552941693c73400e44199352fef514eab6edc56a80894f0b60def3af713212bf

Analysis

max time kernel
107s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-de
resource tags

arch:x64arch:x86image:win10-20240404-delocale:de-deos:windows10-1703-x64systemwindows
submitted
26-05-2024 14:45

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Monoxid.exe
Size

305KB
MD5

616861cfda9ddef5b3fff0090aaa45d8
SHA1

bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6
SHA256

de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e
SHA512

98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22
SSDEEP

6144:fqKyPmBLp8BMLm7+r9oN/lOi9E3AAqgm/:fqKWsAMLg/lOi9E3AAqz/

Score

7^/10

bootkit execution persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

pid process

508 潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

description ioc process

File opened (read-only) \??\F: 潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

description ioc process

File opened for modification \??\PhysicalDrive0 潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
508	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

description	ioc	process
File opened (read-only)	\??\F:	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 2 IoCs

Processes:

firefox.exe潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Monoxid.zip:Zone.Identifier firefox.exe
Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

10052 NOTEPAD.EXE

description	ioc	process
File created	C:\Users\Admin\Downloads\Monoxid.zip:Zone.Identifier	firefox.exe

pid	process
10052	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exe潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	2848	firefox.exe
Token: SeDebugPrivilege	508	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Token: SeTakeOwnershipPrivilege	508	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Token: 33	1328	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1328	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2848 firefox.exe
2848 firefox.exe
2848 firefox.exe
2848 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2848 firefox.exe
2848 firefox.exe
2848 firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

firefox.exeMonoxid.exeMonoxid.exe潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

pid	process
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
2848	firefox.exe
4028	Monoxid.exe
3636	Monoxid.exe
508	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
508	潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 3588 wrote to memory of 2848	3588	firefox.exe	firefox.exe
PID 2848 wrote to memory of 1756	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 1756	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 5112	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 516	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 516	2848	firefox.exe	firefox.exe
PID 2848 wrote to memory of 516	2848	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Monoxid.exe
"C:\Users\Admin\AppData\Local\Temp\Monoxid.exe"
1⤵
PID:4156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.0.1729725302\946549250" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85ddc8bd-6934-498f-83ff-f7163561d420} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 1796 21a6d5d5e58 gpu
3⤵
PID:1756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.1.2142969686\1114487570" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12150e64-f9f0-4c50-bc39-b3c91f5507c1} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 2152 21a62472e58 socket
3⤵
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.2.158685845\139251359" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eba5a04d-14f0-4ee7-a25c-b44c5b5e2b0f} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 2792 21a6d55be58 tab
3⤵
PID:516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.3.165922426\265397435" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3424 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75072231-3d99-41ec-9eba-6ef59e7d1e2d} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 3448 21a6ff1b558 tab
3⤵
PID:2244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.4.1290505023\448776256" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 3436 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1675b615-654e-42a6-b6a7-3cb22f713d08} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 3908 21a72ba6b58 tab
3⤵
PID:4340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.5.481537491\691218404" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4844 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b2f75ef-fa4e-47ea-8cad-64517d9c3360} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 4884 21a6fcde758 tab
3⤵
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.6.1382395360\43120630" -childID 5 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aaa11c6-220d-4e5f-b56b-29a7ab7872de} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 5008 21a6fcdfc58 tab
3⤵
PID:3676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.7.329029751\80307044" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7fd6c51-9e7c-4795-9799-c7a79ecf11fa} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 5208 21a6fcdd558 tab
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2848.8.2032557889\709134574" -childID 7 -isForBrowser -prefsHandle 2708 -prefMapHandle 4676 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c18bf710-1bc6-46db-9a17-88ccd1579458} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" 2648 21a750c0458 tab
3⤵
PID:2456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\Temp1_Monoxid.zip\Monoxid.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Monoxid.zip\Monoxid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4028

C:\Users\Admin\Desktop\Monoxid.exe
"C:\Users\Admin\Desktop\Monoxid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3636

C:\Users\Admin\AppData\Local\Temp\潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
"C:\Users\Admin\AppData\Local\Temp\潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:508

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" F:\System Volume Information\tracking.log
3⤵
PID:5172

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\da.txt
3⤵
PID:5240

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\el.txt
3⤵
PID:5252

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\it.txt
3⤵
PID:5280

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ky.txt
3⤵
PID:5300

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\lv.txt
3⤵
PID:5340

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\sa.txt
3⤵
PID:5376

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\sr-spl.txt
3⤵
PID:5412

C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe"
3⤵
PID:6252

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jmc.txt
3⤵
PID:6308

C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
3⤵
PID:6348

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt
3⤵
PID:6648

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"
3⤵
PID:6940

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"
3⤵
PID:6656

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt
3⤵
PID:6672

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt
3⤵
PID:6856

C:\Program Files\Microsoft Office\root\Office16\msotd.exe
"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"
3⤵
PID:6600

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js"
3⤵
PID:6860

C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE
"C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE"
3⤵
PID:6272

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
3⤵
PID:6336

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx" /o ""
3⤵
PID:6720

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PROFILE.INF
3⤵
PID:6580

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"
3⤵
PID:6536

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\platform.ini
3⤵
PID:6732

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Mozilla Firefox\updater.ini
3⤵
PID:6300

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\VideoLAN\VLC\lua\http\js\common.js"
3⤵
PID:6444

C:\Program Files\Windows Media Player\wmpnscfg.exe
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
3⤵
PID:7336

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\ormma.js"
3⤵
PID:7532

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\_Resources\index.txt
3⤵
PID:5616

C:\Windows\SysWOW64\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureUIStyles.xaml"
3⤵
PID:1364

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:7112

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:7380

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:6892

C:\Windows\SysWOW64\PresentationHost.exe
"C:\Windows\System32\PresentationHost.exe" "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Lumia.ViewerPlugin\CinemagraphDelegate\CinemagraphControl.xaml"
3⤵
PID:7956

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
3⤵
PID:7216

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\MatchExactly.Tests.ps1"
3⤵
PID:7900

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\BreakAndContinue.Tests.ps1"
3⤵
PID:7756

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\PesterState.Tests.ps1"
3⤵
PID:7284

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1"
3⤵
PID:6920

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSGet.Resource.psd1"
3⤵
PID:7744

