d39

SHA256
1a4358af893e0ba9ffb8833355c5bdac91f15e2b52458a6c817cd4490ea7e2ac

SHA512
c482932e5a0fa0ef9d0d94dbe8a7fbbfb29ce332dd140823f6c89e416b55d6313842cdf832a4398c3a0c6ef473c1dae849b435db35ecc948c3d042a71c06c320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
273c6ef4d1cf9e8d82f375baef1e54a0

SHA1
178e03c8674db19d6d382c3b6b94672815f3aaa7

SHA256
302d96f0c2eab5326e5085466605960d06de4a6923cc3ef91035e33b9aa92c94

SHA512
190f3789c6daf29370e29bb4cdc9583550602760b7191ffeda6b6535ea1509ef44b2e7d1327de28e71bcd82e7691e3845d42713fe914eb771d8368bd370e3ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c77c9b75c92050f18e7c7fa2f41fe1a4

SHA1
657678ac4247f3eb068becb8b9ebd9877d3598eb

SHA256
440e2f1e5d2c99f420c72f5b7060b1777a23f55617c91e0c77bcaca962077720

SHA512
e8bbd00dcd5a6fbd12a3b61a8a75f4d706553933dbb08f434dca0e157174b93fd44fb492e60acf11d8435bc54e13c1ae41682e97e8221b514bc36d352392e566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4e51d92dfecb85a929af805634d826d

SHA1
a8011e94931c11cf41b089602869073ecc4bef54

SHA256
8704263b53759a2e529bf8f103d5015e2673e7be51da26da3698a051ce97d72e

SHA512
c9dc95e6c33c128200c29b048352bc1d4226366f8a2959f2f6156c8a1f5dc37448c5f06cc29b8ba2831fbc2842db52c69c76e095e6755a9cf070d3ba2eb37281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54c329abbc92088b6d9dc148c8249811

SHA1
9d81898d0ba6d7b6c67453a1c71d8000c40a99d5

SHA256
34d0f16ace19637fdc97b32d46a656a4c6449239517da1a788f7c072507b84f7

SHA512
5fcbe6e2ed8244d7ddb9102b16381c7f5445292157699c6a41e52cf16eb9f35dad94ae0ede96cba0c448ae0aa75e66589efc44985c7d15d48c451643106f8da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c67f16e9c94106a7c60074c6aa279861

SHA1
b8a5885756da96e84314b5df89375d3a91c3e839

SHA256
45c585ce6dc926d5168198b9333e09833475930daebd8f4198142412207c6985

SHA512
daa680f5f0a3a9a6fbc1851588e0b16b3bb3222d52ccc08a01b59c7ba637fcc9ee6aa426533ae177832757fdd333b54d5469f48bd599df8f0db9651cfc8184cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0af40ac0564f905b12b6041d7018c9ea

SHA1
3875c16ace40478c1634656176481902a4381aa0

SHA256
3e2751429103b6187aa8f8d6db37f4cadfc34d67b07897b9c1546b0ffd3a7349

SHA512
77b466df81e40a365866b328c3481053f5560fddde935ea22cddc985fae906e706e8dd8b6c799d32154d56df6341db4f9a4a63e07769c190e67073c577152466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b24fd540bbd67de5e9dda4798870acc

SHA1
f2411bd0144ac52176d87ce07a1f2d668d51d88d

SHA256
df6690e3116270cae807d2e326b3edcb47e3c1da7d51f28200d8dec357004071

SHA512
d6b392b4765139249b637510316b42465b1b74ee49b43f78a3eef759ac266492a706f5b5fe53f1763728bac1c3087a05b5e474ccb7291ce7068bcb94fbf1242e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
82e338ccb64ad70ec5fb333f83dad41a

SHA1
2b74721c783fe1640bb66758d7fdfe3b6b6e5c7e

SHA256
a29c677c009b995dd70c0ddabf2c7a82abd0dde763e4d29871b5037c0422e6e1

SHA512
79a5e7f6ee00675cc6dfe13a778fc5d73fef32523ac75299eb6417b9b9f28e935011779293a3c063527dc5552d61d62247385492a25432483141296488b3228d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cf40413bdaf5ecb96ee6205ed138499

SHA1
5d59992ccd29d54843ebc8b2e98b24d1f8ec9e9e

SHA256
ee45d21f774c77c1f57c3f86249db6f7d080ca5ecd76dc72a93d62526096a608

SHA512
d365e5b9ab7e221d9a95fc5efc80199230590d67dc3d3becd7a7e6c43ddd66014d8ab2bef29828b93c568128ce106b6d7b8f92e6cb1c20e7f1202a448b54c452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63d549d4ce2deeae87b7f7ad3f4a7c0f

