hxxps://www[.]bing[.]com/search?q=free+crack+fl+studio&form=WSBEDG&qs=SW&cvid=ef7a4d69f20b446cbe724f1eba215313&pq=free+crack+fl+studio&cc=US&setlang=en-US&PC=NMTS&nclid=1100C8EDA213EC7372EE5D70715926A6&ts=1722928894705&wsso=Moderate

Resubmissions

06/08/2024, 07:51

240806-jpxhssxema 3

06/08/2024, 07:24

240806-h8gq1sshpp 8

Analysis

max time kernel
242s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 07:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/search?q=free+crack+fl+studio&form=WSBEDG&qs=SW&cvid=ef7a4d69f20b446cbe724f1eba215313&pq=free+crack+fl+studio&cc=US&setlang=en-US&PC=NMTS&nclid=1100C8EDA213EC7372EE5D70715926A6&ts=1722928894705&wsso=Moderate

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	cscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	cscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	cscript.exe

Executes dropped EXE 7 IoCs

pid	Process
3652	Free_Bobux-V-2.5.0.exe
3972	Free_Bobux-V-2.5.0.exe
3524	Free_Bobux-V-2.5.0.exe
1060	Free_Bobux-V-2.5.0.exe
5732	Free_Bobux-V-2.5.0.exe
5864	Free_Bobux-V-2.5.0.exe
5996	Free_Bobux-V-2.5.0.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\PROGRA~1\desktop.ini	cmd.exe
File opened for modification	C:\PROGRA~1\desktop.ini	cmd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\ipsrus.xml	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\UIAutomationClient.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~3.0_X\Assets\AppTiles\WEATHE~1\30x30\3.png	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\AP485B~1.DLL	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\de\System.IO.Log.Resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\tiptsf.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\Alphabet.xml	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\it\System.Printing.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\DELETE~1\MI63E7~1.SCA\Assets\AppTiles\CONTRA~1\BadgeLogo.scale-125_contrast-black.png	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\PresentationFramework.Royale.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~2.0_N\APPXSI~1.P7X	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\APPVCA~1.DLL	cmd.exe
File opened for modification	C:\PROGRA~1\WI54FB~1\MEDIAR~1\avtransport.xml	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\en-US\micaut.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\it\UIAutomationClient.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\MICROS~2\root\vfs\PROGRA~4\MICROS~2\Office16\msvcp140.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\en-US\TipTsf.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\el-GR\tipresx.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\es-ES\ShapeCollector.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\TabTip.exe	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\it\System.Data.Services.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\MSInfo\en-US\msinfo32.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~1.0_X\Cortana.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\System\ado\msador28.tlb	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\System.DirectoryServices.AccountManagement.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\TipTsf.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\ja\UIAutomationTypes.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\DELETE~1\MIE788~1.SCA\Assets\SECOND~1\DIRECT~1\Car\LTR\CONTRA~1\LARGET~1.PNG	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\es\System.Data.Entity.Resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WI54FB~1\en-US\setup_wm.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\INTERN~1\ExtExport.exe	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~3.0_X\Assets\AppTiles\WEATHE~2\423x173\28.jpg	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\it-IT\mshwLatin.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\it\System.Data.Linq.Resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~3.0_X\STORER~1.DLL	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\de-DE\TipRes.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\zh-TW\tipresx.dll.mui	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\PresentationFramework.Luna.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\fsdefinitions\auxpad.xml	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~4.0_X\Assets\CONTRA~2\AP65D5~1.PNG	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\ipsesp.xml	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\es\System.IO.Log.Resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\en-US\mip.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\ja-JP\InputPersonalization.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\mshwgst.dll	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\it\System.Data.Services.Design.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\msvcr120.dll	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\WindowsBase.dll	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\DELETE~1\MIE788~1.SCA\Assets\SECOND~1\DIRECT~1\Place\LTR\CONTRA~1\SMALLT~1.PNG	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\fr\WindowsFormsIntegration.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\mshwLatin.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\APPVPO~1.DLL	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\fr\System.ServiceModel.Resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\fr-FR\InputPersonalization.exe.mui	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\hwrenclm.dat	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\es\UIAutomationClient.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\APPVPO~1.DLL	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\ipsar.xml	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.5\Microsoft.VisualC.STLCLR.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\Alphabet.xml	cmd.exe
File opened for modification	C:\PROGRA~1\WindowsApps\MICROS~3.0_X\Assets\AppTiles\WEATHE~2\423x173\29.jpg	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\ink\Alphabet.xml	cmd.exe
File opened for modification	C:\PROGRA~1\REFERE~1\MICROS~1\FRAMEW~1\v3.0\ja\PresentationFramework.resources.dll	cmd.exe
File opened for modification	C:\PROGRA~1\COMMON~1\MICROS~1\CLICKT~1\APPVOR~1.DLL	cmd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free_Bobux-V-2.5.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free_Bobux-V-2.5.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free_Bobux-V-2.5.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free_Bobux-V-2.5.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Free_Bobux-V-2.5.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{3F8510E6-A98E-4A54-BA6C-CFC3398EC587}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 544196.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
2512	msedge.exe
2512	msedge.exe
4324	msedge.exe
4324	msedge.exe
4520	identity_helper.exe
4520	identity_helper.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2384	cscript.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	864	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4340	2512	msedge.exe	83
PID 2512 wrote to memory of 4340	2512	msedge.exe	83
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 3980	2512	msedge.exe	85
PID 2512 wrote to memory of 4432	2512	msedge.exe	86
PID 2512 wrote to memory of 4432	2512	msedge.exe	86
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87
PID 2512 wrote to memory of 2812	2512	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/search?q=free+crack+fl+studio&form=WSBEDG&qs=SW&cvid=ef7a4d69f20b446cbe724f1eba215313&pq=free+crack+fl+studio&cc=US&setlang=en-US&PC=NMTS&nclid=1100C8EDA213EC7372EE5D70715926A6&ts=1722928894705&wsso=Moderate
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96d9c46f8,0x7ff96d9c4708,0x7ff96d9c4718
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2092 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  PID:3652
- - C:\Windows\system32\cscript.exe
    "C:\Windows\sysnative\cscript" C:\Users\Admin\AppData\Local\Temp\887B.tmp\887C.tmp\887D.vbs //Nologo
    3⤵
    - Checks computer location settings
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2384
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:1452
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops desktop.ini file(s)
      Drops file in Program Files directory
      PID:1700
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops desktop.ini file(s)
      Drops file in Program Files directory
      PID:408
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4532
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:3520
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1596
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:1912
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:1240
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:1012
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:2588
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1552
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:2044
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5132
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5184
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5256
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5308
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5364
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:5412
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5472
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5528
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5588
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5692
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5744
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5800
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5920
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5240
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5376
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6060
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5704
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6264
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6364
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6508
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6652
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6824
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6992
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:5524
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6672