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"
3⤵
PID:7760

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win8.css
3⤵
PID:892

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js"
3⤵
PID:7580

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\ui-strings.js"
3⤵
PID:7920

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\ui-strings.js"
3⤵
PID:1092

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\ui-strings.js"
3⤵
PID:7576

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\ui-strings.js"
3⤵
PID:7912

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\ui-strings.js"
3⤵
PID:7820

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\ui-strings.js"
3⤵
PID:6200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\ui-strings.js"
3⤵
PID:8056

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\ui-strings.js"
3⤵
PID:5180

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\ui-strings.js"
3⤵
PID:5316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\ui-strings.js"
3⤵
PID:7928

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\ui-strings.js"
3⤵
PID:5424

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css
3⤵
PID:2200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\ui-strings.js"
3⤵
PID:6796

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\ui-strings.js"
3⤵
PID:3000

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\ui-strings.js"
3⤵
PID:7724

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\ui-strings.js"
3⤵
PID:7936

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\ui-strings.js"
3⤵
PID:8280

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js"
3⤵
PID:8316

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\ui-strings.js"
3⤵
PID:8384

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\da-dk\ui-strings.js"
3⤵
PID:8408

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\ui-strings.js"
3⤵
PID:8444

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\faf-main.css
3⤵
PID:8480

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js"
3⤵
PID:8532

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\ui-strings.js"
3⤵
PID:8596

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\ui-strings.js"
3⤵
PID:8612

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\cs-cz\ui-strings.js"
3⤵
PID:8668

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ui-strings.js"
3⤵
PID:8708

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\eu-es\ui-strings.js"
3⤵
PID:8720

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\ui-strings.js"
3⤵
PID:8764

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\plugin.js"
3⤵
PID:8796

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ui-strings.js"
3⤵
PID:8824

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-ma\ui-strings.js"
3⤵
PID:8868

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\ui-strings.js"
3⤵
PID:8904

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ui-strings.js"
3⤵
PID:8968

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js"
3⤵
PID:9028

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\ui-strings.js"
3⤵
PID:9152

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hr-hr\ui-strings.js"
3⤵
PID:9204

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\plugin.js"
3⤵
PID:8740

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ui-strings.js"
3⤵
PID:9000

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ui-strings.js"
3⤵
PID:8604

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css
3⤵
PID:9200

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js"
3⤵
PID:9292

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js"
3⤵
PID:9344

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\ui-strings.js"
3⤵
PID:9392

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\ui-strings.js"
3⤵
PID:9408

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js"
3⤵
PID:9432

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT
3⤵
PID:9520

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt
3⤵
PID:9560

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt
3⤵
PID:9596

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log
3⤵
PID:10216

C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
3⤵
PID:9752

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\Validator.Tests.ps1"
3⤵
PID:9832

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\MatchExactly.Tests.ps1"
3⤵
PID:9772

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Coverage.ps1"
3⤵
PID:9840

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\New-Fixture.Tests.ps1"
3⤵
PID:9904

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Network\Downloader\edb.log
3⤵
- Opens file in notepad (likely ransom note)
PID:10052

C:\Windows\SysWOW64\perfmon.exe
"C:\Windows\system32\perfmon.exe" /res
3⤵
PID:3172

C:\Windows\System32\perfmon.exe
"C:\Windows\Sysnative\perfmon.exe" /res
4⤵
PID:8196

C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-04042024-121458.log
3⤵
PID:7268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5148

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5960

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5308

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5752

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1364

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7752

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5776

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7484

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4376

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6796

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7548

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9692

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9568

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9680

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9400

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5640

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7032

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10192

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9996

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6248

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7024

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8380

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6344

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:148

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5696

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5292

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:9168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10100

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Common.DBConnection.exe.log
Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18255
Filesize
11KB

MD5
3186c16ef594fc79d5485b8d1b1cc257

SHA1
f79ae76d94b12b7814be3fa16d92a55e8850e0b8

SHA256
a2f92e54146363baacc35da080efd6821964282123e81f5271c032cd2605f5f0

SHA512
ee3ad785bf4040037516dd762f3e0277b26ce2ce7dbd9f4caf60f3e98a753fca162191de41fed1fc2ac44b98aeb200adc8d0658659affbfeab0bfc0bf1f3d3e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25235
Filesize
46KB

MD5
ad99122d88ddd7ecb56e09e924029972

SHA1
ab16a49cdb2b7f46858b024cf5cc18191be5ea78

SHA256
e610afd74cb67b4024d82066dfa8433e6ab94b81b235698dbcd7006d899664a5

SHA512
f14b70b6cb04def129b86ec5cd839ae9cdbc371419a36f543fdeea5d5a59648f862259eb2bc4aa785a767f5f15415779b5909a7db090cf531cfe81ac8fa5c973

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\08A256C122CC4B6163C84EE1CF3D0E2C8CD28A44
Filesize
61KB

MD5
f3593d8855ebd3ae0d70415fd649f104

SHA1
fdabdcaa558cbbef795047caa4fb00616bb2ec56

SHA256
35362a444727ce907e7eaf652969789e3c9188bf27fcdc963884e6a0eb5d47f3

SHA512
23f53ba755b3d5235380bcc5f0fca55f4e1b28c0e9b3f14f27ba44341112f211055be060dd9ca30cd2a4d0a7402c78708b4864f18a25a9280c97f1dc25022ea4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\137C0898A21D319AD3EEB32157F12C8823E762AA
Filesize
226B

MD5
0e1a6239c91429f86758366f340785c4

SHA1
dc8802172dfc0b98f24d086a9bd2f6b4ea319039

SHA256
0ae6421185d9a02a8f13853298ac49000f22b5b6cfa7c3f104f2f33081370fba

SHA512
bde5103c928db096580c0f4970a4a3efab8ee63a4373ac785b5a811d194ebc1412263e0db119fafa3289075be020aba5eb56b5354ef2c5423c05dab3c9f8849e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1872BD0D24C0CCDAD6E9B88D5D633466099499E1
Filesize
11KB