SHA1
bfcdde4455c27f0bc634c63e04ba60bad32fecf5

SHA256
58fc7104a5bc3db20742af023e273b881d4084def60fee8b2627ffdadc70345e

SHA512
1bb54464d46670e917dde55c7ff6b25869e6e4b2dc435defff457a5ca260b8bf2469594541f59cabadcbc6622cb6ebdd15c493dc9c94c3115231af849c2c539f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b2b30a19fc81c07040f3d3c8537db435

SHA1
118fad93b6942b99ebfcb0fc738a0d15b6595104

SHA256
2dc59cb68f0dbf9dc208525536d76a401b0f3ca5e1a577a299acce5cd5156e3e

SHA512
dcbb0e2727189a2988570d00d0318e1c6de0b2aa834c59a8e7ec07cb0a4ef7a82f8d7216c320230d9365b05266ca1eb7856d7e85ca90d9985d701238125e7130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1899f3b8cab7d87d5084076f3dcd76a

SHA1
4e1efc1571c1f0ca1f494afbcd6fe49eed660cd9

SHA256
afc389199df8a1f5789764e2c6201e7d887a41bd6f617d95705460f729494208

SHA512
a97fa004787d0469f806718430e9b0586f8ee043e0609a2195c803ff54c47fe7d5041a1e31600f348b07702aa1f88988d87a89d458b19f6fd50abecaf453ab68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b16e.TMP

Filesize
204B

MD5
04543988aded36eee0c73dd241c03684

SHA1
422ae8e51251d04e5a919750ce8d0fce6a410725

SHA256
e88f7e72d68f521cac1efb314bb4c18334b7e6458022c71e55301c2af4dc493a

SHA512
070ba028ef2b3984080dae08356495b60e8ccb6c2932d2ed947aa0a467d74a4d97b3ac5f60a062a0190bd744e3ea0ad93a68a7725a6451f31106400cc34998e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
088737ae3c2220fe9ff1d12a512e77a8

SHA1
d7eef092a0fb5561e1f1cffd1586ef0510814ed9

SHA256
a439635183435c7362ea7211a685898a61233320d4ab650eb2d069351a793bd4

SHA512
858dae3852d33c763be2e3308d9838e8f87fa63f3135fa7b6896dde6f2cfbbd073fb099c3fc1f81ddd56c99fd9796c1b517b4a5b6553ae96cabb10845b3a9e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ffa5e62f37eed72e25c8d3ddefe02b20

SHA1
8ed17291304ba103e9252d74850cb7bfa0f0d831

SHA256
84fef6fd5be36edf1cf26e4cf41658e206283c0023497b402d786b3c8c290f82

SHA512
fb16d37f6765d2d61b06eb79dfd578d43c8009f49cd1c112eabb045cc48782bcfb650eb89374ca9472e05eb62d5306a94a3ff2757b994cdc1d25d04c3dea5447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
002d40d0f875a14da1245271bff0f25b

SHA1
e020a296b0f4db479f6b6af2b09be90e7d80e0a3

SHA256
bb5d29f9aef34d9b27f27c96fabfbafbec11737cf0e40004c57d70e3cb52cc3c

SHA512
b9754fdd3147b5562193ce5c7028d17fcd48dcf1a33bf07884e21e58d1413c64b5560a87973749a222de2c367d1cef337bf0031d173e10589dcfc2e9d530ab9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dd05e3efd60744084d87be99bdd1bc81

SHA1
593fae0cecbdf04b28d23c718e709eca9e806233

SHA256
343c01e3e7efa22f4fe75dbf72e7306b8c19155be0f1e6bcb2af37ae91043476

SHA512
5309788169b13ff04a9d22e862e9f77ea27ab3decf4e769536a9e2567b9a6591dfc4721d943e79e0603c357b28b4c9cf6eeb473d1a856af9dd1f0867964cfe83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fdd3cd5faee0586f4e4de15b245c5d36

SHA1
78a94c0685a18cae00a208df05aae8f36e879e11

SHA256
597c0963034f54064d13a8b9bb5b1ea5db108c641c089af381c71c5185ee93f1

SHA512
411af920596d1c612e615027623c9f915a4dd808d1671e5e473d7d073bb17d4565628d61d2cd96c4cc0f342a476c77ab23c4dc77bd6c3e83528c5d39bf93a78d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9f93151336ec047beac9c6ac5d1b09f9

SHA1
3bb2a16fc01e40967e40127229cdbad9f60f6a9d

SHA256
a8238ea993507e8427c6dfeaaa89acf18abcd7b26dab77b9605920ca792188b8

SHA512
01708d92d2ff90ec9a0a2af3bc84ab1b12afd18dd1f8e1012d6b0191a8ac7b11229bea5cf6ebcb82e09660ad967f2563534735147c1c392319d7a0fe46f7bcb3

Download Submit
C:\Users\Admin\Downloads\Hexachlorocyclohexane.exe.zip

Filesize
128KB

MD5
58a598fae3d8704c7f0e078b79bb652c

SHA1
970798ecdf9a3f10339de094f3d5a8f5dabb7be5

SHA256
efbbce0316a92a5fda21196ca0e7ec73357f66c0d4d05698c3133f0a32b0e1f8

SHA512
165e447505d5a7650f90617fde0cdd02071b504a9dfdb573a2fdb874639aaf1d25e6bae6ab71d522178c94ca55e9c3664b96295cf73fbf38ccae3d120628dd43

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
1KB

MD5
2f5b36342ecd0539c990efa4bd01d7f9

SHA1
112a49b9d2906fd1330b1856626e54ccda4fb080

SHA256
58a08c434a287b95f7c21a6375dc437f8d81a76721397974d7587467ed2ee143

SHA512
905d73eca0bca5febb55e1b83cd841c5ef9e30c7cde690418f5795bc999fb9e4016c1d93cc717638a9f2b383160e9ec4f2346e73faa82f1c913d1f2efb83fd12

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
2KB

MD5
f577ad5a5e494f5a9bafbeababc51edf

SHA1
1a7c972bbe448a48632fc805fa60d7f57d8d90d1

SHA256
46acf37e6456ca4b0d9c3cf19136869d58473c8b6918b7e5cb3abc053b7b5a2f

SHA512
6573f24598e8689cfefd0a30ad747dc4c6721ab286a5f24dd347188bc07151cd32969856365c02d51648359189c98efe3000f9007442ec0364690565c4d19367

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
5KB

MD5
8bc3f80fc2663e5c636b0831e79f71e7

SHA1
311939673a8c93b766a6abfd1ba22028f465039e

SHA256
93363ed1ab71d01b8b190a9c26bb30e4df6193c94952550ea4f90bae867a8156

SHA512
e07b72815e9a1172098c79ec8b731b77786149723d61a495c999f70d45a156c9dec667b30e83ac74a8d707bf60dbe7df617a122c7b186fb6d11aea9e4fec65ba

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
7KB

MD5
84ecc6be72d53a4f5892abb2af01a1f4

SHA1
1cbcf60ce6535bdcde57e45f270b56799bcbd0a6

SHA256
5c948283a272d0df468b7db772352114b99fe36604f55a957a1067537b73f9dc

SHA512
94290e734309e8081d0719cbd68a3012c46ba4e9529f677139aac7c16467f51237f8d16ed8c33401cb28d7a8a3e1d189256166c4a0c9f6faceebe987ec31d8f2

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
8KB

MD5
8f7c17bde369dd1b6c841ca6da7dc507

SHA1
05e1f9bfc85a7b5500029bf1a8b848d5fb6b8723

SHA256
99d5010b9dd7e1b8ffd4fa3018aced074a202a81f9d8c5608d46b6b3ad6534f8

SHA512
f5293aeda66b03b310e93f9ec683eead8feefc7f3c70d49ed031e007a96d6d5a31a0a56b1e7945e475025a2f6a62c436966595dec48a4fd0afb57e0284c8f3a8

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
10KB

MD5
2a594edaf8952078c96e8f233df69213

SHA1
a9ca4a86d703edbfa3bed18845beacc794772ef0

SHA256
7fee50a915666431b3d1109a9d8153207aac841780c749b389dc39d9edce0e83

SHA512
9cd07af8ac08c9146e156e789a232d9985b51f1add2d25b6e8a2ec1f0152ad4cc428a112123a0b75bcdcae0f80a18753bf1b5e360aa14862eda907c34f8733ea

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
13KB

MD5
6157963bc6fa3576914304c8af58359a

SHA1
022310211de2ed26adf9926128c7163950ddda03

SHA256
422855268a5dabfa90e20f9c046d585f4304301fddd9e4120df4d070cb0ea7ae

SHA512
e618378df78f7ca608d199974d828f4ef93b3b9c899bf65fe66cc257c1d64bb50a6c4a21771877892e974bfe27e2e565d6244b6e950e6fe5611ca4fcb63cbb6b

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads