hxxps://drive[.]google[.]com/file/d/1tI4M9mOJ3kC09nR_MasywITIEEP2n037/view?usp=sharing

Analysis

max time kernel
525s
max time network
527s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
17-07-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tI4M9mOJ3kC09nR_MasywITIEEP2n037/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1420	Setup soothe2 v1.1.2.exe
2376	Setup soothe2 v1.1.2.tmp

Loads dropped DLL 5 IoCs

pid	Process
2376	Setup soothe2 v1.1.2.tmp
2376	Setup soothe2 v1.1.2.tmp
2376	Setup soothe2 v1.1.2.tmp
2376	Setup soothe2 v1.1.2.tmp
2376	Setup soothe2 v1.1.2.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\T:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\V:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\Z:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\G:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\J:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\N:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\Q:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\R:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\U:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\Y:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\A:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\E:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\L:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\O:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\I:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\K:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\M:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\W:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\X:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\B:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\H:	Setup soothe2 v1.1.2.tmp
File opened (read-only)	\??\P:	Setup soothe2 v1.1.2.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com
17	drive.google.com

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\VST3\oeksound\is-5QDCO.tmp	Setup soothe2 v1.1.2.tmp
File opened for modification	C:\Program Files\VSTPlugins\oeksound\soothe2_x64.dll	Setup soothe2 v1.1.2.tmp
File created	C:\Program Files\VSTPlugins\oeksound\is-4NOKG.tmp	Setup soothe2 v1.1.2.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\1\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1 = 8c00310000000000f158c8a5110050524f4752417e310000740009000400efbec5525961f158cfa52e0000003f0000000000010000000000000000004a00000000000192b100500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
3144	msedge.exe
3144	msedge.exe
4704	identity_helper.exe
4704	identity_helper.exe
1832	msedge.exe
1832	msedge.exe
1076	msedge.exe
1076	msedge.exe
1236	msedge.exe
1236	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
2376	Setup soothe2 v1.1.2.tmp
2376	Setup soothe2 v1.1.2.tmp
4172	msedge.exe
4172	msedge.exe
2760	msedge.exe
2760	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2376	Setup soothe2 v1.1.2.tmp
4172	msedge.exe
2760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4264	7zG.exe
Token: 35	4264	7zG.exe
Token: SeSecurityPrivilege	4264	7zG.exe
Token: SeSecurityPrivilege	4264	7zG.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
4264	7zG.exe
2376	Setup soothe2 v1.1.2.tmp

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2376	Setup soothe2 v1.1.2.tmp
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
3132	MiniSearchHost.exe
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 4792	3144	msedge.exe	81
PID 3144 wrote to memory of 4792	3144	msedge.exe	81
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 440	3144	msedge.exe	83
PID 3144 wrote to memory of 4684	3144	msedge.exe	84
PID 3144 wrote to memory of 4684	3144	msedge.exe	84
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85
PID 3144 wrote to memory of 408	3144	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1tI4M9mOJ3kC09nR_MasywITIEEP2n037/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8e8f3cb8,0x7fff8e8f3cc8,0x7fff8e8f3cd8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16853769208277720372,12048357491423734694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4384

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R\" -spe -an -ai#7zMap32185:116:7zEvent31939
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4264

C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R\Setup soothe2 v1.1.2.exe
"C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R\Setup soothe2 v1.1.2.exe"
1⤵
- Executes dropped EXE
PID:1420
- C:\Users\Admin\AppData\Local\Temp\is-QD7LA.tmp\Setup soothe2 v1.1.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QD7LA.tmp\Setup soothe2 v1.1.2.tmp" /SL5="$302C8,30179246,121344,C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R\Setup soothe2 v1.1.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2376

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\VST3\oeksound\soothe2_x64.vst3

Filesize
39.1MB

MD5
1bd43a0821326e6d5391fb16c9cc8f97

SHA1
e0a1360ecc6aa3638104b598727e46740ab8e21a

SHA256
573a86b83c112179dd6a2f2f1cc4a312c3f14c73b8ed1b8936c9b17b9581466c

SHA512
cbac847560b49bd4d913e0416b80d921e7c928701557fbf8261271f0da52bcef93f65b353cb7d5591791643fbe16dc34e0d5da65d9135e6e80e7338f0970b847

Download Submit
C:\Program Files\VSTPlugins\oeksound\soothe2_x64.dll

Filesize
39.0MB

MD5
78ddc1c38ea683c68cb23c573a1fe823

SHA1
299228782c54f9d371167f3e0f2c8b8a2a5bf4e8

SHA256
b87d41a5f7fbfd1b46a8ae90127326ef155ad64e4281e92f852ca8aeef2c702e

SHA512
9a513138f81fef2abac9e4a17136247425b97284519334699ab7e98fe36448e180a9767dd6528f9f2dde56b0cc65dae59ababaebbecce96b482a7fbec4b7cdb2

Download Submit
C:\ProgramData\oeksound\soothe2\Presets\Flat start.preset

Filesize
2KB

MD5
6b4b641977d5d64e5cf205c7e0c75f78

SHA1
8673380681fdd29c07ed86908b493aea35c3f3fa

SHA256
5855c642ce8c0794d412c3f5e6eb5030db15390c142ff668559579fe30eae256

SHA512
d5753e4e845e6e37c7075ecece22c136be97cc6059dba1ffce434d2211423324667a6a5fe6c7a6ce847ee87a5d82cafe3f62924433f77b208076d95d2d626581

Download Submit
C:\ProgramData\oeksound\soothe2\Presets\Vocals\Clean Up a Little Vocal Harshness.preset

Filesize
2KB

MD5
94a79f033fe29970ec7964990574de7a

SHA1
b45c880e995cb12314232818034993d03f99cf98

SHA256
6186ce98187987e65d7b25456ac3119e4907d94a3720fba4dba7496f34b7af29

SHA512
f9d6696596326a9b2a2f6282173158482365583ee210d5b03c6b8959c9424dc619f22015e1503e29df1029e46f196dedd904b81880be371955074c506d42daac

Download Submit
C:\ProgramData\oeksound\soothe2\Presets\Vocals\De-ess and that's that.preset

Filesize
2KB

MD5
201e80ec95394668b588999b97f3b06d

SHA1
da6e9457f2a609dd3c1e5b4fa161ec4b4f086234

SHA256
8b148c1c1c0f1300865118bfa2aa88ea40dbf3538e8d6873154209b6f895f794

SHA512
fba2a01e9a7f02a6c9154c824b5b273a710c68784378302b54b5f926e0ecee0a0f4dc8ac1b6471fcdb46b24fd95c9e9d7b301cf5dd00ffec26277e18f2dacc0e

Download Submit
C:\ProgramData\oeksound\soothe2\Presets\Vocals\De-honk.preset

Filesize
3KB

MD5
f5254aa2436a7a4bc15f0b513a8e3b13

SHA1
ab4f7ef812f28d210c1b72a7a0934ee7cc072d7c

SHA256
f65afb2a4141ed00481c4b0cadf4822793e9bddca6c3c6a80782242e1b85bc82

SHA512
bb455d92439915c41f6dcfe89863a1f03c5d31381093b3d9a6f199074c6bedf72b5eeb87a3d0d26282a7714a3f7ae660c1558ca77a0c2118179d42542c04468a

Download Submit
C:\ProgramData\oeksound\soothe2\Presets\Vocals\bluesy vocals.preset

Filesize
2KB

MD5
d2af5058742d26378be41d0b9633ed61

SHA1
1a6b8f770bcd39aa30716bde304612235e023a60

SHA256
86103cbc30cbf164d7603e9ee5a9695fd4d3b65874af453595669dedaad5b536

SHA512
203e3bd250e038da8d734b6db90597ee0edde3242dc05eba3b4392f0e7126f41f7b6ee989bf6b4b624ca7585d596a4197ae70d2d9482627d62ea836dd2dbcca4

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\arrow_back.svg

Filesize
599B

MD5
91a88e995299d6c2da52ced131a3de08

SHA1
7cb70325052b266644832fda97254d460cb5d00a

SHA256
cb3f6ae4cd7aae397bee12c6f7c7a13886080ade476019358f02f9e5cccf57f7

SHA512
65f5478ee39d549c9aa0532284263b8e779b4d303687d8c2e2e60c07060ff2bf96101ead2cb8c166536674fb10343e17e0dce99b41d9f05d3e354320e8028af2

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\arrow_down.svg

Filesize
1KB

MD5
e3bf0b576d2315ea895fc6cff71d968f

SHA1
bac4ec7892280f425d37c805fe17bed9dc94d127

SHA256
07f64d09dea3cae74d6b3959b438cd5a1c09d655171319338ddc9180f0221912

SHA512
e3c582f7785f64bdd1ae299fbcc776075bd8627bb23423129a60aa9730694c964c60ecea9f5afd425d2aeae4c544109851d3a02627aca0ffe2f075703820fb61

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\arrow_forward.svg

Filesize
595B

MD5
cdec474c05c8cc1e9ea6cec906217a9f

SHA1
918f8062849a4e9ecd9a667c4a7e4f55c6ff3b5b

SHA256
b0fbea877c8e4e1adefb1447fd26c161393b19519a20ba7ad5a12dc7e373f106

SHA512
c29e586279e662ce874bdce0886d888ede4b7e24aaab8c34795d0344ee36be58c85a7de210c45cf2083a98d5dd2b52f93f6684265aa51e0c25c5b61a82fdb6b6

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\arrow_up.svg

Filesize
1KB

MD5
2f86fb00b5c03a4be32fec3080d2da77

SHA1
510aebc69b264b6742e97250437ed0f425fcbd7f

SHA256
18bd4762a87eb4599e647bc300a1793815c884360648ded12e276768a2c8ec39

SHA512
77317d9c1135ff7d898f87e1c2570b50490d3bd24b4d39f8c621f1cb748e4ed77499da53a623bc47a6a97ecca402dc110ce2bb67ffd0cc83582827e087ac0398

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\circle.svg

Filesize
95B

MD5
421974c5b3af72d729c45cb62917b1f3

SHA1
c1f9967d08bdcf2f644ab907da0bdcc44f4ab475

SHA256
1fb6102d1e7a56ed1db81eff8f1c92495e26388941778c704fc1dece68703fea

SHA512
5b721266d478621d8fda85bfe92cdd2f0657549a064f9a3a8c3b7f67720803737b7c3ed5617f8d977c8999611bf1fbefa4f55500662061241a003cf395674fd5

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\play.svg

Filesize
170B

MD5
841a94aa86f3b06f14c71fef97ad13f0

SHA1
ac86147382f12b0e5dc52b9e553ff1c0ac5d745d

SHA256
ec07347b3d91c161d602877c033a6b5e0700e040767ce7c004b373b04a502146

SHA512
703c6809ebeea6fe8f38fea107569367787c3608e3a43fbbe1f2f2e42373c9abf81ea90a4089ac76a3af9c3af4f89904d25cb1049cef06f42738d56559ac022d

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\trophy.svg

Filesize
993B

MD5
b5260a7394d247f936e41aa89146c491

SHA1
9d322d4ab54928ba77dbe0b95f80265e5af180da

SHA256
6268b507d3a23c1402aaf5e157040c2d034eee2914a922fe25eabee1b5c138cc

SHA512
dbb8369acabbdd3b2104f9251db5b27cfe866a30061b7fca36d5b345d8d7b8c0e31bd88b68f38731a6f9da5aa8b34b7c0edc177359abb4a4b9dcb8175f941ff6

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\tutorial1.wav

Filesize
484KB

MD5
e46be44984cd4a1d8439e82e97afc9cc

SHA1
662d606440f5a616f21c7919299f37be02850437

SHA256
3e89e1e4d60fff6cd186e61260ff674e219b5972366c8ae21c5b17317e90d401

SHA512
5b946d6bdd379fa132f59ff66309181b0bd3cb09b62a886a5d868c720b0bff6bcd6c65bb2de79c561589e185f817cf0825cd7b5a23d3b2628822a5c92a70a6bb

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\tutorial1.xml

Filesize
15KB

MD5
f74863510a02a3c31f708bfafe5a1b4b

SHA1
fb70f467cead5f6ff260d37e6cef33f04de84fc1

SHA256
f7eafca277595ed88082d65cd659ea8a8c5c516220727ae8d6158e3d08dba7e1

SHA512
8fb90d0cfcf94352d38314c94eb023441d66cba67b8f6247c487b4fc637159b802fe4d3d3e4b2d62ab8eee9c9783ef5eca470361adae482932cc45bd686e8395

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\tutorial2.xml

Filesize
13KB

MD5
1960b0ec676f4d2f6ec32f880d9c46af

SHA1
505f568dcab74392749962343f35c9ddb16b5206

SHA256
04db4e2b47d3374335ba76eb766d8bef7714f8aee2ae81d9eab10eb70ed17b72

SHA512
65ffd0371b0d1fc5c4dbc00002667a9bc36c759a84dda86a7b37e33eba973dac2d006ab9218c7d40f4c3f89906cfa6153db774a3fa764b9f2c4d91296a06c696

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\tutorial3.xml

Filesize
16KB

MD5
550322b05be65569467cbf8e58e13ebc

SHA1
ccc609a92deba971949f6aa69eb7d4a646781b0a

SHA256
77b1b7f17d35059f2ef50d4aeb6cfbf963b9a892e692d615896f8316fe514f24

SHA512
f8c3e768633b02e21dd51363ec88c5ecda82c3f0447d5845807b7d8a4749f2582b30723d8f7eaa3c2528ed56a8567f74c8354c5b7b8258fbbd59d841e0515075

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\tutorials.xml

Filesize
439B

MD5
5257a7311a921e680d5d08cbd131ccfe

SHA1
a3c41419fb2c3d30253e39ad013d083e7c8a3c04

SHA256
f44d36ae3fc1784d4fac4e7a0184cc45d4146f9f2e07955d8fd1cf231dd11dd3

SHA512
9dc966075d6712bc3bb20d53b780ab289633269a727a8121330ab00bb47ec4ea24dcfb97ec86805513f5fdd827a08987b84214c1c2b3d0885ff5c562e55997ce

Download Submit
C:\ProgramData\oeksound\soothe2\Tutorials\up_down_arrows.svg

Filesize
1KB

MD5
38a5729116848ee8ecfcbf300f57567b

SHA1
1c0ece8e0dc0f3872e6cae79dac856186d6cad96

SHA256
cf31f1d5ae44333bedd25c8ef836711cb85c804008b0ef5e51d95fb298fb7ee1

SHA512
bae256fc1ee09321c9d7e74fa354ceaceae7fd6c3e1330000594bc68fd599ea7be486d7d77fa4fd14d1518ea619c7136d688755e20e987d916c3be5ca1a9c575

Download Submit
C:\ProgramData\oeksound\soothe2\soothe2_ManualFAQ.pdf

Filesize
5.3MB

MD5
a200300e332ebcfa0b7bdb0cc14f5dfd

SHA1
ddec716b95ab23414e1dab9a1b2ac14726e4bdf1

SHA256
dce72a7baa296b53e55f2764d618e6e09e2a8ae39de4a351596fce2163041544

SHA512
ce608961f4da95a0aaf2f29b44e014271e268eef740a80b23db0a324ee33ba8496e883d984dc7e16b9c769eb6a2fbe841c2605fc369a53e79a1712dc439d97b6

Download Submit
C:\ProgramData\oeksound\soothe2\unins000.dat

Filesize
35KB

MD5
e35778de571120780e993820df90ac5f

SHA1
d229b8ac03bcda28004654de58b833419350c224

SHA256
2cc74f2df53192b520c00ffbca45c5ffb591eccf234f096bc02da7eea97c1fdb

SHA512
ca53c037392c4230f47f7e22e35bc7dfd627f4cf1bf73d900a9681eb5bcd00c7f5c36b5a3c5a8d79541af0d45b1878e4a97905c3c9d9bcdc4d9f2edcfef7bf29

Download Submit
C:\ProgramData\oeksound\soothe2\unins000.exe

Filesize
1.1MB

MD5
2a23577cc7d0775cd28d405e7f7d10db

SHA1
f8af1497a5524e9a143b068374d209a9caf2f5c0

SHA256
aa884077c3de3ca9219f42bc0fb99894f7be1a1170113ca354202828b7076510

SHA512
f747b318c3c1b027eb9d7f9cf1698a531ab9842b1390574f9b691bd216ab4fa7a4d9cd7b9385120d8cc62ce448f0837427ad1f00312988e58ce0170fa5e3f72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1ff2a88b65e524450bf7c721960d7db

SHA1
382c798fcd7782c424d93262d79e625fcb5f84aa

SHA256
2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409

SHA512
f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
562b59fd3a3527ef4e850775b15d0836

SHA1
ffd14d901f78138fc2eece97c5e258b251bc6752

SHA256
0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430

SHA512
ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
65KB

MD5
8f315e7db71ccbfe6368a2d231383355

SHA1
2cbe3a0e8ef8af982447dcd78ea2a51408dc75cf

SHA256
004f13b15a5f7d90a992e3c8d94c0b430d5e138d9852a9226dc5752dee766bad

SHA512
7367844fd605ca8a6b470c36e22bb2f2ec4a74cbcad9c76682e6950d09f1e0b4a32703a4f3b4a648b5a7d42c67c270abb201c246b02cf1fde2e97d1bd13acc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
34KB

MD5
6fdc4fffb6591ff67255cd320da7c949

SHA1
33fc881c6a25ce40da7f7ef5db652ccdf4b8a212

SHA256
bb15c654cb260b20777b74beacaa9cc5ff70979ae8fea1edad3edb431a3d26ca

SHA512
c37ae7546a7a196b3ec45adaf942ac60a1c94ec7b613a0a00b341f172c17950256b6281516071fac3dc03b5ab9d8ea922ddb9da93d2e268a3c12f158deeafb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c6663fbc69250b1c3400bc2bd3bdbcaf

SHA1
492c5c6f74bac02f9bb5b02e66af271b7b9d8902

SHA256
4c0f94590cb19d6cd70f9927ff076aa688b66897a82450e8203f7a5742aed587

SHA512
554c10be473c63456fe5bfc07b96f18ac03d3993586281a70bc0214e7bcead33064a90e567d591ecbf59fa49844558295d98a8f757ad7b52a8079f556ab33ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
38d04c4a5e20aec761e6eedee88afca0

SHA1
2ada01753fea9a5ac6192c92409c74cccab00a62

SHA256
859c2a002481c262834dfb1cb54e4f636585bc67709ab0af1d442c22f667818b

SHA512
f39512f94163ef0e04033055cfb3e0fa2254ebef224d392208bf39299726731ccdf4469d02e02ea4e83812d5710f14f20edfadce4ed0907fc22bdc1fac70f9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7dfe081e010fe78f73d3589ee39b5887

SHA1
1a18b6e43ad61c6b805773e64123bfaa758bd74a

SHA256
d090e672bc0957b8c7229ce98e5f4d8c469fd2e74389d152485136a90f55cc1f

SHA512
69faf9b6143140a090b0d11bf51d04b401480f15fbe4cf050de36513f7427f95ad2a91169bbeb1de536f3823ab26c9417ecbf49a57d7aa310c79e47e680a807e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
64ee11476a26d20ad264cb2b0d4732ee

SHA1
7218328304eecf6b0838024af720466a74a721b4

SHA256
fca1707304ab95d008f797e2d677bd3de85f7d6ef10642ea0aec147fa9abf6e6

SHA512
d34563e0e8d3ed60846de4e7b88a597948c868c7d8ac42def7e6ed7f65b9d7a6e15374885c7267cb2d5c9adc82912207607d2dff1fd926d3d1219bbfd7a38c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
81dac11f86bd3e01afca5cfb0a85e370

SHA1
4b88e3884277fa8a2cfbc7b3d3f4cec8c3aa12c2

SHA256
047210a594c8ef57537e0e7276e37e7670f56246f8ae733e9b4489b1bd036130

SHA512
2e317c2db41729e63e9f57cb7c8a299645bc450652bde8d984615229ed3f6df15a72c9fe4354f76c84f83c04761732587b07bf6bee81b1edfbac02618dc117c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cd3e1eb2d694a45bdee8a4cb88831b41

SHA1
73a42054d15df9f70d71fcd85602cb7abdd726e7

SHA256
e14d2a802d86635ab9c13cdd8b57a6e02322d54cf3aedbdffe40065072ab6a18

SHA512
31ebc896b8be6ebbbd38b9c7e76902b2051a0546814df8ccb614d17950aec9ce17b3fdfa6665e269edb882c34d96785d0e73e8622ebc0a1274fcb7a37386b47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4ef11c14deaf05cfc9b01629263b9457

SHA1
0b672b25b695d037351027d282bab39cfb3a60ca

SHA256
28d8b88dbeb95c6300894e99575e1f16aa4cdd015f13b566af73404f3ba2c5f8

SHA512
2b933030b40139c83bbe8925ff7228e70daf3d8d2916e253295558ca5df6c1d9f6d764d6bf3fd39865fd0fff6e12f4654946c81e9c55dfc562ddf3e4327f0699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b28d416dce61462fe613a644689d9343

SHA1
b105f89fdf21c30c14afe76d646354dbbdf9df8b

SHA256
3258658fd62d1f19a46023e4ccf96f262abd0f3cea0cf5887cfe209782b532c5

SHA512
80e32c650bff87df32f47f74ff23645d56589d68739f63637d9bae3c9ae37b5c03ffb4993cd8e456b0ce1ced9a735b2ebba7d716b1cfedaf115d4ce5fa074ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e16567e456b6e63a3a7e4c21b3881432

SHA1
3bad9d2cd46277f7b185b24f1988702aa1023588

SHA256
140b2a2c51820e32f8b109a1db28e0ca0d53718448beef8c9d6391f340451a4d

SHA512
95b359c815f478956293dfaab896c6b34a488624724479c7965f77c0c3ef3086e364cb86ed956ff3bff6226ae502bdfa78c67d5115e3cce88b28bc918de748f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
806eca3e7c4b2d286b24ffe5db07cb90

SHA1
102b495bcefe23df84d171ec0fa9c18ecee0ad44

SHA256
92f76cc47be60191881654a355b6ac4eff6dd486243452779ef763a8ce8f1c4a

SHA512
29d7ec7cb895258cdb099b25446edf1d3cc8370398694e54c3154a7319664e18223cefdc3dcb37263dcf31053eedcf0a7bac4ad56387a2174773d75df4dd8f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b049b811068d45fddcf48098529f0e74

SHA1
dbd0f204b20a3d06185cf37b445bb624b817d910

SHA256
886bfaa6f8e25b8677a228c277407999ebc7e63f3af41bd15fd7fa38a6bf7af2

SHA512
66f80e2f752f10cdea47ca7ca983c0764708af9d8569bc111f26debe184e52be5119fd0f2aeae61800082b3d5e8fb754d3849b1894c9d999ac496cd48e5d933d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
014df2e4c777244bdc6b1e9bf1851f5f

SHA1
1f436f1bcbc384f979be270736e78643e18774f1

SHA256
d7be8b6aee759fb7ad967de43fb0710d0f607ec07ffec32ff245a782b975986f

SHA512
466ca05f79fac1d312fd32f62756f1a4810d2819f4a012292e8d1080566042e54e927f6aae8ae48e8380c659ff2c9d53fa1f14e7fb6c8a3800429c76e88f9e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c0c139b0d26b522f4b1fa1456a25dfa

SHA1
70eea5673cfa5e0803b1b12f780665d2b50d0b0a

SHA256
e127b8cb34b187fb9b863232e6c2bc5b3dc5a94e95ea33b57964523bcc4ddef8

SHA512
270f358c728b5d750ebf78648c2744b0485b0b2646b3ef702fa9a6dab29ce36f6c3160eb1df5f674ff6ef08c44eb606567a0bb8d0281293d075fcc5bb19559a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26adcf7fe32cc69379e17f05c3902a60

SHA1
2f2ce15145ed54ee6ff3ce88702bea5cd1193711

SHA256
1596e7fbb8ab3cc268922f0ee343955f44b5dce67cd3084c704b5514fb87dac9

SHA512
4be83cd4000e03e20535725c10ccd9b726c05bc216666af4814a88638bed87e262e3aa74dd2080479d3f6405ea50f397eddbd08ceb186b380b5389c2b83ea93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a9c87980a0348b5df5b15e017ff58ac

SHA1
7b80d7200f82ffa788f3ff0525ef809dbc9b02ed

SHA256
77507391f1f9de6385dada4f901e791a547f3a821ec88d05a62b697912ece712

SHA512
a64b299fd66ae072639a4bc21faea5b5941d18f643881d43114cc443684db313af5c109ed03f060e41d3ba69292e8f8f72127213a3c558a07bb70ae0440de399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a2ee58d85c0d197805d9c4341aa187a

SHA1
cfe78202a6ffbf8444573054e03ea94852e158f5

SHA256
697ea58341a23d872e3e82a44cbe76f1aa893048f1d26a45469da7c4c1f16c56

SHA512
a277e89eda7d641f0bfebb92603b4bdcd1f2e12f35a82e049665b125a2efffcdb292a7098a34d55da53ae6db778742a3adb4e376ce787fb45ca914be5a35ec1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94af8a5e6d24bce9c10abdf5ecb70632

SHA1
704896e0eb41ef4d11bec042262457a831c293f0

SHA256
31d0dd7f94fa8ae63e681d223ae556f84502578e4d12f12644fc14dc5ecd8ad2

SHA512
354b7193c4a44404023ea057b55c8f7813830e25f863b8ee5fd9ef52eebed59bc902819f93eca582221b9f79bddf5082e797eae1d2a71c3c8d82230c85458614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e442352191611ccbbffe9e85601a3a5a

SHA1
31e10497d05a62413ca6937062227f8f9bd9c409

SHA256
1c67516e279e6a63db09fe30d028e17e90a3595fe0c1156f11e2d996384f41aa

SHA512
2be5a1c800c74d8ffe3d3c7854202737f3f8df34e26b01e90cfa5b4512ef338c625a985887643fd1937364e008cf7bc8f48ff1e0f949f8d9e5530e9171a81fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41c82209ebd21145d0239dfb662b46c0

SHA1
3104c9beb5b1acda96407c59db1fb5a5f75e4a4d

SHA256
f1be447293375ed4323d4a1c87c37cc007ecc5febb6cd7d8491b62f1501a7739

SHA512
805073e033254f82196bb489935180bf8d33a0720fa35577b6e6613600a201c35387013a21b4cf74dea482559c1cdf6903b6ab4821d98fec9b77e254ecabe093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
48be34ab97f3e8c96ff1e1ddc2007516

SHA1
105a2c6ef2d936af3951444ebc5c99c7291f1055

SHA256
426fe0ccdfec191f571cb2f7ca342822eefceae2b4fd3d309365d5f50e2e77d0

SHA512
ba47f2cf097f358c4a3c4f484ebe53aab62ae18eb6cae75de2a48c4e75b7590c9804bd7a29aed9ff510654f68af8a92f9432c9037e6104fdb0550942a96ea698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5f572f408401cce188392749823915bb

SHA1
ef9546f0a89473e1d31870d27cbabc8ae898e77b

SHA256
03c9365c5fd074ccdb23d176b7aad6ab5f2e56268bf0fa061099dbe8a9ced305

SHA512
80ee58b077b439faa8a10eafebf2490d60d06404bfdd5937f363538a1428b6241b82b2269625c16acb361df948f04ee334446a83d0e66bab965a4c561d9a3d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1f832cf2c0a6c4e63948535d5403ee26

SHA1
2254b39150633454698ca1548ecf742cfa56d63f

SHA256
3529009fb89f9b2f2a595cb1c558509cb503b8dba28c69ebf56594e43ce8ffd6

SHA512
020364e57ff74adc5888ce85fc99d0ba4b9cf9bceaea8854cc08e89209d781ff86ad642dda50610d0cba2670e709854d5b3d4995d5c563f0d7c64dfa44c1c04b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14699e6a6ce714068e438f28cf57cb20

SHA1
084eaa85c34b1917dbcbece8fb4e76e0b13ad109

SHA256
d164feddf9ec13b442f2feadbde8f94909ba36da9aac10a44f7d5b5101e1e097

SHA512
70bab237a99319e2ac5446a5c5d73dae3f3a7f1883de83b238eff5631d3dbd11458d0087af66fd63489bf12c9945f2780bec6014f0ff06a7f6b3733df78750de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
be67eab154b13e4a5d46b98c6af333d4

SHA1
0aec318fe7feff55b2e834f89cbd88425540b42c

SHA256
bbe2e2c852ef9a5c5c5085d79e84d3dcfeca03e797aeb5e295ee46835a667c3f

SHA512
3f724ff43229182b2e3dc66c97756ccb6bf835f61b10313bcfad460eecdcda9250129fbd525fabf38f2225f815526a0809659ba6e847cb5487ea3b8c5eeacc85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3719cf4a31c6db9c342b9084d563db67

SHA1
54f98413547c89f314cfdc4e7acbacef3673b74c

SHA256
d335f445c1a2e4128a346a6946cdf90b6544f6dff9b8277d780c5e856046ddb9

SHA512
32eb157a58b8be3bfb7003821f715e52c406d4f73267f73416a16402af515be2b4b3a76de81a5743a0bb8a4d85a3e2a823f167288625dc09ca3c9973f42a2d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c017daa0dd29b0b739f007b756ff60e

SHA1
e52a27a732eae17053dc0c7321d4f5dc43cb113d

SHA256
4bcab82fe36bc2ec9b4e05c83524aae73f8462d833a4d34378eb602671cf5b13

SHA512
a717eff7ccfc95850fa907c0a995d635860113b4fe29b453b827fac5209a59c3191a9dddbfb181ba07e61305c3164196702dff974372e15cced69ecd05bd9995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f2feb956c8d6bd865ef8392d9abca250

SHA1
b7de270cbc177d7061b5b830aee3e8f04d5704d7

SHA256
a99793e5a72192cace6c19cc02dee4772a4e0e699a31a2782a0e2b52d8c34b15

SHA512
7375dfa70ba502c595ff8c368d54640f7cbc052622dd5db65a10ab9a7d809842562f8fe8289edb2d9e14336de452a77a7ba9cfb8af5ca00bf777783098feb486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b62aec45e863da6de549463d2545c910

SHA1
4120042b57e40ef5eeccb9288772845a49369c9b

SHA256
bd2dc5fad340e1f69fed9c02ab992b08dbf8e3209b5a3d4504d67d378a0d1d2f

SHA512
217b0fadfc204673373e9a1fecafe4f614127a3fbb5024ddf4372b988d95e480bd893cdc17698a5afd51a860bf7ebc467b39c8480cd2d64eab8a241defb9356b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ab580c9c5e0f604c1919a1178e35cdd2

SHA1
f7fcf3118b9b4f5e54f6ab9625976b9cec4ed0aa

SHA256
fd0e29e8e8b20d4256935b7df0189f66bc54194b177b8e5f5993ca98aa663a9a

SHA512
2f29c4f92beca556d2d8a65d9268b7ceec1d9286f0d8f451c749cd6dde0eabb26bac1925fed3edc739cd277b1a6450dad3c9f399979fc113d3d0dd6c69463f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4b68caa1eaf987b88dfe1574751b664

SHA1
2100661c996c0c7a7526310de9bd30489340068e

SHA256
56f240ed30db3371c8b34bfe2b07bd45b9456f9b31a2aee77f808f72a2c313c0

SHA512
5d3ec5c7165f9ebf164a88ef480c18b12f5294d75454e40a27ea52c123886182ca99b74813c687e9726bfa25f3fa8e1b939823f2097dd87e1db1533546386d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0fbd87853beaecb90aebac61b4f8fcc6

SHA1
8a76e6178938f8f0fdddcffe43bd3963309d108b

SHA256
3b22f46ec86e71382fccb4b6cfadb04e663ae8385c05475570b74fdfae67de1e

SHA512
0727b3995299ce9247c16d66b08c8adfa8a9aa9c26cfed7a9b4de7beb3a287a53854f7da36d7465338889c5248b00dd281ebca1bc4cd9a5f907aff09c89482fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
949a26a8efdb3db8536f6dbfe9286b4c

SHA1
79aa7630ff8c61ff431245c9e9ecb114f0688ce9

SHA256
9806a14e2e6a7cefacbd3b03638d12369543591aab992fd6c77f7e0e1611bf63

SHA512
ebae77c09f56bd9d857e89cea30ed9ea6bbb120475350b40e6dcde856f6e4a8996d3eb376233508284246b1b74b63f41052a121ad8fec70a3b7b4bb21a838364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583ae1.TMP

Filesize
1KB

MD5
9f2127f416f32fd28b094a47596a9550

SHA1
577ce322d61be4d42e249c042d850afb8dc3cd71

SHA256
2a460e752fcb57ff734d652d22bc685b8899e8d410ddf27334fbc49a5be4a173

SHA512
fb10d6bf82978329d0a36e770dca9cbf2acc9f96e4ef033fbe0e9a3c59367c861c28fe7f69e63cb5abce9b5b915c68f11ee8cdcb02e7ad2e570fb6b468d5d0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82c70eaf67280f3bf32084435547b882

SHA1
158397d0cb9684abc5d518024e832ca90891816f

SHA256
3183b529126135206235ba290d1798741924ec532b36d5d579e3d7144d5e77ee

SHA512
3ac90c333b8638ab497c841bdecf60fa7f9c7c170957d4c16676e850614c6badaf8887028e3dade6475db39bd3afffd92ca49579505257ed99e2323f9c99073a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2aee06319aa6cf6f0e7ad36ec83ad597

SHA1
e49e547f91484c60ab51ee61a175d9310c1caf72

SHA256
a4aff0bbc2780a7dfabce1cb24018f40cd2116da077582f6b0330d03804a80a6

SHA512
3ae1638df447dc3f1f465efdff1feb61f85f83ab951596440908c70803898bbb76e973f3b5f561b07540331ad18975baf6c66f2827e438c215af8bf489c02efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31c443042103bc061ebf5d60edacb821

SHA1
ebd0a4514f55137274223db5614196fa1075ca73

SHA256
f7a3aca6e2aa1e1d0cd5712145a80b5c9e1e84a6424b52f32ccc4df020ed003f

SHA512
45c68b8df56edd5093a95a603cf92f9f8d6ed013c9604aa25db03e0b238dc6100ab2e55af5d7574d3f5d73439d017035f7021d788963724719d55d24890beed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
308b4bf9621d8afa8e74391395d55a3c

SHA1
c7423d3745f9d40ff4014755b9c331c52ac85868

SHA256
edb025b9dd45c4e4ee34785ce7a1ac4c5eb914f8c615fecb3c268dfb0f871ea2

SHA512
f9d5aa1971d5f8ff68e131776459c0cde55de462b4c5270176bb6dd51e86d13476f3ef87c8fa1730d4add7bd95399d7063bff9a6ceed4d60443e63a1798ae99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b30bfd2b100f05c58451809076c1364f

SHA1
16bb81f3fffe32e7bd97b8e437394fbf49b93d21

SHA256
8c6d781d2a2c43a1bd51ee50ef3c397ebee40cf3c512dccd037372726f1cd368

SHA512
955b6de01179c3b90c63910df5438442a37ff578cb17f52019a023fa6e6a7d17038447d554a5486b3baea48eb0e77f0ca05d2434c85916c8079cff35d52f3209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30b9cccf1b86b1b366efbd1b98a7dcf5

SHA1
cd39b59f5ce63882b89f87848cc0a6baee11d8e1

SHA256
9747c06b3b8a894b7713aebf5b0fa3d7d4e83ea819e450a59a8559302b8e3cb3

SHA512
c0138fc3a5fb4af589031b71d0e52b54d0e40d2242f8da1b7fb690861ccf8550a07246885cbcc60a1a83e54c02be72dc0fc77f86289a14ca093f01c28e3b7164

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b5f2ae76b40b83843e704c2570fd2765

SHA1
18dbcdcaddae090d6798bf170f9ba25828f3e3e8

SHA256
f93ffefdd80181fef1b11073196c82273bb323a46ab11a147cfcca15ac12f95d

SHA512
534bf1805add63bf41d05a8a9c066ff8f5f47e36b24e77fb2c8348ac7f37ed1468c35536a63e2522759d9479dac799c7c9fa80d7e20a53a8ad0cf4aa49b842bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L6E32.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L6E32.tmp\R2RINNO.dll

Filesize
4KB

MD5
0f8bbab51c5f70093b7ed7dd825d68e8

SHA1
a96809560b3e9001124083937a339cf2453a94c8

SHA256
7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

SHA512
7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L6E32.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QD7LA.tmp\Setup soothe2 v1.1.2.tmp

Filesize
1.1MB

MD5
90fc739c83cd19766acb562c66a7d0e2

SHA1
451f385a53d5fed15e7649e7891e05f231ef549a

SHA256
821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431

SHA512
4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

Download Submit
C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R.rar

Filesize
29.3MB

MD5
95e5fee49f1ca450e65836cdb5991db8

SHA1
1e284b2d0f4c26c4f18bb51fdaee2644559bd6ea

SHA256
6fd5c514a5750c05225dd390c60d005b673b7e2e79c032e8e9e607ef9441662f

SHA512
3d831c7bb6e823dd7467d61304a091baf753cc96729e5c54a1ada5285292f15990af62baa7a586fe4ec0a052351206fb3aacbadb1b5a949ba1dc83a76452efbc

Download Submit
C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Oeksound.Soothe2.v1.1.2-R2R\Setup soothe2 v1.1.2.exe

Filesize
29.3MB

MD5
0158a14c23a8da850a6ee55097662354

SHA1
42a81c184384b1570e3fa38f47366ffe64e418a5

SHA256
d5b6c825e2febc952ac4cc7e9a5977398a545bcc067fa5e9f490b461efb23d37

SHA512
c7e7252ebf2071c5c6052600939319e88a304a81b3f5102d4aa120913f5252f46e86861287c563a515eb4c926a3a13b216fb758985639a77bc35f255917b600b

Download Submit
memory/1420-695-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2376-710-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-742-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-741-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-739-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-760-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-759-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-732-0x0000000074B00000-0x0000000074B32000-memory.dmp

Filesize
200KB

Download
memory/2376-738-0x0000000076480000-0x00000000765CD000-memory.dmp

Filesize
1.3MB

Download
memory/2376-734-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-733-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-731-0x00000000761C0000-0x00000000761E5000-memory.dmp

Filesize
148KB

Download
memory/2376-730-0x0000000076980000-0x00000000769FC000-memory.dmp

Filesize
496KB

Download
memory/2376-728-0x00000000761C0000-0x00000000761E5000-memory.dmp

Filesize
148KB

Download
memory/2376-725-0x0000000076980000-0x00000000769FC000-memory.dmp

Filesize
496KB

Download
memory/2376-724-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-723-0x0000000076980000-0x00000000769FC000-memory.dmp

Filesize
496KB

Download
memory/2376-721-0x0000000076980000-0x00000000769FC000-memory.dmp

Filesize
496KB

Download
memory/2376-737-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-743-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-744-0x00000000760E0000-0x00000000761BF000-memory.dmp

Filesize
892KB

Download
memory/2376-745-0x0000000076480000-0x00000000765CD000-memory.dmp

Filesize
1.3MB

Download
memory/2376-746-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-747-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-780-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-779-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-748-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-749-0x0000000075460000-0x00000000754E2000-memory.dmp

Filesize
520KB

Download
memory/2376-750-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-751-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-752-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-753-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-754-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-755-0x0000000075460000-0x00000000754E2000-memory.dmp

Filesize
520KB

Download
memory/2376-756-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-757-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-758-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-761-0x0000000075460000-0x00000000754E2000-memory.dmp

Filesize
520KB

Download
memory/2376-762-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-763-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-764-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-766-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-767-0x0000000075460000-0x00000000754E2000-memory.dmp

Filesize
520KB

Download
memory/2376-768-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-769-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-770-0x00000000760E0000-0x00000000761BF000-memory.dmp

Filesize
892KB

Download
memory/2376-771-0x0000000076480000-0x00000000765CD000-memory.dmp

Filesize
1.3MB

Download
memory/2376-772-0x0000000076DB0000-0x00000000773B2000-memory.dmp

Filesize
6.0MB

Download
memory/2376-773-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-774-0x00000000754F0000-0x0000000075713000-memory.dmp

Filesize
2.1MB

Download
memory/2376-775-0x0000000075460000-0x00000000754E2000-memory.dmp

Filesize
520KB

Download
memory/2376-776-0x0000000074910000-0x0000000074A37000-memory.dmp

Filesize
1.2MB

Download
memory/2376-777-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-765-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-740-0x0000000076CF0000-0x0000000076DAF000-memory.dmp

Filesize
764KB

Download
memory/2376-736-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-722-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-726-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-727-0x0000000076980000-0x00000000769FC000-memory.dmp

Filesize
496KB

Download
memory/2376-729-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download
memory/2376-735-0x00000000761C0000-0x00000000761E5000-memory.dmp

Filesize
148KB

Download
memory/2376-713-0x0000000002C20000-0x0000000002C81000-memory.dmp

Filesize
388KB

Download