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6952
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      PID:6604
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7204
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7364
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7496
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7660
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7816
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7988
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8152
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7864
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8252
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8420
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8580
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8728
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8904
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9048
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9200
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8892
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9228
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9420
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9580
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9760
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9972
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10120
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:2144
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8592
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9872
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9668
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9336
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1996
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9972
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1848
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4248
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10384
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10548
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10668
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10820
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10996
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11160
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9924
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11240
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11400
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11560
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11680
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11872
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:12020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=qrcode_generator.mojom.QRCodeGeneratorService --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2142220777716965521,18030146879100141711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:6104
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3972
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\C8A2.tmp\C8A2.tmp\C8A3.vbs //Nologo
    3⤵
    PID:5844
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3524
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\C6DB.tmp\C6DC.tmp\C6DD.vbs //Nologo
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6044
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1060
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\C8B0.tmp\C8C1.tmp\C8C2.vbs //Nologo
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2588
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5732
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\C8A1.tmp\C8A2.tmp\C8A3.vbs //Nologo
    3⤵
    - Checks computer location settings
    PID:6064
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6564
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6760
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6908
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:7068
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6312
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6916
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7124
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6336
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7196
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7352
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7536
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7688
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7828
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8048
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7388
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7340
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8328
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8460
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8632
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8788
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8948
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9096
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8300
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8996
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9268
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9440
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9608
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9736
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9980
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10112
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9324
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9384
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9804
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9648
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9496
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:9268
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9328
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9404
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10316
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10472
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10632
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10800
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10984
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11148
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4776
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10840
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11336
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11500
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11664
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11836
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:12008
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  PID:5864
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\C862.tmp\C873.tmp\C874.vbs //Nologo
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5448
- C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe
  "C:\Users\Admin\Downloads\Free_Bobux-V-2.5.0.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5996
- - C:\Windows\SysWOW64\cscript.exe
    "C:\Windows\system32\cscript" C:\Users\Admin\AppData\Local\Temp\CAA4.tmp\CAA5.tmp\CAA6.vbs //Nologo
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    PID:6236
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6556
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:6700
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6816
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6972
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7144
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6432
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6636
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:6876
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:6984
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7280
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7432
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7580
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7748
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:7980
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8128
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:7648
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4544
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8340
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:8524
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8676
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8840
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8984
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9144
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8808
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9020
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9304
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9480
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9616
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9780
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9936
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:10104
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4640
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9320
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:9740
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10080
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:9460
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4040
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8540
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:8524
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:3444
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4520
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10348
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10480
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10660
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10780
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10944
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11116
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10132
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:10748
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11328
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11512
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11656
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11828
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:11984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:864

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
ea774dfbdc1eb20f9cef1e7430df1d51

SHA1
1a5465ffc99fd1e57db60b787600715c6d60f327

SHA256
8dbce02d43744e6b7ea2a5cbaccdabb335611412d5df92b20c0ebf51f6afec51

SHA512
bd172fd87136d0dabde95c3ec9b3c1aaaa771edb107d8e3ea378572eb56866eca6ca5ba718796efaaee2e38b0a4df9c71065cad58229a4d6fcb09889c610cadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\389d14b3-9ed1-481c-ada7-83356c2dbee4.dmp

Filesize
3.9MB

MD5
d43e12b4a752d4fd3767c2c3e125351c

SHA1
51e877d20083801486102ef9edf7c77f01c81f34

SHA256
913d2dfb8491f0d1699ee816d432aaba4ea285dfca73c2267031f4fe0d4577a2

SHA512
03965ecd32981377acab212b0dbee002d2775730ea497c057f802b74d6fb4905ad8dc61fb5d320d3154c08e505fb8e47d04c9de7dc99d5b5a3e32bc66b48dd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\54cd8359-2927-4e4f-8675-6d5e404a9d07.tmp

Filesize
2KB

MD5
8110a94befe5dcef8b9f8d5c552518e9

SHA1
0ba73c18aee28ed1143668c2db3201e61d98df02

SHA256
eefd07ff58879ff6ff13b967c5ce8e2534f087e4a68929d5000f829a6e7174c3

SHA512
1485dbbba16ccd8b323b29d41335c57e4bb1b17046c2dfde435d406a5a15c9bb0fa06c465822644ac4b0b5295f1859a935fa3677cf082d47af567e7b0ac5e492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
27KB

MD5
b056101af7326fb6de6481c0fa09edf4

SHA1
3c885480dc721fc449d9cdbd3b8e1e9ff83f8dcc

SHA256
934789a3811f46c48337fff5e553fc081c030eef088a6807f5aa2f72655d55a9

SHA512
e177b23d27dd42655f775bd9a15215e8dc5656964f3199dc8fcb77fccd0904ee85a481676d6a6d3698d1fd8d227ce1ea7216dc6709329c750fdb47b3a22170c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
78KB

MD5
fe51ab178d3987f7ad219f0e83e87cc2

SHA1
4b24ff49fe603b5ec0251b935d2d52ebd7a15a49

SHA256
bf61b9845ca19fbd225f8dd2eb0381f7bab7f6dd8301dd9ec095b0ca07f98f0b

SHA512
26e247737998cb35c6e8a0a49f5ea468abfc22dcd239cc7855f29db65617853da4a48633f5ec392e1bc6dcb9f5988161f9c427ebb422303a224551672f78d074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
18KB

MD5
199abdf70b59e843ea970be05d7210b6

SHA1
b385b751215c845a16bc73a4f58d7616bbcd81d3

SHA256
8c1940e92c3e9981680f4ff046d52ff4653c2c8ec43874618dccab9434af2718

SHA512
f467797f6c846f837c0cc7226a858008854d519e3823f9994b600794c34bbc084355c9c17879d46b0657983ec27cf5c7179579b5540be53aaa666b8d40348835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
1024KB

MD5
a496cd50065163949cd077115d36abab

SHA1
af499e5df58ba2d87dc3f71b40c6ed41479c8005

SHA256
c98ba510149921f2f5d9c58a276fe8996837e0dc6ee4dcc6dc71d2eb6e606d79

SHA512
709370835b8a55ac5752ea4ad0cbdc34b795b5615f6bed9dba5ec7fd82234cd1748debc07027ccc4d6102620e41f67306642aba08d45687f77d31dd46e0e5912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cda96386e37a6bfb4eeeaa2b7ecac381

SHA1
0bb51db44b035e672686205b5c72b2109c2f5e0c

SHA256
e53692d5443ba1142224de9cb2822d6114f0eb979a50253dc3d25dcc0ad8cb12

SHA512
0db6d2121810c578dcb20529a59f5a31a7491c8df646d27b6b4574c9c4e937d3dbdbcf5f536e58461bfc72dfd6a9307fe1a644d96fc387b91df03c711b22c6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
366fa81b5e8b9bb2d2c38f7cc140fe5e

SHA1
3443154c7369fdbd0e4984cf33e191bd180e4e5d

SHA256
acb259eed2afa42a03f8be332d7a0e2ea5cee2bc948da748a5b59d08123b5a34

SHA512
bdca93a3fdbb38fd3dd6b8071f335aa53294a71349797002c0e222a7d882c79c43151efb5bcfc683fb605fccf69f91b16e001d5289cfa2d16665c89a711a59ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c11c311506b1573281b3e97398b51e8c

SHA1
7ee66ce2577115a64bfbc15112aedf602146c77b

SHA256
0032360b70bd2de9219c28005ccfee32fc0526bc78e848083335cf5b47debadd

SHA512
c280a9eb0102d0647e830718b626feca73dc40f5983da6265745cd2ab3e10bec18bbab2941269bcef654d9e5083e26ab62467e328b4cfd21eb70eb537e033ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8aa5b27b7866918be3f2d366770caef3

SHA1
3d2215d67efedc6c5fad13c105ea35bd6e024ef2

SHA256
203f5fa2c82be9a8a6f27a016817742ecb6cfa826c6e9e2b38e28cba5cbd42bb

SHA512
ef1eedf0e601f4a93df0c9e745fa4e201cec4762b327426921d76aaea396ed58b30ca3285299f2d93de49b34a309b665e8faa39afdfa748136c36e1fe39c46dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
84306f642e89f96b16e73252eca78bf6

SHA1
5874e386431e53bfc3cf371379d0eebfbad722bc

SHA256
cf70b7bffff87e2485dcfdc63ae62680e2d83ce45b9f7106b87d6f6da006019e

SHA512
a5898b6188dcd2437ee4fbf70d669ed3a297f2cff7563a61ffc690e1b2274954a43db9d88a345a235f752291acdb3fe58847f7c8677582406636b36782929cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
545048f8fe963101c80c1bfc0966cd4e

SHA1
d362d6618103b8a7bb70c3411dfd401538b49c41

SHA256
809abe69e5bdb3aed1c3012e9c1d773a243f9e9e3e30c31b18e2ba7db633ddae

SHA512
0ab781ab9f59e4fac80598e993ddc70f31f4ef52e75803119c1d987ae2d25e1115bfd393677835c69d20a9d89091fb83259e0a50f4f787907c26f517c41c3608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
42ecd1cf1addd2ca26e80b9a5199d923

SHA1
19f39e6bc153b19147315c22e2c3fa2ccf876f72

SHA256
9005fd16330f9789b626b40b232cad91888c0a69efbea4c80ae8133dabeb7c0b

SHA512
7c4889abe5cef242501b4072daa06c422c9918795edc95ddb67927a1f3b44c772f6a6473ad4bd1be83bd1c0c61eda423d722ac3f8db571116aa4b13e5a90c70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
32c99ae69ea0ceabd65a94b2a28d606a

SHA1
23b1b6a30b325535dee3859f0f017063c0dc09f3

SHA256
96b574a5053ccd29e41450e2e1e2f64f31cde35f2c267ab06c361de2423404d1

SHA512
f69e54bafa51ad43b5201b14f99aac722bcf318592ec9c49e356f60077754e8bd0373500e7a11c92d893e130196842a95c389c0e7182349517313a7fa7af4349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f58abb3dd778875e28f8d91209e3a8ea

SHA1
06eaf0bd3ba49d44b6e1ad2745621df82b07aa77

SHA256
d537f7cf8d0e9826f50e68b86e3aa4f2bb6cc29da5e496bededbb4cf5e189060

SHA512
608fd7ab51b8e9463cb5a8efb53ac84e2e61db286332d280e130836f02532f0d6ed189e3f3c96de44b45c1206fe7024b9a606d7db6ee1841cc14ebc77ea7db74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b108be9632599e2b9cfb5e00e131a40

SHA1
11058772f754fc34227d36d9eb0e803db945c793

SHA256
c4da10fc3d844a8ea1a0caf86a916c2251efd8435cf68c4e0fa6d836b914ea72

SHA512
9ac27e6ad05d46bc7be39ffcef8ddd3fc15666b6501caad2e7078a8c409deadece4a97f3fc2449da063f8ccf8bc372d766ab213ea18cc70970dc8b4d0e1ad085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9a24df2d600ae543a8e68950ecda2c35

SHA1
39ad0af7bee3081700c4f4bd85a765de40de8209

SHA256
20638d92b591908571f0b1f29daf23de0c337c8947bcefe55a213847dfa427e3

SHA512
9364beedf13905190031b25044c16f66b2c3d8aae3d779a97ef373a1b30b1dff46f10f4550357863cf12813052a3f532e8908d4d77991a6aeb362947563b46ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e8a55ffb47dad969e3fe47b629140c89

SHA1
4fe076f647f910cd702b6ca87a21cd5f01f68d37

SHA256
297496ca994e4a5bd36366616d9cfec860a334f7bef18aab9a194e12e5cccbe8

SHA512
2b8e47d01417d830697b56cbb6b7d40474349925d9657424060fa9b9a3c0f63f6272472c7baff3bcb4180c470162041ec2d1e225dda37608e81ad74e7b3630fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9f9f6aa7d14d881ecdf6115f45933795

SHA1
49c6f6d5189066cfa5f57dc613cfd380f53c27a8

SHA256
4b701bc8a61357eefefe9f7e7b0423fedc566dfebbbca35da18e27315b1a4502

SHA512
2242a89b171dedb6228b8d927c5859813b48aebd4deea4cc44e40aab12906a95a2c0d454a665c15a7887a7aabdcbd1bfc085cc3eab03a6bf963f737413b841ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d29523d04253e854fd9583549342fe9a

SHA1
1ff5edfb73ac3deb78ccd1e6b7eecfcf76efefb1

SHA256
5737188cadd27706508ae714787303c688c2f4d11ff4574a58808b1898c63dbf

SHA512
8b1552604ef85c70a2af05569324024841ec123e41f6920f9044299a676120d07fd9452d768a86e0780cd948f3c725a1990cdaa1386098eb33dd1f8bb705ccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e69a9970fc9ced73d42fcf5aae544b6

SHA1
6b857c56a6b0a2bb85883522c1655b9e45989301

SHA256
375a87b3e7cb90fa6168f10d6b99f673fa6ed587b862c20db7b22d81022f5587

SHA512
069737536c94d1e2ef397d452797385280f9eb722e0b03e0960dfbc0066816ce84287893026bcc7a8db512b2fd01d3b16013d703e82f61acd6c31729895570e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f2ca83c05b8d54dda4c392890b681018

SHA1
6417014bfa3acbc9d98448497482d9088bd74853

SHA256
9088632adfa09b9d047a37bf54fa71803b97aaf2bf3a81b7e56c1c2b5921e16b

SHA512
5ceb5ad62a9b566c7ca85aad8dcc0b3cd068427615b1b370273fb92fcfc821656e0c78e1cfe06fc87fbdd844117cb6e204041099409162e2117713e08eb98c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4fb6aaadb59f3e9e907eeeca6907a3f7

SHA1
314b329e11a55586506079d82f868ae017595101

SHA256
012270dedf2a3e56bce8aa58470e207c93c0e5e8857f5205ad75074a751c6c97

SHA512
b200cc3d009e8261be953a59b482de1155bc7707056fff01a44fd1a9c487c8e4138b347028e9b463320263f7a5ec12dc6341426ff6bbe0470524c1c2d94d953b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2c483aad21d5418b025b294957aa1e38

SHA1
049fbdb8cccea9b5f3c500f71a838fab9d837579

SHA256
13de0ccd013273a8f54e08f905965e9ab0ef4261d8528e6068c6c2ad048be874

SHA512
3090470d8529e9c0c8c50b696b42c9449a0a24c93f78701a935505e004cb27f0563924a7f74d19bde41b714a9021bb1d31fe8d120c1a994ac96c156d93340f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4147b5e34a628de59891618a76f9f4b0

SHA1
928be1d4d6b5e573f2f97f45383bc2e6d233f59a

SHA256
94052c3b6a710d1a82a65138705f2d016a31d35bb958c434238d215a41e164f5

SHA512
5575aa54e4567f4b97b96525a828b55e62f3c70e6652b34a510be23a85a793126120c60cb8fcf456a6120a945951d8c65b7e12b8da81859abb117dba18bc63e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a78353cd69c55fefc08b92cf2bc80fe

SHA1
a4fcf212052ea4b81c18663f2c7cb0474c6827aa

SHA256
428dd05c6aee2caaa7f5c9e699a3e3a7dbe8b0f3e5bd5857fd9117d7aec50d02

SHA512
5af8623a986b10954af4a7db7c97294dfadad71c4dfe205994e252b627fed227bd61ded46abb90bdc7c73f8fd2e47b2d9ef1f217d347e7f7f634ef3ef53bcbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bcd5412426d67fb4b41448cf1e0feeab

SHA1
47ea9aadfcc0e14bd463196112e5f69f6bd52ca9

SHA256
b162788f28a2ec18b5d91897ec067cc61239775d3e434989383bcd457e214a6a

SHA512
9ab318ccbff9a7b4ae91ed7d23fc36a3a90930654e78c4914de3a3dc70c16e0cb3e808a5570e22a1b93468bd8417eeb765bace800269d354cbb3f581a5ceb229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d49272f132f739f7aed81dddc6993200

SHA1
87c42ef0252a6fde3960371a7137db6ed62e1cf6

SHA256
3a90d767d5abbebd13838d496500035bbffa818aa77d33b876a76dc0879f4800

SHA512
ae0c2994fd75fdf9fab752434b65d43c1e875ac25b763922e4e04ee245de41334ce4d4eb06098c354e03c0554fdf732cc3e30e504adbfc86e7cc9e8fab03f874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e17a9ae25d6217f0d591924a466baf2

SHA1
39e0fd820bb0cf88b58abd3741b8c492affcdab8

SHA256
d3763db46df094dbaecde3eefd048b7389eb199e690ba8ea4a62bf2bdf6a321b

SHA512
d8a6e73120fab4cc2e5373e7b78c782845d25d1a5d781ef6f680fa1569f43bffa0906378959ba8d8e6b54d1991d6504425280c3d99c978d808c7c62ee2d7c39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b8e7904e275a47b69dbff298675b54c

SHA1
3ff0d46061acc61c793f73f7d81460eb59418f65

SHA256
dc4771d519bcd358052f0950d8639520f823d92458ae31c148e281662955186a

SHA512
a65012beea55e34269a3ceec6db799b41b86edfac68ad01b2e277e4483c4f3a74d2d12295190e3cae2aff6a353783d77cb9573aac449b275c8d0ae2454b534ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f2470bf8a611671e11fd36a091bcf2d

SHA1
7a60ead5d2188978d33d7abd605b0ae58d4477ff

SHA256
4d685910b160ebd2d9b13ec382eed8ddf505d6ba26129cd2449a987e4c615dc6

SHA512
bee195501f5f67b958946f2b734c44d2cbac89292e3e3fe97e6adcb9c0fbbf84a2d3a155e875f919129d31aac9a5dbcdccc60f4573885cbf87292689b3e98618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4c8fc04ba3a57cf47dad69ea278718d8

SHA1
e5238cc32f5b458a187198d572850d940e09222e

SHA256
a26ca4492041b3a86ce9c7beb7905f9618d16007429e542ad32c2975056477b5

SHA512
5e113db8f232dad9a338d2953f3aec734022325a22f91c937d6d9d33e96defdff48bc2fceb897f6d222ac6688fb524a00e2671eca4d2e97bd6308a454051a5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d513.TMP

Filesize
538B

MD5
9d7e9a9c73c56b0939f3a6c98a3fb27c

SHA1
1c8d4e6a860001c60a9807da9eaabb9e3933e72f

SHA256
59d3edd935aa027b0ac63d506068c53916708e58df5b8314dd2c387833216241

SHA512
017ad3359481b61850177112d1a3078de5ed99c12ee995da1ab09571bdcde4031f7717c2ac018d860313c00adc44f53387aa8888bee7a2f07c1b23db3a1cd530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d4e4afc1e05ede1ed4978e083c205f3

SHA1
b7df27a6585ffb2ba93a3ba70d85df159ab7798c

SHA256
ac7ca1896964ec5cb787d68889bf168c551c0bf1371ff7e0cff542cd4ec031fe

SHA512
0eb940c5f101d7bc85d4d25a725a8e3c1cce53e7122b3adf95f2aa23ac762411d1272214cecb50f5ea3bf31f99390ab99acf6768bb8d0d17a40abb01e5ed9cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0c9615032964ea23a57b0a3a4851bf5

SHA1
a2769d56f6d984274355c7c2006dab0432b9ae35

SHA256
6f0645d80eba7a2a2a901b54b824befb3784da5a690a999c64c2a005f29ef611

SHA512
3cd669b46b6df1dec32fc29c85327bdece492670f9d7a5d115432f8fdc57231602f4b3946721dc0fad8a240c4a28dd6ebf75dce0bd5c44baf429f5a5152630bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
42a11816f88cf059203f02e8e59a7578

SHA1
ddcb1cfea3c7a5988b8b770fa6f0723205037d32

SHA256
b05c9c03eec6d5abd65f9d0de5cceff202b2aa89f8f173979ebfabde33ed25cf

SHA512
c7dbfd19bb2fc1bbe7170c990a68ab0c806d5d217ccb6a10b804b93ea368339486b2f5adfd82cfc33a6112dd04e1e0b7834ae3b61d3169656869c4d1a9c39952

Download Submit
C:\Users\Admin\AppData\Local\Temp\887B.tmp\887C.tmp\887D.vbs

Filesize
772B

MD5
b8a89d72ac871dfeb4808d11b4ed31ec

SHA1
99f4dc243dd72058ac7d1a3776db3e473bdaa6dc

SHA256
d980da1db173e1ad329e5667418b4689a159f0b853e7340c0267daa23e727f8d

SHA512
06c94fcec17434ba5137fa35e4e5d266c383d2dc75477320dce53cb1ad2ca857358fb52f927229871e722f03a1c6e3b09fb9fe2aea29f597f2871da0a9ccbe59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d6b141c95de48403cd81faf91c2a89eb

SHA1
f2be0767bdec875ba06f3f3705c31542ed7c6677

SHA256
05b4b2da5538fb7b1dc8224eb6f431ce03bcb8d6ce64fcf4c3c2b99c5ad861bb

SHA512
c8e05066aeb4005634f6d9abbfd10536cc49c44255c60be9513a075f2b0427e6536b22b228cd4ed582e87d2cb31db9b53430d8280b1025778ddd28780d00d759

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
792cf0f26a482f3f6f0e8711f87ef37b

SHA1
f9d56a8be08cfb99f8c1b6f42511371cb55a323c

SHA256
fb337155b05fa57c23d939f0ac4fef1aae5723b34a03746d143756fdd0363dfb

SHA512
c004479eb4cf232e48ca055d04e1f7824fd517a7a0e84b3b3251afbae00d6392ced3ab148f449441c1d0c173e040f4441488dbfdb6d1169937ea2dc21b4f966b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
78e64cda434fcef3da361a69a667d701

SHA1
c0fd0fd4d6bd94e7d6722dc70faf3ff60fb9ceee

SHA256
7e7770562ab03b6544a7457581bcbef8f064e6e888db60f440676e01697c4dec

SHA512
5e07d1e16433fbc6716cf64761fa3f6219e5fc33b6c4d72651d7f64929ba37e2b1f433ca77398e56b38fc02cddc3da32eb6fcf94c12f27e9ac9ef717bb3c3850

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 544196.crdownload

Filesize
153KB

MD5
1c3c7b9290731772a77bac71041fb33e

SHA1
18bad5452686b17cb9d9ae3389e039e34027c34d

SHA256
a346cb8cf093eb3020f8e2ef6bb9056256d00922b6d50ec3f624f06ae0d0c30f

SHA512
b2885527a3a613b6d3000a95d18aaef6b48699f2472fc3bcad45a831af49a17da1981f48cee8d3652f534459bf09c185558f10b12a6f8fa23aad5a565b59e319

Download Submit