hxxps://sustainability[.]google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Resubmissions

18/12/2024, 17:54

241218-wg1lpsxpdl 7

10/12/2024, 19:16

241210-xy39lazmgm 7

10/12/2024, 14:11

241210-rhjmcsxlgz 7

12/06/2024, 14:49

240612-r7fxrssgjk 8

Analysis

max time kernel
1798s
max time network
1174s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
12/06/2024, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3484	AssaultCube_v1.3.0.2_LockdownEdition.exe
668	oalinst.exe
4688	ac_client.exe

Loads dropped DLL 19 IoCs

pid	Process
3484	AssaultCube_v1.3.0.2_LockdownEdition.exe
3484	AssaultCube_v1.3.0.2_LockdownEdition.exe
3484	AssaultCube_v1.3.0.2_LockdownEdition.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\OpenAL32.new	oalinst.exe
File created	C:\Windows\SysWOW64\wrap_oal.new	oalinst.exe
File created	C:\Windows\system32\OpenAL32.new	oalinst.exe
File created	C:\Windows\system32\wrap_oal.new	oalinst.exe
File opened for modification	C:\Windows\SysWOW64\tmp9B76.tmp	oalinst.exe
File opened for modification	C:\Windows\SysWOW64\tmp9B77.tmp	oalinst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\ladder_15x_offset\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\misc\gib02\tris.md2	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\platform\8x8\8x8.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\plant_leafy\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\ammobox\ammobox.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\makke\rattrap\rb_box_01.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\config\docs.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\knownissues.html	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\minimap.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\misc\menu_click2.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\socksky\nightball_dn.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\config\maprot.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\fuel_tank\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\guardrail2\gr2pole\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\arcitool\Cotta1-grau.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\scoreboard.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U6_2\U6.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\misc\pickup_ammo_clip.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\at_blocks\at_block_up\at_block.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\nieb\b2walls094.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\monitor\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\mitaman\various\metal_trim_4_h.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\nieb\pd-texture-bigstone-wall-2.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\cardboardbox\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\ladynighthawk\inhcanyons1_lf.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\zastrow\2wood_crate_03.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\ac_knife.gif	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\vote\vote_call.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\hotel_sign\skin2.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\misterfloppy\hanging_ladder\ladder_up\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\ambience\t_crow.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\grid6x8\grid6x8.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\rack\rack.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\iceflow\iceflow_rt.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\icon.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\xml\cuberef2xhtml_acwebsite.xslt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\maps\official\ac_swamp.cgz	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\lemog\license.txt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\player\crouch.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\signs\donotenter\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\flags\small_RVSF_htf\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\nieb\bricksmall0067.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\player\splash1.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\maps\official\ac_depot.cgz	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\jcdpc\hanginglamp\md2.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\skymaps\socksky\nightball_rt.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\commrack2\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\paintbucket\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\noctua\ground\mud01.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\bot\waypoints\ac_power.wpt	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\player\heartbeat.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\tyre\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\noctua\metal\zinc02.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\textures\makke\rattrap\rb_concrete.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\crosshairs\red_dot.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\misterfloppy\platelamp\skin.jpg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\razorwire\skin.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\nade\shadows.dat	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\misc\test.png	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\fluorescent_lamp\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\commrack\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\makke\fence_chainlink_closed_gate\md3.cfg	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\nades\nades.md3	AssaultCube_v1.3.0.2_LockdownEdition.exe
File created	C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\audio\misc\menu_click1.ogg	AssaultCube_v1.3.0.2_LockdownEdition.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\ = "AssaultCube 1.3.0.2"	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\URL Protocol	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\DefaultIcon\ = "\"C:\\Program Files (x86)\\AssaultCube 1.3.0.2\\bin_win32\\ac_client.exe\""	AssaultCube_v1.3.0.2_LockdownEdition.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open\command\ = "\"cmd.exe\" /C cd \"C:\\Program Files (x86)\\AssaultCube 1.3.0.2\" & \"assaultcube.bat\" \"%1\""	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{2A75E3FB-F0C0-4278-8250-E2C4175BBE8A}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\DefaultIcon	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open\command	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell	AssaultCube_v1.3.0.2_LockdownEdition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\assaultcube\shell\open	AssaultCube_v1.3.0.2_LockdownEdition.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
844	msedge.exe
844	msedge.exe
2340	msedge.exe
2340	msedge.exe
2040	msedge.exe
2040	msedge.exe
4260	msedge.exe
4260	msedge.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe
4688	ac_client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4688	ac_client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1192	firefox.exe
Token: SeDebugPrivilege	1192	firefox.exe
Token: SeDebugPrivilege	1192	firefox.exe
Token: SeDebugPrivilege	1192	firefox.exe
Token: SeDebugPrivilege	1192	firefox.exe
Token: 33	3492	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3492	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
1192	firefox.exe
3484	AssaultCube_v1.3.0.2_LockdownEdition.exe
668	oalinst.exe
3976	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 1124	844	msedge.exe	78
PID 844 wrote to memory of 1124	844	msedge.exe	78
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 1960	844	msedge.exe	79
PID 844 wrote to memory of 4920	844	msedge.exe	80
PID 844 wrote to memory of 4920	844	msedge.exe	80
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81
PID 844 wrote to memory of 1732	844	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sustainability.google/?utm_source=googlehpfooter&utm_medium=housepromos&utm_campaign=bottom-footer&utm_content=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0xdc,0x108,0x100,0x10c,0x7ff9d6823cb8,0x7ff9d6823cc8,0x7ff9d6823cd8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4900 /prefetch:6
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,9501618346223476258,8162398432881749183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4180
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.0.1561645291\1553174703" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17b1edb-52b3-41cf-9544-470eb6d22f7c} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 1880 1cde9210758 gpu
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.1.1993233906\279951817" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f3d18a1-7d72-4d7c-81e5-a3b9ef7c2ee1} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 2404 1cddc589358 socket
    3⤵
    - Checks processor information in registry
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.2.1365543878\222142780" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2596 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da816bc2-836e-49c1-9433-7bd1a651757f} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 2772 1cdebcd8b58 tab
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.3.877826769\1122642235" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {350e0fd2-fa7c-4fb6-8cc8-28d27aaf97bb} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 3572 1cdeeb04a58 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.4.342213381\427065692" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 5076 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57d29b6-022e-4b36-a472-25af98d56335} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5092 1cdf112a758 tab
    3⤵
    PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.5.195423264\1333544971" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81231daf-80e2-418c-a7a0-051b09dfca48} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5228 1cdf116ea58 tab
    3⤵
    PID:1464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.6.1782985171\1346576878" -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d236b31f-ee6e-4c84-b39b-30f5da238585} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5524 1cdf116f658 tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.7.206126104\1001718763" -childID 6 -isForBrowser -prefsHandle 1304 -prefMapHandle 1284 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0187d6e-cde9-49ab-86dc-55356951ab1f} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 3820 1cde8566d58 tab
    3⤵
    PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.8.18904177\1409971794" -childID 7 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 31219 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a661f95-4bd6-406b-904b-1db39fa5ee2e} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5200 1cddc57b858 tab
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.9.1682132762\1952562176" -childID 8 -isForBrowser -prefsHandle 6104 -prefMapHandle 6112 -prefsLen 31219 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a1006b6-c461-4e6a-b654-896fee0b0b19} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 6052 1cdef59d858 tab
    3⤵
    PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4340

C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe
"C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3484
- C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe
  "C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe" -s
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://assault.cubers.net/releasenotes/v1.3/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9d6823cb8,0x7ff9d6823cc8,0x7ff9d6823cd8
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
    3⤵
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4682710610527384334,3585587563907603063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
    3⤵
    PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\AssaultCube 1.3.0.2\assaultcube.bat" "
1⤵
PID:4556
- C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\ac_client.exe
  bin_win32\ac_client.exe "--home=?MYDOCUMENTS?\My Games\AssaultCube\v1.3" --init
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AssaultCube 1.3.0.2\bin_win32\oalinst.exe

Filesize
790KB

MD5
694f54bd227916b89fc3eb1db53f0685

SHA1
21fdc367291bbef14dac27925cae698d3928eead

SHA256
b8f39714d41e009f75efb183c37100f2cbabb71784bbd243be881ac5b42d86fd

SHA512
55bc0de75a7f27f11eb8f4ee8c9934dfe1acd044d8b7b2151c506bdcbead3ab179df7023f699c9139c77541bbc4b1c0657e93c34a6bc4309b665c6cb7636a7e5

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\docs\images\server_error_rate_examples.jpg

Filesize
43KB

MD5
8a762531ce5243139b6c97ea846cb74f

SHA1
c0e3b19ecb8786cb2f7db03723e5ea9faa345b8f

SHA256
730185e326ffb7fe3be4df4e3d7b2cbe4946c3ff3332669a5e94d66b903b0715

SHA512
902874e96ea32b2274c322e04027ff0668fcd5543400e408d061c1e56c533bc8be0f5a6647f6efcc897b4c27c925cd2e12c554e409d44b40b46a8c6eebcf4d29

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\grates\grate_rust.jpg

Filesize
20KB

MD5
8caa8c3e1f832176c6594dc45a44c497

SHA1
43336ddcc541dfc1bae54bd3e1551f95f20b499e

SHA256
d0734b313ba8da1262d058edbf4e0fa44562d674bec6c262d0793bbe82b94eb7

SHA512
6f885e744e50f3a8ce4f1fb859f833c4c0565490bbe8dcff00057055a0e020cd09d5af8ce8e44a359e23dbd84d50e2b2a1050ea12d1e021678fff7690371c924

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\shovels\shovel.jpg

Filesize
32KB

MD5
79a938f3ce76a039662287d7dc6adc7c

SHA1
f4b9750bbf756b18c72b732585d25a66c164e88f

SHA256
4e00527738b7a222721d6f0e2e09fa8b34b5e9b361284fdcb40dec4e6303387e

SHA512
b299d9e209041a4dd25a0b73781efe886732c5e37f6cd38744459718fa122dfc104db02046d2aab2170d31fc6a3c9fecf36d4499d0355b2b47030eec656d425c

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\cleaner\worldmap\worldmap.jpg

Filesize
93KB

MD5
1fbfbf5e9841a13a15cb4fc0743121c7

SHA1
9fc122171e80911f6e0efd0602624787fc33ac8c

SHA256
fe2a5b81bfd5c8bb433d492c8c9b2f08ebd2ae02cebe59c09d8c5adf37f6e88a

SHA512
826be98b844f0e70d2b39a6d5a8d8424c6127563e7cc4af14e246b9affad269a43105d79b434c19dd1541fdee13a4e5355ef48d6444437d20ee6b9488bbe1bb8

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U3_2\U3.md3

Filesize
868B

MD5
1b8072455383ce51a30d92698dd8c1b1

SHA1
24e6a8699621699ef4f83fa8d0d8ecbfa9c69ec5

SHA256
0b82e1e97acf65dfa995163ac07acba398cfae3b562f431f56f37cebfb035ff3

SHA512
cc76fe8183f59fef72eaedc88427aeeae51c681ae7d75b2fd3c2010f327d7482cb23b50cf7bdca4cb4335e87bd59bef19cbd8343b01dbb405b2b689954d62b35

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\mapmodels\toca\servercluster\U6_2\U6.md3

Filesize
868B

MD5
170b0bbd75dec76bb967228343f643bb

SHA1
9407e91f234be1d0264cd58193dced8e9496c238

SHA256
17fdfd1100a7b2d2b0cd8edd03ccb51ba4e30aa14bfa422d5ad7a3905a185a7e

SHA512
cf616da63f00c90e7ba9a6b5a07b923fb125be09a8ca22d76adfe46cf34ff7e6a440743c16d158be1a31bd14161f4a86740e63a8d6bd903edcb2053a74e559c4

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\misc\gib02\md2.cfg

Filesize
33B

MD5
52a59f970d4a05e695d7d3c10ae74f20

SHA1
19938a63ed949c81807adbba3adcb9c46fb3b0e8

SHA256
58f16f9b607aa717d20906e70bbb6861a30fc3e40807a10a2cb0279ae058cb22

SHA512
7887c7c54fc29375f62da835258ade44a258166547d624f71bce3af8967c2fcf159f042df4af68d27c6fd470072e9264a20b7597f49fc6b572a805fb1c085ada

Download Submit
C:\Program Files (x86)\AssaultCube 1.3.0.2\packages\models\pickups\license.txt

Filesize
1KB

MD5
dc40a233726542dfd4cde7f2031b04fa

SHA1
b29bea5c1542bbbff4d220b1bd83c9492265c21b

SHA256
6960a44c84ae6de6a071eeae3977ee8e2f9dde0e5109648dd3c0aa4d078787ac

SHA512
93613f3a4a0a2082fef38bc8fbec6c37db225a38673c2ee274c0099fe42e136078fa5033ff51f1dc4a990a2986cb75f8571de78e57ec8125085cab117590a308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4247a01c473c581508bb9c72f91f421

SHA1
dc18cb1e9439d00e9d2a1469d067115b5c2cb876

SHA256
7c5b167f9778172f7bcabf8237b7b8fd6af57680e61ab048f9422015f688f683

SHA512
695be73cc7a3c80bc65da8248335c0d00fddaade47325aed2bcf94406810a740b1f3c9325dadde3c5cf3124402fc0154e8828118e6ff6b95ed6252505c3e6de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8551c8f8b8d636fad4134b8b00e3cc61

SHA1
d1c85763038ad266af6924bea3faf8e9e661e980

SHA256
8c9450e212a847cef9ff3ea3e6bf3767d5b15ae08052c656994cd701584e38cc

SHA512
61cde442417259955b643a62b7bc4890d0d0c8d006d39704df1d0ad1dbab92394306c7dae98acee7e72a81aa278da7ef2985e3706a002f8f590df76a3cc31934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
7c43d7ba83ace11aa5b4cc4c4b3f856f

SHA1
94fddee7d34fdda6a1530757a035ab825fcf04d2

SHA256
c6d7a4b2246b58f7e3625652f022252b6825d14472c3949e135adfd0ed4a4b6c

SHA512
511fbb7fe487fa3735319364c0cfaf7650321169a3ce281c66b944777121ca7d1e96333e290c9037e031f499160005fc55151e9e44f9bcf6d195a9890f079df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
bc1465b05dd26e7f126b6a7ecc09168d

SHA1
deacb82a4a86bda3e148a7990eb7de130d1eaefe

SHA256
f6bec04971e29aaba0ab52a1daf86b68bcf02050ee17a8bd31ef644a8a503a8c

SHA512
4da07f8bedaabe8f0da6868626604246437342e1f1a5d02483ab8e86b3a33dc61f722e620d9236d2b4f1c30223a49ceb4b3631f95abbaa2958660dcf95a2594b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
ec2c4fdc19be71441ccce515aef18b71

SHA1
393abf46d468f6dee3fdb18489068eefc7ebdf60

SHA256
9beddb0276345ab84fd05db1ed98054bd377d36113b010e940fd9a0e092587b4

SHA512
82ff4db664c45d82e663efcb984d2796a9435c358beaaf20ae56550235d4cb6cef462c960d724c75ceaf5f35ed332a37ed2abac9584007a7be29a9e80f9c7300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
5a078377d3c880e89d8182511475791b

SHA1
3202891cc0922df8d2818460644ad5b23c50d3e8

SHA256
5a487a7590a249897192e472546f410ae24274df8b0846dadb5eb2c3b8981850

SHA512
d8c50fe7819157371c7e411ff684cfb4d43d6db3f5613ce22643b41bbc76585b1707edaebc05a337b95b9798e27fe0979b003b356cf1054c90471ad0ee789b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
35KB

MD5
16d46ea1df45803856df0f09c01395c3

SHA1
e8b1ab575d67b61ae264ac0dd5d34233610525b4

SHA256
d5455a70c62944b6cda35896eea6546a64fe6e4a9309713fff793ad2625748de

SHA512
2201648bb73272b51d138f23478613537e3095a05c57da21e2b5099a95521818adfad359bf7b418953696293dd3ee51e172c21d41edb1d825e5e0e40d3f2a287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
87KB

MD5
29f7b2a79b37e437f6ff8be37f8e99b7

SHA1
8e289752e969fbe7b9d0930dac8b9b7c397fd76a

SHA256
cb38c7c96d27aca60ef2be32c7662a747324c4faa99ed85f794aac1280669fa1

SHA512
b89c9ccd3b821b87e46b0a08ddd4590da4f617d4de9d5ed21c6e12003d9b704027b7ef64b3d07031bd42577fe4ba5614302dfb1674734ef43b46f186209d7706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
13e41468d0b62e7101ea10f46e8e6110

SHA1
f46298d6781568c619dc422db293870f41949a7b

SHA256
59535fe6f2422c92186123171da06b65f7f2617ab4cfb644125caf9ec31184d1

SHA512
37fcd9f80a3eb50f4fb013b2043d5d0376cd6049a4d16290058aee625bbb62c9e6541c5fe8c50a3e4e31826f698e3228db3b0122ff1a485d7d00fbc1a95f4c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b6d3d89946abdfcd9ba439973bc3bd1a

SHA1
5082ca7030339a71a1e2f1fcd844f75ab5315ced

SHA256
b987c14fb96c85b72f69500f96b1386257fe6ef6227aced963236b3c0b032a30

SHA512
10720c3c155ee7d8348f5c01d60cdecb1fbee0573b42cb892d0135f4bd8bc6103d748e03d43b5446249997b18ccb1ad4523ae482b6bf790709d4c8ad4b28288e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
7f0652b339c476351c9cace867f8ce10

SHA1
11ea21c66ac737d42a66a0bcac9bfd27f32e13da

SHA256
9d9b2936a35f482983bfaa0d28f6eeb804ee78ae7c820ae921a4e97d095bb9eb

SHA512
5b0c0a5b3e78b2059ea8ea029ebabe6b3eb637aeb229a84adc4b90d836f018ba1793b9b384e89a803f30291df8dd7ae5fec81b5b191f82653f27121746a36e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
5127e258ebdfe481189d4f2d315f066b

SHA1
0120a54b9b4caf064fc746877283df603b6e971b

SHA256
65943be8b994811883564e1c79e505769812f506b0df30629cc0c094aa82e69f

SHA512
e47691865a5f5904460bfe173db9d29bcd89bfca0507161040ff4739e7a5a1746165ea5d740a38b97319e270cdb7b72a4da5f0e1b7e2b2ad1983303ac141f765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
97d799a6885fcc4a168878647b705a7c

SHA1
8b57d0e612282f93a8c0da3de09d7766e87e3665

SHA256
fb094ee9a00d70f0b82f87f53584a05ff83105064dc39e3534983412b63e5031

SHA512
fe544cb472610780b376cb4fa5964b59767a588aa49914e6a5802cda27bff81abc0e88a8aa1e44eb6b0cbdba3c793be743c877c5a9b5eef23e8359cd92145266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
f8f0e647295d8f9b78071962a41f1224

SHA1
75ce86ea5dc507ba0864ee82e83f57b496a6d214

SHA256
8e1dcec7fce1a2727d424dfcb092823e59158fe726f7c9f65a34fe4df3c75a74

SHA512
0ab4c4b55c3e1af2bc13566e800377337af47ebc58ac538c67fdf405fdff60243c64b3c2d0ad4abc0d9a1fdd1109b8f4ae5ca0ac6ee4d92e699eac85c6b2904f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
610c7a4ed31dcbbbcc494f51c65ae770

SHA1
0af18179578923763de014bdc31a7a40d376d570

SHA256
ec167846a241aeee7a99b3dea8a6611f1a2e1631963871aa16340822c7af8fef

SHA512
ba3a506df03d9305b859b45e201c0d9430607f62af42a8ee2a2a8cfa6c160a32b518d0fee266744de6d9dae817914341b1b765a161dd6a14c6d667a9144366df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1913a4b43401df8e5c42b6d182e93964

SHA1
53d4da1ac719589f924391049e3e7264aa033393

SHA256
fe29fd898f9d9de8ab276cda0278876b5a83ba34b48633781d9cc25c16f033d8

SHA512
522ba0a9524dd0bad1d80f19b5e537df7df1da80b4019bfffffa3e695cac2bc6a7eb06b6491b74033c53ec56d8f036a55ba1dbdc72249798eb2b993824bc76e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
9d3956f2f90f25e5db0efa4b3e5081e2

SHA1
953592870ef934ebf298d860bb5a1eed38c9dbd5

SHA256
5bcb31c55cf7afe41511a155211d0502007683dc706f016ae6ead6fc20a20693

SHA512
7c4ccf96444bbfb4fb9e6f9a79d93a05b197c86237b459fb0740a4597eedba23de6f945014e30fb3b9405a84c0b41cd25a92d6207f68a0f0a0cd3a797953a2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
71c1e0855e4ec39335bbbbbc23dcf75b

SHA1
704c7b01fcd7058623444cc490ee318d0ecd4712

SHA256
6bf4f7e85517a4b10c2a5c96a1593bdb9f195eed5427ac3296c6111601104f3b

SHA512
6aefc5f09f5975da8ead4937cc43cdcd081bda8b6b1372de4b7110559eef8139cab4f4bc8b4857f3898e615ea3db0e7c2830539f65f5bb40f3be57699c6fb9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
689b304cb30286ad518249f8bfbd4cce

SHA1
fff87d195d06da4f32c5b8930dbd4bc0916a5083

SHA256
1717d12898ccf4fbdf53a6bfc8a3c312c940e8322de8ab26d7b0a59e48e5ff1f

SHA512
b3bbe9dbf97b78f5461fb0eacba270b4b94934e750142c06ec5d9db749bdb1e89b9ec11713cc4d7963a62ea6b32e5114a03f4cfc716a8856d1d1d2677e031d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
27c1c6acdbba74b2bb165c5c44e8bf95

SHA1
9e71c30db5c4e398b286e3e693745ffd2dbc6b54

SHA256
71bd273f3093c084e84aa2530110a77254a4aced045c88efb1517e9ebb30aaf3

SHA512
9d6edfeb689d46efcbadba065f2d726dc884008504f177d11300c0afac159f91e01cac7b24dcecd51e51b761ff0dd2b88876f039aa2375e2235d6b418609a2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0aa7cfb2dd665125d3d826c99ebf1587

SHA1
0501802613c38ddf5d175b28f658a5832d10a9c8

SHA256
a8d5b82abe444a0ce926be4187820911e17f4f82c22f538ac213e3b090bb3874

SHA512
fc0e274d596269480a8b2c7464389e5aac995a996aae4e28499ac825bce3bea55757cc15359eee34db7ecd95acbc7dbfa29f55c19bb707739a6ab61c5ba0218d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
254c8a6512fe9243ee0d1d439d697843

SHA1
a7f4746bded80dc6b07d7d46cf8e1c46e687ef09

SHA256
f6c5b5a832560297559598a5aea88a5b41a615958661b021639e1352b161433a

SHA512
cc69f9f8e1218220b23df2bad0545233d22400a71bbd5a84fe734154ff412d06779aad01ee52f1aea7948cb3f2f1ff54c49b2da3be08270ceab8f74d988ebdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d372a8f60c24589ebbbaef9131207572

SHA1
debe3f73d09863bf4a5ff4a8a0251a0b69216898

SHA256
b7517919d63a3980669f08321668ede63aeafd683d0a6755fb71e661f253e92b

SHA512
a90038f52f45c91fd820adc3526c5dccb396a68a15b9d5531c30b663b9c60fa22ad18897f3c055148b2d9c9c6b9b57229cf28f85b49c238dd243ccd008a12829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f23fa084cd128e85697d4daa5708a31

SHA1
9dcd91d414a95fa5a0ac258e782de4fb88f99aa9

SHA256
39b414256280278164bb330cdec2b5b27c4d038381b5d6004da4375c2f4e6da2

SHA512
d8ca5ce763e3d552ced01f8e2f16084d685b444030b3e2fba6a64526954a3c48c42140ae2252062937e9eb5851e5794a521493b09fce05ed10fdb87cad613158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eeedc0414e6e4d94d954b46ecfd70d15

SHA1
337dee2947008340820eb39ae1dfc95af68c0e10

SHA256
f1e14cefadbab3dbd3643b7b9f4dae2d25cf54d23da86cf817af5fa73b8be3f6

SHA512
7f22c1556a8eca21d4645769b41bdeb0fa3f4a382a1c5646d2c389747280992140988eaebf03dd6c80604d5076e851eedc7d4fff5fa5702d853147fee11cf455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94fada4ae34ed8ebeb5ac19189bb6fe2

SHA1
23520d45641b15f9618a2fca213ebd746c19768d

SHA256
26f716bde9d896dca9c5fa974f0abd7020921a0478dfafcd359eeecba64547eb

SHA512
9607c8696891b8cf00ff84f45e1753621249e2f7f0a42b3690c23a859742aaa1a6ce3dc5fda76a7d9fa09c71944d18451676fdfab67b93204007c6a7519be6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a83703ca5b5d323c9dd27c13bfd7df60

SHA1
2428ffe034a761075d8ea3210c918819dc3a2b84

SHA256
a51007a12a0b524b4a3f579059e7f35acf1af9f647ab4d40b4640e16d79e5820

SHA512
9e9e01dc0bdeaaa1689d70c602b4c169844abd38063c3e9bf3d024e0b412a28e0fefbd7f73966b2cbbf2b4c76692b78e1c0d03e75daa7869a7fe3d89b3c09178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
e862807fbbc6e52b3e8f3ad63c475e4b

SHA1
f62a78511737d38a518d0b89c3c6e12ef42d2e2d

SHA256
a2a08566a21dd1ab6db659c44246280b9726ddc0c7947ce04b46d55a03c0a22f

SHA512
b5fa515c3a281781d560d21d4d708a2aa029d8484f635e62290dec183d78aa36cd83842486df5900dba19ca44e189989d56679f5ed07c18efb1824922877f14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
dcafe1f00ff6ce92df8a657825fc4154

SHA1
3bc6ab54529092937523e45be8162b341849d745

SHA256
29f0c27aa00898980c2a05a1467a79b46c2d9334e880f40c8c379b90a90a538a

SHA512
be2049976b15765e91721ceb6e0b0b20c0ad6b91958ea84478bf61a5162889e1e197f5b00f2d8a9cc15787fb9b5507832f6fd300f4d29ccb670d9d56bf683194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ce8960c639acefba9e7f598b0d0f263a

SHA1
e9735a1a14bc09a5d3e4d6a48998dfbf3e1b618a

SHA256
0bc4a6a2eadeadac4772d4aec5aac14335714176b628fcc16479b868e7c2a2a5

SHA512
8fb55413ee8ada868d5f217cb11bc0d1c63fb51a0ef9f8b48deff96935c0b19e9ad39ff3c2330f17c03b29529402b22080a4bb091289e4cf0b21f5467e145120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13362677647050498

Filesize
6KB

MD5
250f53731578fe70d350fc280e659fef

SHA1
49d28b76b98d5db01fefbe742d1cd92ad98a6c62

SHA256
a4e22dc2e06699f380bba4b07366996476be9e848e2b727b51d7a9e8dac63e8d

SHA512
e500d3ab542b8d3a597dfa6f57199b85690a2b5efc18c65e1f67179473509aff86ee2c27c65dca5d6de99d9ce8a36986ca81a75dabd0e4bab67930afd1ceeca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362677647223498

Filesize
6KB

MD5
2365c1b2bb35169769798fecc2e24f4f

SHA1
956a73418ad02ddf7f2568f44fce75375b47a26e

SHA256
965fe0b5f3a1066f663aba0e46b320dd7970c43aaf4fd5b097127da261d048a5

SHA512
cfed32e3ee1f1e9b7f85756bf016096de84bff341832110bcc9490db5ea5df8d0f90df84339fd65aae6fffabf70c9963e73872646a3246e2f78d4b458c333912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
04a2ebde2e9e70f91f380e140d3c11de

SHA1
7221a1558248374e7431cc09ea5addc75791851e

SHA256
29860da8faed51cd483d6004459cd0623ea930b342d536e3fd377d109c1e986f

SHA512
152c544810dd595bc52e677ec7b4c299bdfa166c332b4ff8b78996fa736de938f77feb53991b8da36e967d9f5d525b9467971e2bc374393bba04e714e219725d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f9c2ca45171fba04ec30abd362209353

SHA1
f23aac2135d4613762f5a2817d28d74339e46313

SHA256
dbd7620658470fbfc784b4215de9afd1d37bb38b9d76415ccd1b8f9a49a6f582

SHA512
ac998099db108db7db306650db24122a9c6b39a20ec59052cac09b38c48e50dfd5969433ce3fa16edf60378032078efc7f24e07faed9638cea3e027a04036905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
59bd8f35f41f782dd3587fa5ec4c431a

SHA1
90cda953574078be5e0979bed002a54282672dd1

SHA256
e52b33ad905c2cbb95a03759cab6b4cc1db7d0bc89bc6dc054097e19e8ad6642

SHA512
887e31fe8c4a69405a5262f61a71ef5d8ab8e64d91fcd8d3263fdec955d59544411f4ee069704d1ca27cf861b3f5f3ba7b63c0e0752319adebf08cbfdecec2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
c99e28ea661cdc58976cc41685576728

SHA1
29f75771784fd470258410ac90f04424da3841ba

SHA256
058a731b893325e83b731e65b009f73ae9eddf32951682a3715b8745fc56a010

SHA512
e044e9691ef02df0839d3c35aa28e2e028b56070bc8a79cc0783d5867283610e5af90da563687f8a09a95e5774acb60d5cea6ba2342344fb638584acdd9ac0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
8d5b6443a0bf426aa48899ef3884c0b9

SHA1
6cd69679e80b437e1186d62d9177a121127f9566

SHA256
82c82f2c47f56ccfe12d68360501c69205e1331bab0a8d24b551dcaa5b70ca0d

SHA512
a9f6897a5f2daa1ae30de4816292aca56b538c9bf020c7cc15eea72df0ed5f080701f227dbb90f1664115b1d2b986805d74cf83aa7634b5a60442f5cc10e2b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cd98b03823db46c16ccc107ae68aa86e

SHA1
842ff1c9883ccb65e4576127068d38fe9f6eeaf7

SHA256
adb8d2683fbf2f510a0fdeb6ff46961d50752b5c9087af7c5384f7e7cbbb48a8

SHA512
c19bae312ab33afbfa4b8dfdd8c7f2ac70b67e9ff3b6e959025e90f3ff729d519fb964fba4d5efa92581db5663cb910aef0c35176273a97b14a660d403b5a935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
977KB

MD5
7daa2057ffec9438aa2acd6d82265ed1

SHA1
5b79e0cf6ac26cd73be5a991e4fc3a1eb4612587

SHA256
f6ed6b952900e80e9dd44d375cb6c2b92d01d05e99edcde4839a9835f413f6ac

SHA512
5a074a76e96ec12be2e5c8617257973fdb398c28c50853c3a731011fffd310350c99c970d930763c97f6cbc26eb4b1a339d9c116b6f81b22b281d92f3ab60b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d8b52e34a38a425fdfa8d759ddea0b12

SHA1
77dbab3618e641d343ebd9218692a74a1a37531e

SHA256
38c62e82d3c113831d0355b14b5a0f795bef3fcced0ed946eeb0a0d4dde60c66

SHA512
f298c228ca40ec80d28266650e6adde368e415819709fc44a2bd9b56364029e5d954f0455a99b4574cdf4c0501db8be36ddd09cb4e20a54fa570229e9bcda66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
ccb671a16c98b3b166a2b9eac10b30f8

SHA1
a888cd976ec07fa31ac028bf81272f16f7846411

SHA256
32ada2fe18d53731572d1a93674a40ab42df4705120b77db8f6773aca879167d

SHA512
31c7752179cc0ea895b085d78676a8a3566aa94078ea054a19473dd583fc2f34bf9ad5aa7e2a6bcba4afc7830a15cc69abec9f9c211eb411aecc6c3304bbad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
4f64295a9636a5575bb8eba86782d266

SHA1
f48e58599b2f1f1bc466389f23ffa1cfc735eb41

SHA256
25d748f990c47fbd8d5daf94746f2b5312aec8d2629153917f52aa3f26e64fa4

SHA512
3fdef576ee1a3e1aae6e23b988382c105a37b14482a13bef41238a0eb587fb6317f62f6778e02f190306599fb81c9927d80930d1fa6e4a0a3910e9e99ac3b92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
2a6146990726b17be859ccd5bb318008

SHA1
6cb06a09518898d89211202b36c1871f3630fbe6

SHA256
8cd52d09ad61dd49416d5e2c6b33eae2b67ea6f0b78f4af6cf22b5cf365a546f

SHA512
bddf01cea0d5b19a5ddd753a1059dbe39245e7aff5aa9c2a4170153b8a36c32ee23a81eb6507a3afd6402bad0c1a7080ef93c7842da28a2c76893d223aef61c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
627f32a11ae2fa1779850a155a11446a

SHA1
4b5cf68c8ec3bdfdfd6463824fe3468004e028b8

SHA256
65c632e0b1bec7d79f95ac0ee35283ce03a484b779079303dae30b6e9e8606fd

SHA512
f7f7291e0399f05c922dc63d71921e74062db275715b1a273994a7afb1087665b76fe9cdeab398c13a7b52da30e7b814009f1aec0c2647597bde3cb59cf5d8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fc097f4e955f693b8a666bb43fab1482

SHA1
f21c189c8da94318c5b8d27e30fa71a6c5867801

SHA256
bb170ed2ceab4734db40b092bd5b4d18f8f07ba2ab0b527779e2debc2d0a7ff0

SHA512
060d2425c7114b48a47a73cd3039f1f61d1ecabef8241b2ce7080130105610a143ff44051dae0cd6b19319fd97092c1add8c1ff45d191f74acc79def62448b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb414b89b003c7334dfafa1746a7abdb

SHA1
446ee7afe5745ac9da25715575250c9234aa21a2

SHA256
a0fc1d72a33566ee184335e8b0e69a92cf1e4be8f73b6eee3e4edb115a899c88

SHA512
0e6f5a6b5c07cc1f3eebcdceb12bc941f7a7b89b6667bd16aa9587520316df627c9488d67e86efbf00c8da94e2b1fa2fac194993f743b038e0a6ab60c8315c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d2334dd0c260074084ab9c5839789a8

SHA1
7151b7373947e3a5d20ecc0ff655e64e8c849c00

SHA256
c3748c029cb7f067c19189d35a15da6fdb90ecbc717e9ebaa70a9d0b7011d9ea

SHA512
f565846cdc04cf6ba7fb55f4e4b8a613232874f87b4f1b9f7ea3178718d8a3a57421400e1388fbec8f96b5f27fa7e374570b7f91cd5fb6cfd718a74ce2aa97a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
babb8b0987cc962571df7165c97388cd

SHA1
7422ed4efb0029c955fa41f1fbd1238c36df5be5

SHA256
df39683b7de7b115e858ad377de475df8b38d1ad739722809edf3e4a3477ba17

SHA512
1d0bed2fe695e7409b68b3da01ae181d827b8c7e3af82ea1b6a88648479bb6f075a023e44c5a6b2701bd12b5b8fe55679fcff4307f1bc6a5f327f74db7dfbfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4a5d3681fe2024a2c786a9105f790a9d

SHA1
0e5ee02776c2be6f49d978ba8515ab5ca44120d2

SHA256
78afa98315230264039ccef2a9c83ee0d963128a8f4e11d1f86d5ee1ab7ba1d7

SHA512
a7ed77397181e1300b762221ecaa63f29be49f2413c3749f9453dee4bd1e0a6f2d7bdca48770af6339fc49b2ffec2bb7b574180e4d4d745331018ddcdea9f552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
41563a94efd4f412673d8a0dc764860f

SHA1
3bd55300d9bb082153323de9aaef44be54efe57b

SHA256
fb702c5522372edf1dfd0b8dc3dd4ae73c5fe12d7279caaea0f82f30df839ec0

SHA512
5dedff2127ad59f4d9bae67d29f47236a227ea10cab0f8e1498cc9d6e6ca63d0652515352a21fcfe4face1eb3c3af1dd0084933263dc479cc6766c09ff4b3059

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
9a5e9e480154901596d20580fb2c24a3

SHA1
109a08d5ff2b499f9154b831dfa6776a75e74783

SHA256
675312900bbf27641044fe1f8094700d2bd4deffd5f32902a120f32fe2456d55

SHA512
2e1ef877728e784e381c0d6f1d60506c9228d378c03d8c71025b78fd5a0ab77413db76698fe6ca4f66677a3efe41bcb99a3df6e91ddac605c226b00a1647aac5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
a0b7935d5526df52fe456afde664891d

SHA1
faadba0789970f7d3f6916779a149d4f61a27c5e

SHA256
950b59a47d16e86ec142a71167fbc86426c81b078c13a4cc51b115e36785feeb

SHA512
4ac4f02aab9a6f21aff02f30341f76130f7a076e9920a8c515b60ae288c40b37f4399bdcfe2e2544040574a4e43387b5f942a7a55bec9cd35ad40a33f1c0c6a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\doomed\25903

Filesize
9KB

MD5
afe44bbd5c8579f24a37a87c756abda6

SHA1
738dbfaa367fe70884c623165673f294a4790807

SHA256
0c47386c7f08caf91b873ecbc7f252c6984bb9b5faf0225ee1a9af892bc6e9a5

SHA512
e6cc5af75d380bf20db7ffaea7a08448e40d7ee60efd13ce4e32e542e0465c324aeaa28c8b3e50bfa5508ada825c88a037960100fbeb679541d974491fe0af36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

Filesize
13KB

MD5
787b770d06273a62d8170b90a5d28a79

SHA1
edec942bf549fc3f1539b028cd56510bc8e9b4d1

SHA256
15d895f00e23b114d0ee2e2e9efd58c322c9f38f692973d99c5810592c6da9b5

SHA512
7fde959fa87bedfee5598059ed3de2655c86ab594f35b482001a5f91b90bb92ef76712ef0538e66ec7ab583fb54b33611eb5799ab5314d33d1f7f67055391736

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\5A4F0D9B966801AEE5C559CF91EC456B82B6CD9C

Filesize
165KB

MD5
693e93d1e8606c1ef1de3dd149f87edc

SHA1
06ac38ba2de5a8f8f2f7f7c2f083c9884abb52dd

SHA256
d2471b63c35889d974aec4cc25903d4e40174911d79b628554d5b3750e38eb8b

SHA512
ac3246d4836ea00f5ad6df9530f32b2c5f02ed55d6d57d5b2dcadbd90a079195d75dd28d36f37a0479e156e96e730e241fd24fccd1b6b8248e9601c2ca87a6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr69E9.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr69E9.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr69E9.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js

Filesize
7KB

MD5
876e9e24b8be152a50704bed0ba06045

SHA1
61d6f9561aab05fa52d3b74c98c271d5fce5a8c4

SHA256
7ce32c73615d9176ca918b72f8dd1b084b5ef0a1b36f0af2330edaee4e47db87

SHA512
fe260d63e463860b920e1863491a36aac892c011cfb5bd7f3ae00af467020b45e5752107f0d616abd2d7c90dacd7b63aeecc6f35fb90c3e602b718e19e264973

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js

Filesize
6KB

MD5
e0129db4db54c45809a7704e72e88ed7

SHA1
fc863db99745a12a797919aa58d893647c46fd98

SHA256
d4ec960760d3a8a0705754c47297ea5290e94ce95988f652bc2f99b1eb84800e

SHA512
37f2ac53a817873094b0df11c23fbcda7731a1d786f79b1ab9249d44ec20f309682998e9661365d778aafe8fca45f38d52319eb1f1d1dc740378f42225b081dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js

Filesize
7KB

MD5
0aded80061eefa077e4ee914d231b0e6

SHA1
05372a10446e6f4aad4ac173557d79d171580f4e

SHA256
0e65e3b8e79e48f2797967cbbc7b7d4fea8562de039337dfa0d50054edd52b03

SHA512
21d091e5d433bb69bfde57860265eea3923196cdceb8ba071a17a38e5e372b4c7e5e89551ed0d4374606d7f781f7bbae83bed02d102b532a5f0d3fdd6f6ae3b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js

Filesize
10KB

MD5
174fd2c2f7a6a95beccbbf527c4b5f34

SHA1
3cfa255402fd2aba125758c8371b9c0e8f6a9681

SHA256
7b68b908b80e44dad9110e761997efe166cc7e99004139300eaac678914207c8

SHA512
47984cfc79366cdc24fd274a5dd3e4846236dbf067b28bddd75008824f4eafce7af95a3730ce04d2b63f963e413d96cc9902bd0975204b85702f02f649733d3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
99cd5373b4fe5bb1b430c33422b4a114

SHA1
ebb4c4b6fd0cbc99a901aa86222de53d5c27486e

SHA256
2646d751e00652f72518663f9bd91a79afb36812f8ee6bc2b6f182b30b5a2e81

SHA512
c65e48d7b676783ec94580bac78b287821dfa00dae04848f85365afacf5c2a31dc9d38d5d85e45be17d0528cbfe15226e471e35972232315dd63cede555123d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
809a5b3481a954272630524f6b00a3fb

SHA1
908483a63dca3828306566dec1cb42df80dc453d

SHA256
d5cc5a34c536824a4aed367fdd086c06b46310be2ff2d0f12d7769831edae725

SHA512
a8fd48ac5a32c845d7351b2f0404d3b2fc2d3ed4b5819bfd2834be8354a8aa7c0618fde92aa80ba8b79f3d0a7437006f2aa95417b3ec5470f591f47ed047b6c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
83KB

MD5
27f59460859b6ec0c0a0476bee192f57

SHA1
4b3b3b66da1a0b1f7c3c6e9e3b2db6ce07b14413

SHA256
dd7a44ca043b07c5676c7fab9e4186b25e7e49eb61ec647dd2bc2a39ec5e4a8d

SHA512
894d2e672934b124a18eec503cd59c3ece0c076cf9a723bd481e8b6e7edaf968939bf748b3d8881265099ed244fdf4a43e1f3db1f02c6773b34f2c995c83b6e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b796b82abb276d99ad660405acfee592

SHA1
86bb5365cd837ba7a019ee0acfbe628f77f07794

SHA256
ef6dca1988b6946ddcd95eb6f445ffcfe13bc6e32ac404a43a63b1f39238ed9c

SHA512
03e00514bf0f73a049e7eb67eaf955724d99f13b73ea6044701b41614e1eaf4c01b3e54cd960403c72e0f779280a6e338c0192af133fe804e4e9692c9d5d0286

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
68c2876de84db9ce46dfa4c40af0da5b

SHA1
14a1c4795c2b8abe783b7df5d1f71a49475e7a2a

SHA256
47d9547b71e19713ab15407a326b21d77904590e0cec3a1c1623a47fc4a13a8a

SHA512
87d572ca28002eab9f7e0540d0de04369a8491f5a93a3389b3df798f26a4e68b0fb102d278110d54655de0835a895a4dda156404f6fedc9d7f565790f29fa449

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9c8e16d8f98b7e4ec29299dbab71bf19

SHA1
4b4552c71eab8f4df36f0d4364a41a0d6ed0a10c

SHA256
ee8928d556bc8476bd8065ade572115e8fd165dcbf4f95978b02d171f85bae5c

SHA512
1586c7f5b3f27992c733e97204ebf601073286a1cf85abe0df6a47578d2f506e563a6d3a53ec307f2b825b5f5bf5c18f603dfc37407ef4c51a0ac51a1f49ab29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore.jsonlz4

Filesize
83KB

MD5
db48dc0169cab14e4910cb6acdc0713c

SHA1
c63b3e28f1f77971b99292e7ec08463244570257

SHA256
9a2bd9b32a29b76f74cb7a8ca297d76368f8743313ae40611297bacce2be6dee

SHA512
88dc46f8be846773d9326f8c65d932dd7320c0941a7f3ee5accf7dbab893c2934d9ae4d29ac299ef262ffe53627ee36528bab1c6ae87dc10af42f4968ea01f51

Download Submit
C:\Users\Admin\Downloads\AssaultCube_v1.3.0.2_LockdownEdition.exe

Filesize
46.0MB

MD5
91aeb7d436f737f7cb60439daa9f3ea2

SHA1
120d0b9f53b0461fce65bcc437648b3e63830ef0

SHA256
77eff4497232562eeb1862f97d484777202e8ac42c411093a821234045ee61a5

SHA512
31c57e08e3ccb7aea1564cc993f4137f5d34e7c958afbb2ddc2b901e50f60d62bb5ecd1ebfc7eec35f1d558da3643fb59774c80b3489b1e53539be3d6948e8e5

Download Submit
C:\Users\Admin\Downloads\AssaultCube_v1.hLLym9CZ.3.0.2_LockdownEdition.exe.part

Filesize
17KB

MD5
eaa0968ca487cb8c03850c23df00d1db

SHA1
c2216f4d0c83059c2f288d814c87cf4d329fe04b

SHA256
a89a17a098c74ce4ad760cea51406b71b6b7015c42fbbd33e45167554a0afe8d

SHA512
28b9ff47f6841e43b6a600e5586a2185285b30464aeccfb08c5aa1b9d6e85735241b4fb0a7aca403c701968e77d042c8356a968a7991cf386b6a5232e85cd6eb

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/4688-7002-0x0000000000840000-0x0000000000859000-memory.dmp

Filesize
100KB

Download
memory/4688-7015-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7009-0x0000000004B60000-0x0000000004FB8000-memory.dmp

Filesize
4.3MB

Download
memory/4688-7014-0x0000000063080000-0x00000000630A1000-memory.dmp

Filesize
132KB

Download
memory/4688-7018-0x0000000069A00000-0x0000000069A3E000-memory.dmp

Filesize
248KB

Download
memory/4688-7017-0x0000000068D40000-0x0000000068D77000-memory.dmp

Filesize
220KB

Download
memory/4688-7016-0x000000006AA80000-0x000000006AAA4000-memory.dmp

Filesize
144KB

Download
memory/4688-7003-0x00000000006D0000-0x00000000006E0000-memory.dmp

Filesize
64KB

Download
memory/4688-7025-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7030-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7005-0x0000000000BC0000-0x0000000000CF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7049-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7054-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7059-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4688-7064-0x0000000074DC0000-0x0000000074EF3000-memory.dmp

Filesize
1.2MB

Download