MD5
d210bf291e675ae3f727e3cf37285015

SHA1
1d566058cc971f0d4859af7681e0fd66a03dd92b

SHA256
15c8db568eeab511324a6c59514a65d578c63a0099d01f1e17cae5c97121382a

SHA512
0a71d7d3caf83ec6fa78814780b92cb197d7f9025a827bd1ade5c3e40288d9b3aa77a6fb69103ca5868115904d38b7334adbc5ebb3c68c2f32aa7da76a1e4930

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\231998508E03BD1B2F56F772BB8A27298EE69160
Filesize
11KB

MD5
68162123661c0cb195f786b51a08717c

SHA1
2daa265ff31225c3045fc7346c65df60a6f5778f

SHA256
bd21e2be46b4580b07605312041e8c462aeb6f0e502f248e599b0c3e781010c1

SHA512
70db00e173f8b0eb6215786313d3953dd9ac924fbbf7677f8cb0db9ca3271e2588d3d3cf75a6b38e1bdaaef7bf56b968b4398f908ddb337fb328efbd74684634

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2420EC6BD8AB912CD175F0D29000671726687C6F
Filesize
95B

MD5
c05af3c564d35749c2b090693c6a1548

SHA1
a642a90bb20c0a6188270620cdb4f83d19db8a36

SHA256
f78e0f28a56c8fcd3fdaf24fc2003ed4687f66c13a9a13976eb0a3d1a066c2a4

SHA512
05a009ba4e46d9e7ddd1d0231b6255fd3edeb9d7bd134beb91f11abd57bbf44765a5f41ae478a63ebf3316596bd43532f7eae11634d59773b140703021239dc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
aba19fceefd82500aab0c94eaf05754f

SHA1
c706c80ca10376981a51326bdb539263de892a8d

SHA256
269a1e1c4cb63d8acfdaaf026e9628c66a6cd33edeb0da53b6a51f23f5110a0e

SHA512
31f174a79f7964d684e7d1ab1e249090f7ae2fa32d5622f1bd34c94143cabfc1dbdbd7d57d008d87106fef9a3fee086a71726d53796524f7cdbbef364b280bb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2C6EF10E03714F1BEE449BA6E17B9C9BB62D1A54
Filesize
46KB

MD5
94765ddd052b4ddf69ae082bff9dd1b6

SHA1
0f9c321fcda6b2ba1a1064bca904c0e1e306f2b7

SHA256
b19e888f777394e837e94e7a12b5a29e07a2f5c793554ddded3bfb2ac25cbd4f

SHA512
7b3123230e08528b1661822b281cf99b564c1c45dd57c2ee1f589eeb233c357380461b4cb8d07ebb2d8debf3510a9354a0d6bb6cbea4f757f5d1915893885078

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\43D6E762E689106F8CE68716EA6333523F587E1E
Filesize
13KB

MD5
6e34754473f02a4d2afad3d45c5644dd

SHA1
2dedec9a3ffb7bc40aefe75f28d7e2d528b06714

SHA256
b31d2d6fb33abd687fbd169cfe1f619a9878753b4dbebcc53901632f5c29a312

SHA512
4a1fe045ff6b34f19a9ff47b9ae1b9c76394c132430dd046dd503c7c8f2833d178a3fd4455eb07cb077abb582f76e6d7070c83307928e67b9b402aa86d31e2d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4D9B893A1C5C0049BED8358B2E8B2C3083073126
Filesize
12KB

MD5
3d74b59ebe752f0a90f0bb0cbd3e9482

SHA1
79a9a770e24b268b35ed3b9e2e8ecf9099e43bf1

SHA256
3070391b04fdbc96f842b58c5fcc05ab4c7dd18b1c0a1c634243395cfc55c46f

SHA512
e60ddeba929e10cfaa34ef8e358c3254dc7f75dfaca2a813817c4c0abaf3cf2ad916e0a21d47c8203cf48fcc0c6187b2a989c95e8cd241e799a52a1505dced96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6037C1CC50B71C752D22AF7D89B0F320ADEEB27D
Filesize
10KB

MD5
42e8f33d5daf10cf21637b49f34fbee6

SHA1
858f89e76a11e122e35605d738c2296e1f6a2c02

SHA256
a1aacf46486732b9d66cc3ce690ce95ec12612dce3235683feae10a88a70ea0a

SHA512
fc3a64f60c81afe0c0968f1665654e76f9d130a1c8923113ed22d202db4b4794ca87857e0b9d8e39d432dc8bc9cf604c2b5ce921d248dc6d98ead9578503274a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\60674281A19446453D13617865F5E4C83CF4AA08
Filesize
103B

MD5
9083ffecee6947d6b6d59497d1a0767f

SHA1
74f81a8de940e491ecf4f26489582338fb2ae94e

SHA256
a757fe8009a6a1708d7fe8be4ec07f63202554281ca3dbd347b86e0acf5467f7

SHA512
65b728e47b1e9e64e394324dae9323a1be531cd9e6acf413646452059b44ab2c78daf31f6f61e5fa6aa50a43c2258c1e1251e0f7ab6f578a071cbcb978b7b0f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
11KB

MD5
79d609fa6829880b3c57555c2852c4da

SHA1
1b151eaa77345e1e19f491261834f16fdfe29ceb

SHA256
39483bc5709a9869684672ae4c1863976206de0bc9cd58d1bc8cf83f0713efe5

SHA512
1aae0293c50ef10384ac54f99b799373ee1cb6009c8a12312fafd3380e10f6df9e3269530a224ac0476972223a893f401cf31b5cf02e8e499e67638d878d56e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7021AC05A914073B66329E6DB3DACC66F293E8AE
Filesize
127KB

MD5
ec8cef8d9f79e102cca1ad53d196e660

SHA1
e18c7cc5697914d9473698c0b30593a03739a37d

SHA256
df865d78c013fd2e1f72895bda3673e22c7ac06bf82be7119b56d73865afcd17

SHA512
814286a4d8d8d0e4c2f4e8f9ef00a0a61ba2558fd8e4aed091d78bc4663c95c66facd9b24537bd92c909ada53147da86eefd13d0e832d512b16364e883006c7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\706AB48B6C39552F609BEABA61183056C4A8DE1B
Filesize
11KB

MD5
34d9c40ffa9cd5296b44d6bccd3a3877

SHA1
4198f996501d66e57e2e94737be8385bb52604e0

SHA256
a7f61bbbcec9f106ba58a9cc62831bb8a36ac300fbd016285c9bba9b7c5ad4ae

SHA512
56b2e6cfda0c31ef60540a2a47ccac68b40ed9880f23b59fc0ce801026f7107d33468e123ba4ae0405ee72e6b4c9b586914123c993bad57d88311f9353a3d31f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\77A4BDFBB1ADD64348ED05A805C0615FDE8F35FD
Filesize
10KB

MD5
8b2bf50ba08d857216cfb68947b7e5f1

SHA1
f407ced15710e0ec81d5fe592bb9475cd7966af0

SHA256
50b8087ddbe318dc9cf2a842c086a16d9924949223d9d1b5db4be5f3fe8b851f

SHA512
ee69f000068874b43becc7299140a7a401e36cdaa16930e0a9d90e27bdc722f77e614324cbab88838a44d986e10abde2ac304351e3e8a14086196e95d8dfd25e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\794E89D21BCDC5AA9237B50D30AFC5B0F22FE4D5
Filesize
502B

MD5
43fc489106ca43065906757f37785c50

SHA1
12fded589b065869c59519b75c4f2e398b251161

SHA256
1af9c0625a72aa759dee30d01107bd0dc283067c959b2d217506eb05c4af96b7

SHA512
f1feafbc5c8b6c4c604985d4cc7933dd84232280cba16f5da1f3ecc3c6f4455c401b5d2236eca917468850abe1787b682f51911c278b846211b14457eaac500e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7EF73EAC6516ED8250E9A7C0FB194CB32BFA3EB5
Filesize
10KB

MD5
8dffc5c16058894adc98ce7e783e41cf

SHA1
067903a9a96cb67b2b926c973d73bf623e9c26ee

SHA256
1fcd9285ee20fd8bfd9dc0ac8efeb7a72729b45475121980e0a14f05258ebb2d

SHA512
3864f743639cee063fadc7ef92bf52ba4e1510db44a69b0c3e24302c9a1d43a9dbe7ff367eb2b566b0034299dd3ae6ac0eebc4e07cdc96c780fc688ece5ed4f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\81714ED2566F50FD9C21E1A9D9D3393FF85690D8
Filesize
11KB

MD5
7543b7b0b47de8b6075e1e3a6617c262

SHA1
335c13abb8fecf4c2e95707a608de13c9bb38b17

SHA256
68a9dc2a45b1dc8e0ff2a2df79e8a481670201b2e9eaa3579e0dc4d87702edd8

SHA512
e850fe2acc9f2bdcd70cd00b2aa52de48bb29d25dfe08d24aadbd58a350aa0a0199e40500af8b9585a2b2d6359dc9d2e832f1cdb027319a8416ed7d8e1661025

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8F9869B3224943C8C2709E31D494BE9CBCE15C5A
Filesize
48KB

MD5
5af4460e4ff0caad0aedc62cac823419

SHA1
f3b6bb47ce6199cdaa313782adca4ad8bd78053a

SHA256
7a770d99c438e3afe5c7094186d90d1d8cb26107b48dd0383a8b2b1b161ceb77

SHA512
7ae4b8cab40a87e76d7aca61523d10f69901d57b8d7553dd260bd73f138d6507e40441391a598d97a4e070738094b6e8c7c02e9841cf5ae9bfca735e36251579

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\974258D4EDB32042AAF67803BF1EBC9B34561AA0
Filesize
37KB

MD5
453878b15bc6036b76ce0fe6220a7ee9

SHA1
b3210e4c32373f95526e7b6ef2dd5cd08db1bdf4

SHA256
1fe60181b946c56510f0871b00971eaa2bf0c8521a726faa533e000f0745c12b

SHA512
dc10f8a865b3ed544c99941a9cc48c03da0307409a98e1ebda9ae1d3ddcae6ea59a03335b1ad31d5b264b75bdd52da0cdb9d13cf9f341fb49c3c34f2c4fdde54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A59A6A29E932AB44D22AA680C52E5FD3F0523D4F
Filesize
25KB

MD5
00779e8771a1c4e88ce7eb04e07fd573

SHA1
e72924231de60230bf33773022afe30cf240e4ae

SHA256
42cc269514e79e68e61c023180cf2e7c7b05ed9577ff6d7bcb13f6eff85bb42d

SHA512
7232783f63f73b0459344f122a4ae5d3b65809a8134fd49a8b5b41b0ffb6c560493641f3e0e4d11cc0c28b4dbf089b1001a4180c5dbf8c278d30a44037ecfb54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A79E74F56FBC41FC30FA0FC0D79C5FA2072573CF
Filesize
17KB

MD5
a7a72747a5e6a42ca033eecc4e874153

SHA1
db76df0f2816ffc03757c2ac1fb842e0c0ecff2f

SHA256
45fa755382c85beea9c95daa7ed7f8734457a5e463f15660dd7e0fea733200fd

SHA512
92cf2cad929f48b895835f9b9ca0366a58aa913be0cba634f5fe129bad02e8abe618322bd3448d6de27f42b5a0affb3a0308309cf9fd67ea716d2f08c04bc131

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A7A75F8AC380CC03A0A843025ACC6711B315A371
Filesize
12KB

MD5
d95f1dc85f328b09d6f9686682daec70

SHA1
77c05cafde4d9fde09933ba355d6dc4eb51324af

SHA256
b1761091e2b4008f66f51c8b6c1b5a2c499335ceb46f1803798b337fd622a81b

SHA512
93f25067a95715074fc55594b658e2a5d5d3b0ff6b9ec88d7017651c4094ee9dbcfca8c53cbc9ffd4e6833623e9569bb372323258b7c4740e54fedace5d6608b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C45825CFF87F338B0C69AEDA2391314C36CA979B
Filesize
89KB

MD5
15d63610e00cc287fc86004cecc575dd

SHA1
45bdbced29c9a27a5d369f692bcd3a8bd360b8f3

SHA256
743cee8fb91d406615a044e6b59118f27636849e40397dec1da7648e1d2a19d0

SHA512
d7ceeac5121d2ec5d3f4a7dfd096289602c8944b24f95172796ab3836c24146dc6cab935115c566af259fd135b49fce3e3dc24e2b64e0dcd0550d13210a24ff8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
30c4abab91992a757b04040f31b3765a

SHA1
cde01f73eaf4acb73bdd1d54b2470adf187b2c03

SHA256
cb23f69fd2147d0d72baab359b45763f0069adb2b0e5041930ec2f33b0b6dbca

SHA512
b146a8bcf5c9acb83d9003eb7e5ec3d1df870a15f9cb651489a9835e8117a34265c70ef0548a9c6f3df0a3eafb7210b142da69d78d4326d5e737ed43dc535252

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CC74A928AE5940A273BD5B40764E4AC1593405F4
Filesize
16KB

MD5
8f3589b6cced32fb7b3d78925d3ef5a6

SHA1
50a91d464bd2c89a0f817230efd5fff746583edb

SHA256
80811de5c74e00828d494db385deaa65f51e184344ea4b9974cfc2f986f9eddf

SHA512
ceec09c613cf20533fb92a4aa9cf9fa1386f7cbed841a66f21a3584f809b97e734a2c1beff2cc86b8276a862acf432ed366dfdfaf9c493e1978f9d2d47456797

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CCD4DD2A5BE6754F7C4BA9C15BFF4D95EDDE2902
Filesize
11KB

MD5
7625f38fc8b0b6f90485bc31f5bfce28

SHA1
79a3ab44efed6309415c3b86e114d1e026e6b5a4

SHA256
cfff90fd0beefa705d197b305a3a82886232ea98af500ba9938e30594f3b8439

SHA512
0ec1db696a0b4c6bc93a8d25dd34eb1085b939caad73e546011c9d66de79dd670d2a68c3db3c4bd0572d939aa7b2ef2115059d281170e96aa21907a14d2f3fdc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CE31EE851EBF0D98592806E61EBEE3EC745A0258
Filesize
25KB

MD5
31050ec5d42a0ce72d02bdb3aedc491e

SHA1
3c22e927fe4f2eb4ae24b0b1e21397c46c0021d1

SHA256
1e839c7942a60e694e5db3659189f7b8c6cd70020b8c6ea9bbf20179cc48702c

SHA512
a36c407feffe84424e4a82c87fd973c00f2149b0b76939284c9ed6a7fa79784ca2a875165dbfecea189395f274a839008ca0c2b6589cd489b51f8e27fa196265

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D12E74796CDDE8770E320801103162E84F51A1BE
Filesize
13KB

MD5
ff2e0689a7dbba3b967d19631fceb1bb

SHA1
b290451886fe616b3e36ea8170f50e71235bb3ae

SHA256
55c8faa6ec25943444cf5b1ef3e748535646cf88324b18be564880eb73ce6ba4

SHA512
44022c423fb5f5fff9ecba316ff40fb31fe6aafc01920f5b80cc915097f9ff28fff797566714ec905841c756c1daa0fa058f49ba85a46b8575894ffe52ff3773

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DA9572B8C41B561C8AD6C5276FD442EB0962B991
Filesize
10KB

MD5
37318ed61b73ccae44ef2ae017763400

SHA1
a182745dcf0c21128e288b18baff7335b46b0da8

SHA256
b7e9ee65f1272706d3dc4d5f8ddbedea5f7ed944c01ee84bb496686e3847958e

SHA512
81121f3b1a486cddf8d345c544a6cd9a1e9f1c2c77014433d18a4f300af4ecf1aac4c01ab05cd0f49a710b10ddd6d4d12b5e9b5ad40bbd0564d377ddbf1a5eed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E92652C6E30E0A4612F7E5E4101F2BE8AB119E75
Filesize
24KB

MD5
378675b7a4367261cdb95c8bd0c4e5a1

SHA1
1561a34a4e72bf8993c68c63770680dddd0e3614

SHA256
ee7846e6aec32276a997d8c2e21445835d3a7b05c95f1b88119b55211a2a3bd5

SHA512
db7dc7e763a42a7d5bc7e8b139a1a42a1e0cfa25687998170e1c96fdff67445105b04f74502891adaad099a4dd066dcd371f00c73ecf875947b9e07a27484b6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F77A636DF490304554DE47F1A72B0F7A45E05A34
Filesize
10KB

MD5
9bd12c31c8a62576ed970eb39d79fddd

SHA1
be5f6dc2d481f773fb1b60f98f805f968339e923

SHA256
f6b87083975e8e7fcb57e824ea598960e1a23e69a13fa94936fb0a54a1f9b800

SHA512
7877a4f7c62c925f8773f0369dcccb5fc9393a5d8b82435a3b0f501fb18c3327ca0b4c18e00cfafc6ad89eb178adcf9b2895bffd0db6d55b5302c67baafaedd8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FF3BDDD4119E0BF519DED694C7EC51FB48BAA86A
Filesize
18KB

MD5
3119a89fc484e4f0eace6382fa9092a7

SHA1
467b8b60e42dd99b209f9d8f46a317bad633019a

SHA256
db2303dce9959aa884b6c60d21517ed51bae5a70a3267eb00c3c5ee97bef2bd7

SHA512
174b3726e480eaeee476a823a996f271efab69b04a0b84bec6c0cf2994fe9f2f017a4ade8fe3975d78cd2379be45c20fd7dd3599da9d74f2019f66995e6c4789

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\RyHO1AoedOuMGkF3jx44og==.ico
Filesize
3KB

MD5
8ef88a00cafd57a82fdba56ea1948148

SHA1
37e0c91880d4036d67a367132f2d42cdd78c0009

SHA256
29b3504fc1c4a46724b5f4cde8807228eabb0e283618e8f8d34be6742ac50700

SHA512
4fdb26ad4612b7d54ef72e7cdd9c02cd60984a37529d71656ff102ad7d64d2d97cbed5d182484557ef6f87f016bfe6ff34285a05769b7ea7701c4867199e1373

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
098f635d6d8d9b6eb167a2a3a832fc99

SHA1
12163efae3f650ab3d75b70c98887b5118dfbf62

SHA256
b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48

SHA512
5dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HFMIHEUI\warmup[1].gif
Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
Filesize
404B

MD5
ee9c755b254499d08d8c82135073524c

SHA1
e681c38d36590dfc81ca177bc1cb6fd59bb0a92a

SHA256
e75af5afffebe03902f20b996c4e568a70a17f5e3eea34d85affa1428db16f29

SHA512
01740c8ad428ac61ba763359babcdef83fca93defb752ee07dca625580c7123fe2f129152deddbcea268c1ac5f67ecfea180c13d8e4d57d35c0e8107f2dd3a89

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\1FP00CSU\www.bing[1].xml
Filesize
1KB

MD5
e9b5c23a13a043e2460de712e81059cc

SHA1
04d931c10b88ce24c1bf0df87dba827804db0a74

SHA256
3d4d4cc68d7c4ce67b66e32fdf340c0402df6babb3157ac0119d2b91a8388a13

SHA512
8b5c003f02e5ef80b06caadf812ebd56fb6eab48427e4097185be4818fec99a079d74fe42ac6ca0aa340229e8abe12e271e5577775704c90ec0985c526dd2b13

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
471B

MD5
0c240d53a2f58056cc0b360f571bc237

SHA1
c2a567a5677e2761a05dc9332346ea8c450d351e

SHA256
c60d3373da5d22e0d33af1bd0df7d2c70b8c10902a0d61ef86afb47ea3f0cbde

SHA512
2f2e819248f222fd69789154f5aee7853054ad566786d3c5551525c03814b3a3a4e1d3d785e82ed57cffb5787c100b36ece4a91b7aad11b3b32427f32246a1a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
Filesize
471B

MD5
3f09e61e5f4f61c26bb13af8dd599ef5

SHA1
0e99a475ee6ac549890e4c7fa44a835d60722197

SHA256
53a6045ed07f02deaf979d308ff94f5c3d46ac478fcfc9c71b0300a370415f7f

SHA512
c1f2c7b8c62c23a4b035039a4c17bbcb8084a5805e13858ebbf6bdba9b6a0b678d88b3cf4e2d46c5cc002d3ccaee62cdcd4516d4be1d7a47e0a9bbfbacefa0b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_5C1009244D39FCE23AF8F277537F2613
Filesize
314B

MD5
889660c5dec7721bb9f517d9922dc6b9

SHA1
90e17f5a5b9572655121d34efcb00ef41ac420f2

SHA256
d38d10bc968a6425b475caf354f90dc9010250324603e0ff1d28d4e74d08e6dd

SHA512
c0e35e8f6ce7065eaa20cc0240e85fa78fbdfded727281f3424f1f05bfc977c67fcbd473985f821d2e807349725aa7871de9c94d16cdd982f0582ebf88e10fb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
Filesize
314B

MD5
0eb6c4f3fe929870a37642b8e2ae657f

SHA1
27783905e8b1fcc840fe93b3da0652f0156e3301

SHA256
5b1fb5e196684c65d2fd7b16ec8092e1e8c246c05edf2f45c0df993d4517aa2c

SHA512
164623e612c85ba5a807b935a6ae6230d077e615dc7ed102c8f6e25e389ef63d3cc0da8f6066de9477675fe80328622cec8fac98382ec909d878f4454476398f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
338B

MD5
412f28e87eef18f8e91b034fdc373c2d

SHA1
586462887e2153d5af46b4019ef5be6b9fc5e99f

SHA256
1c9c894297fb5aeb35d90c1da0331985a8e029bb9dd23a3fa5dc9be7331e0f60

SHA512
76c5d1e9648c7508bc9817cd5a2163f1054df97a812855410a868873bf3ce0c3c2b2ffa1a95839430cd05318dc50ab17d12e7a14bc4f21bf3542e44b8015f75f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
412B

MD5
031b63ffb120c1070f02a9f351e3beec

SHA1
b6ddaf4b16a60a2602fd9e09c9cb52b545aed0e3

SHA256
6e40f38e7adbac4611290a849d7a6b1e165b184dd6aaf92f36a5cfa93d620532

SHA512
0414ba03488d09c9efd4f11caf881f0bd159186575ee86d9eb21c2c34780c7d53d0035e82305e2ef89ed17d13cac2ebcb78147136bf83aa678bf40c2c2c6f2f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\ISO3DRFL\jquery-ui.min[1].js
Filesize
195KB

MD5
234f1553c7d27cce512062c59800a9a8

SHA1
b48e01c35c1e6ad622386b9a3161bd1bf02723c8

SHA256
d87043ac816dbfadae73fcc32f84eadb9a665cf97ae938bea9702a27d3e9a54a

SHA512
ebea26802799ac24743f531e5eec6e63965ac2771d68d405be32f277097ed2927d3ed89d8af0ac41e3e17ff2d26559250d6cb267862a65bee23c51c752dcfc50

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\ISO3DRFL\jquery.min[1].js
Filesize
89KB

MD5
a34f78c3aecd182144818eb4b7303fda

SHA1
6fca78dac2797c02d86a4bf6514eda398b7dbe62

SHA256
c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776

SHA512
ddec07100503fdad6655d4e90aaac246719e9667611b35b112e4694e2671b43f4c4ef0b87371d3a6e173f7ade9dfd2058e5e165a41c3a250007d49ec18f2419c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3S37PCC5\suggestions[1].de-DE
Filesize
18KB

MD5
cc5361b5fdccfc6830217e2eb9972dd8

SHA1
e4a1206d9190eccea3e6a116c954d11da0aeba66

SHA256
afd57b0b6d8166e25bbef7cbc97522677c11c9a930fd4d4a204d1b7ae6258492

SHA512
ef63961bd7f0d3357d352a8f9c8ea57d0271e0fb664b1be179c38cd2d559bbaa4864f64f3521f26f868cc074f97994e2658c6d652021a39dc5207d45411691bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AUD2ALA6\favicon[1].ico
Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF029E76CE95E8B1CD.TMP
Filesize
24KB

MD5
b766fe30d4da1edf248db49379b66fbe

SHA1
1a2df9aa49622af245f80a2f56580c83e276c643

SHA256
541f94690145ee4a79b291cabadf2261375766da53c4f00a69ca88623d70379a

SHA512
03ab1b261f48b20cc07a2aa08ac3641e56f6f117d921b8a00c1ff30346d518c331db1fbd879174e9a1274d2b1b447ef7d4ff20939bf6c0fe5a96611fa0f3d04a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
beba3522cd7eb77a09fe36abcb252a4f

SHA1
220cb347af597d4f8aacacff27eb0ce64207e99b

SHA256
63c5ec564440d74f3c2c2a161a66a22dbf30b03659f3309419a359ee1f8c0d4e

SHA512
35eb19b0e1061370a951b1ca3f66288c6ed1732ce7c94fc663eb3959383e0f5d8fc28b3ab1cb9f5f3cb75a314c3d1a0a62694f51490760ea88e8772916f49774

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686
Filesize
471B

MD5
4416fd02b3c1cf6b164beec47e0b190d

SHA1
ff50109bad135e41768f8524a0c5f8197ad116d9

SHA256
f975c50a66fe2ad99ffd8fbf5204e0f2f2c220a8c8f52caa78a297106bffcc21

SHA512
7887830ac591ba4c2b681285525ebff41c344189b51291926e59a31262e1ef3715cb303107ee9f92c9dd69be8c386a0eb0bb1b821896d75646fffd789631e776

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
91e1e5abf5929ab91580bb1b0606fa59

SHA1
397d45bbfe397614c12de171bc667a882bbcd215

SHA256
4b9af5aee44ed89f990b0efeced5849f0c650deede6f0115ca1434f2b3975578

SHA512
938127aa9b2ccf1e1b9f8cf4adf544892d60b51ece38dc9ca3fcc1cda94df9077f64665d7828e7f491f2182d8dc6913bced85038aa6d88eb0ca75d8779f69ce3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686
Filesize
410B

MD5
a9f4ae0cff2106d0eb607ae8a5c1e172

SHA1
2e4aab8539defce4f6a7bcbec1fa8f51e07fe217

SHA256
a95dc4738dcf3416976fc1c8c88a0f55f539a5ef4210bc835cf872a2a2b2c244

SHA512
979b5e915633a2d3e8966f1a5611c917f8e2f6e0c2b11a15aab9d4579bf7a753b3cbe6dcf3555d8921e76a9d3d921fadef8773b19823656b555e39f9cd5a9a79

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
338B

MD5
c961a8c0804b8f918b07f58258aba260

SHA1
04af0f709a839b086689f59f281ff563832daf54

SHA256
b8bd6aecef8d89d77fdb5ef2a8d53757d4735eb1c50e4687dc018912354258d7

SHA512
e66c304181239ab8103cd6044b83f27db07d7c4b1d396da9115d4ddcf214ecce94e2c4569ef192134f071a377c3eab69fc76a8ab6b856893487ee25ef8f7c41e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
bfb2397d9a60491b1758b50045728576

SHA1
1793252fc29d8f44410e61893a47eb41d2a4ea0e

SHA256
18ede757e791462f2cb38af39c43e557056d0c12fad87154f3f670cdc40f4066

SHA512
6f841ceb065a0c3a244488d4cc4e120b638117e7ffd1ec5abb9e42723e4a599d0b1d89327581fee9f2585cc255385e6c2d511baede412377b96a91a618262cd7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\Windows\3720402701\1568373884.pri
Filesize
218KB

MD5
13e8857c11c103c86af5a010ba171f66

SHA1
dd8f6ee3cd8b1ac01c480e0843c323805c3cf2ae

SHA256
8b69fd5d6b540b3080b438f3cf0d42f3266654e786ce7dc5e85855d309e962ac

SHA512
8454d4a02c15e12428628aaf9df2f5ec48d261e692a8b4f2e7e81d83c3acd6921bfb2d3ebc76f78f124fd0065852af348bec56a91e7ba9c54525615d6b7804b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.exe
Filesize
305KB

MD5
616861cfda9ddef5b3fff0090aaa45d8

SHA1
bc7faeb0be99fc397dd6d896fd0f9d58aa9e27c6

SHA256
de918f62f0d6acacfeea67992deae5787d5d23ffe0bbdf7f8486ff8fffc5742e

SHA512
98daaec5c18eded91191b4f78a6749d95448db7ac35226b9e8385352302e821ee8492eac2a7b2bcd1cff89afd0d85770bfb2360e0943f50db3d765cbab9c7a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\潰鴀塬襜橘攢艣钚继紹凌诀鶤篴詢束.txt
Filesize
260B

MD5
b098aa742c94909baaf3d4d560a5a903

SHA1
a94a57ca7f0a86715ee3a16fa8ccaa78e909c282

SHA256
7a9fe397cdef0c3df7823ed79b54962fe6a3bb1b62e9046f0038b3df5cefafd0

SHA512
b93c0779d8a0a945f34b320f49a479a36dabe99eb3ef2b923be518e1681c3ff8055eca2f6c76c2066d96fd3d38ebc342db9d15185f3ff04268ce7f9bc5f0d6f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
10KB

MD5
ed1f89308f473190d4c650c55e43ad7f

SHA1
b83a8b5a7717991c3ed8a8a86747cd2f9e3b081b

SHA256
a69a9440c041a98de9cca0f81e30f3b0eb60e5968a49e49457b54c75ade2bc14

SHA512
b671b9375e9d950ea297cf948ac388b462c74aa34107a6eb7a6019f6d9c1f7660c8be32e5521145cd26dc0b6965fe6a2da951216fded34cdf6d61eefabb0db5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
e71cd22a866f85d41844192dd0fba67a

SHA1
9d18ace98dfdf49657413c04055f82e2386eb443

SHA256
f1dee817a9fbf39543940579685c2a2dd1403811e665cb829912fe5238907712

SHA512
a72d8186b2510381710420963894b7ccdfa2e92962603b876ed16a4c1afbc4efefc074f8429afa0e2c35330bd9297502f86a87b8b791033613f3d30dea12a429

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
a7b24eb0746e311945e914de21b75137

SHA1
7ab0a069fca8313001767d6989c821fa0b90010c

SHA256
909987caa26c8b5700964c67ab56888571cb0f7d042a73f56a64c1b4e9334cfa

SHA512
28b6be2296ef1460d0a1a6cc2943ba7077d9f0184b9272811c7ad1fe01f714818cd79b869c1d3a56fc689082ab23a8a193f20088f686110a0ab029ae1f916852

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\09befa1c-d0c7-4939-a96d-47b5cb2560b9
Filesize
11KB

MD5
b9801f21ae318487c6e986caecb02fa4

SHA1
7f319ece78304ce6ef7e2dec1ae32713c69ea8e5

SHA256
21e6057311e51faf49886a23572409d4d13e8dcbb9ff8af9646e2d8c43b77641

SHA512
5d8607b91830f2758407935a0bbe6bd3d4b33c0e03d49d63e8151d92b4c5d4b8ac71a5b344b63eee7a8c211b038eb1cf4b7b67df6cf3de868854582f93f5c398

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7881ff19-e67a-4489-81d4-018fc5a45eff
Filesize
746B

MD5
4318e18040e445e64d1f13989a0214de

SHA1
8b5d54318c901eeff33986d381392b9ea28007c2

SHA256
0f33e7405eca457ad27d83abe017554814bf22b2a4d1667aa59bf90998552df9

SHA512
a285c52ae63d2ee6cc4068268b29b9f81c3e1ddffa572040511bd63a2036942773d25da88f5fc3c338d7ec88b9099b1b1b4492b13ed9440a972109f0e3f8d133

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
9197dd7ee82b6f534f880ead3459fa40

SHA1
3072ea6d950fa394cb150b35214d4577f5855a39

SHA256
8c6b312de848b9454a5742f7e6e2978f8a3bac11ca936d34355836dfe89ce624

SHA512
dc0a3e3c3cd03ce45d006e4b60582b3e10f458cd261b203874c6842359f3cf43289044b0a42b0f6a3240a47966e3360a6dd58e61637369c41bbba82e1b9fb8ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
7c8d34c594e79fedf8e63dba1fd23fc4

SHA1
a1c39601e231d72afdd89c2a1a473f7352967de5

SHA256
0d1d63c797aa5ae4485a4209b0057ef2ccb10936e00eab32df406cbb3e14e838

SHA512
6be2137c7436842919f04110b4fe18d623a9d13feaa8cd61a17c411a22794a34b9b65eba6e100d32b50e69fb3662549dd1d443215f2b0289cf5f56bfe42722b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
758fa9d616ace9115be1c518848fd6a0

SHA1
dcd5afc0f06e94e3ea2bd8c64c873bdfd83f0fef

SHA256
18fccd3564362f755f3b6e445ffd86e2df63bf7d5aa9f2f48a9e8fd5d6ec8c24

SHA512
8939a1d7ef331a51c6ec7d4be5d2ec16b381db6876bc119e78d45433aaf2792d9a2d2c724631a6f7b86d5170aa0313f69325f60b819daa94fc05f4dc5adfec67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
e91162d05221a074cb759802a24678d8

SHA1
2aadfa2c76787f093dd846230e7a27debb0ca022

SHA256
0dc21fc0e6b2218b01dc81eb71828d9adf2ef53074ee481eb80c2f923e631849

SHA512
31f09a05de4ca319b7ed0ada69db808bcdd7809fa73be0f4c4b14ac791e7a62312acc4b419834cb2712223ce0811be64ab136d56538728a5d1701ce6aa5f8542

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
95b0d6f686c988257762ba0742f654d7

SHA1
4e479a68198a8dca88ef28e1e0dacc047ea143b9

SHA256
92a7e05d9e7eca71070cdfecc4fe79b3b6b2bf929bbff116e3bfc44ec68a2422

SHA512
7e15ab828b35aaaf5516ca67468d30797dd67a236e856b1dfa6bdb7f6108a167cd298f947a2efa3b521bd6dc55ba96f92bb9595242d23a73df5dcd231fd18a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
fcb1c4c65a13404579a5079751e1400f

SHA1
31fa5b2001da9c71d1e0f47f5615fe695db839d7

SHA256
9713fa5bf6a8298632ccb77ca099dba4dbdbb1157b8f1175c1f0a63fab6f28ab

SHA512
18c8d764f2c2346b659c6a4a6f61877bea2eb5d38bfa26e0ef286c0ecc30f6b37b7272acb6a4db6d1bdd3ca5ef48243b061b60a8b688ad3034f1f9af661e1a93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\Downloads\Monoxid.AvGn1Jx3.zip.part
Filesize
7KB

MD5
56a76caa4ca50ef94dcd4debf046f0bc

SHA1
a37a2ddd1546744a20ef4c270aa6b8309a008d46

SHA256
d891f2abf109dc4f48812e7b22d7c6496dd98abd8452e289b6a837e6024acde0

SHA512
3e58f223ff53fa9117167bf9c962fcede9cd7a77413710a1fc05efc9fe5737584defaf38bd585e22291d07b321f7a9de7b103b6a2db0a8bafff4d4455b2d6f6e

Download Submit
memory/292-394-0x00000151EB860000-0x00000151EB960000-memory.dmp

Filesize
1024KB

Download
memory/5672-316-0x000002014D1E0000-0x000002014D1E2000-memory.dmp

Filesize
8KB

Download
memory/5672-309-0x000002014D170000-0x000002014D172000-memory.dmp

Filesize
8KB

Download
memory/5672-314-0x000002014D1C0000-0x000002014D1C2000-memory.dmp

Filesize
8KB

Download
memory/5672-312-0x000002014D1A0000-0x000002014D1A2000-memory.dmp

Filesize
8KB

Download
memory/5960-272-0x0000023F26420000-0x0000023F26430000-memory.dmp

Filesize
64KB

Download
memory/5960-291-0x0000023F237A0000-0x0000023F237A2000-memory.dmp

Filesize
8KB

Download
memory/5960-256-0x0000023F26320000-0x0000023F26330000-memory.dmp

Filesize
64KB

Download
memory/6068-298-0x000001D566340000-0x000001D566440000-memory.dmp

Filesize
1024KB

Download
memory/6536-344-0x0000000000840000-0x000000000084C000-memory.dmp

Filesize
48KB

Download
memory/6540-393-0x0000021829060000-0x0000021829160000-memory.dmp

Filesize
1024KB

Download
memory/6564-364-0x000001FFD8410000-0x000001FFD8510000-memory.dmp

Filesize
1024KB

Download
memory/6564-370-0x000001FFD81F0000-0x000001FFD81F2000-memory.dmp

Filesize
8KB

Download
memory/6564-367-0x000001FFD81C0000-0x000001FFD81C2000-memory.dmp

Filesize
8KB

Download
memory/6608-351-0x000001F447700000-0x000001F447800000-memory.dmp

Filesize
1024KB

Download
memory/6956-326-0x000001D9D1800000-0x000001D9D1900000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads