hxxps://drive[.]google[.]com/file/d/12DaNApeMZ_95JJOOl8budxWIGXRSv9gx/view?usp=sharing

Analysis

max time kernel
329s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2024 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/12DaNApeMZ_95JJOOl8budxWIGXRSv9gx/view?usp=sharing

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
5664	winrar-x64-701.exe
3460	winrar-x64-701.exe
1232	winrar-x64-701.exe
6420	winrar-x64-701 (1).exe
680	winrar-x64-701 (2).exe
6420	winrar-x64-701 (2).exe
3664	winrar-x64-701 (2).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
16	drive.google.com
17	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 60 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b98ea471d7e4da011c772a2ee4e4da0168175cbb11f0da0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{82E12CA2-4375-450E-A4B1-F7A3920ABC1E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 108109.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 216580.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 366925.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
2596	msedge.exe
2596	msedge.exe
1916	identity_helper.exe
1916	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5216	msedge.exe
5216	msedge.exe
5524	msedge.exe
5524	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
3896	msedge.exe
3896	msedge.exe
6604	msedge.exe
6604	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2376	OpenWith.exe
6604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1772	firefox.exe
Token: SeDebugPrivilege	1772	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
5664	winrar-x64-701.exe
5664	winrar-x64-701.exe
5664	winrar-x64-701.exe
3460	winrar-x64-701.exe
3460	winrar-x64-701.exe
3460	winrar-x64-701.exe
1232	winrar-x64-701.exe
1232	winrar-x64-701.exe
1232	winrar-x64-701.exe
5372	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
2376	OpenWith.exe
1772	firefox.exe
6420	winrar-x64-701 (1).exe
6420	winrar-x64-701 (1).exe
6420	winrar-x64-701 (1).exe
6604	msedge.exe
6604	msedge.exe
6604	msedge.exe
680	winrar-x64-701 (2).exe
680	winrar-x64-701 (2).exe
680	winrar-x64-701 (2).exe
6420	winrar-x64-701 (2).exe
3664	winrar-x64-701 (2).exe
6420	winrar-x64-701 (2).exe
6420	winrar-x64-701 (2).exe
3664	winrar-x64-701 (2).exe
3664	winrar-x64-701 (2).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 2840	2596	msedge.exe	84
PID 2596 wrote to memory of 2840	2596	msedge.exe	84
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 2556	2596	msedge.exe	85
PID 2596 wrote to memory of 5072	2596	msedge.exe	86
PID 2596 wrote to memory of 5072	2596	msedge.exe	86
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87
PID 2596 wrote to memory of 700	2596	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/12DaNApeMZ_95JJOOl8budxWIGXRSv9gx/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef2a46f8,0x7ff8ef2a4708,0x7ff8ef2a4718
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:6052
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5504
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:7072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896
- C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7612 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,13846983054971518783,4685087623277671140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Users\Admin\Downloads\winrar-x64-701 (2).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (2).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:680
- C:\Users\Admin\Downloads\winrar-x64-701 (2).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (2).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6420
- C:\Users\Admin\Downloads\winrar-x64-701 (2).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (2).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\09701dbfe2734518a23218b126783755 /t 5524 /p 3460
1⤵
PID:5368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2376
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\EngineControl Fortnite.rar"
  2⤵
  PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\EngineControl Fortnite.rar"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16436cf5-c1b2-403c-ae43-8b3dba29da5a} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" gpu
      4⤵
      PID:4348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ae74080-3f4f-4a4c-b6ea-94a228df11cf} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" socket
      4⤵
      Checks processor information in registry
      PID:1780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 3204 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e31b79f9-4229-48bf-a5cd-b8a7908927f6} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
      4⤵
      PID:3228
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2788 -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3596 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2496057c-53ad-4cd1-b008-3e15e6ef9dd6} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
      4⤵
      PID:3664
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5000 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4968 -prefMapHandle 4960 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {918ce9cf-c92a-4e58-b428-26fc69c61fe0} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" utility
      4⤵
      Checks processor information in registry
      PID:6536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 3628 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07648696-f8e8-459a-82e5-230d470e74b1} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
      4⤵
      PID:6868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5556 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc3f71b-da70-4f0b-a483-2e6f46effd1c} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
      4⤵
      PID:6880
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5540 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1048 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5e4444-5a63-41b2-b222-dd872f996a3c} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" tab
      4⤵
      PID:6892

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c8c52678f567480d8afa546b70f20ef8 /t 6416 /p 6420
1⤵
PID:4908

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b8a968dbc88549b28401aa8a0558c2d9 /t 5344 /p 680
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
207KB

MD5
6518cf68e3e64ce19c19cafeb22dc728

SHA1
63e6c84efc4e6e5ef31bee1b5321602d977d7470

SHA256
c6f6aee2cbe5e3d3073b9d8ab127015fcb2deef03ad14e2d859bece757afe27a

SHA512
748f20d7ad49a7d5bdf163b490b790cdd2e10fe34694e3bbd69966d4d7bfad02785344e3e39c044cdb4b7bf9004aeed3c59ee606addc841be93bee023fba0c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
17KB

MD5
6b6821b38fc137b67660154b487cae66

SHA1
056ca5f0ee5e10cd6c0998e2ff28b2c3283f3eb6

SHA256
625416a0d054f2d32ee2c4851db3df1fc763dbb80216eaad1dee592a21d90e69

SHA512
c2ad5ad247de4d7ce429eedeaeecaabb7446e3f491d352067530db550efcbe88b535c9e31a086050c9a71fa741ae3ae77262ab1353a44eb292bd41646c76517d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
18KB

MD5
582d44f1b82a704fbbf7d1b620ad52dd

SHA1
25f9297c9a074bae41451500d52dd11398c65b89

SHA256
32b48d22f9c895ef2faa37e3c92ac617e0de735d780c50df05ce7ce5225abc80

SHA512
396c63c73f9a6006626dcbe6711ed57f2cbe7aca7c0a81786e158ad88be55a9db12aaaa3420d907d8ba5bc6ccdc15fd242ee2b97d4c13ddab0e2293548bc46dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
3a0720939febb1e496ba5049eb2c58b1

SHA1
234aea1b6aee0471bb3ee8f01239fbac9015f8d8

SHA256
cb4b1f607cb7be1db80405893aa86acf1f18984f90b4b49a641a5ea475813f03

SHA512
1263cffa185178e7e0e6ac987efdce4bbd268fa6eb4bf5f6cc55da9ca8fd5474af3d616dd6651d20009119e3614c93ec17501cef0de66c506b05111a87bfe8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
a14b0f169f84b872a723f62e8b731d92

SHA1
7bafd273d694f26b47531a3d3288c40f9a81bd8f

SHA256
d70ede8a9a3e51b4582e0795ea87b22ce4bbd242c16a5b81afe0c95f0b375d84

SHA512
d09747951083711dd4d6841b25a08dc52f06b6c4090ac78b527e80f0732fe55e18f44669db54b3bad01c2b231c687f68bc622b537be5d75d8a4eaa7b8e7284b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
51fa107e333be67bb28c86ade0044ad2

SHA1
986f7b1683904738cba5f3c300d956bd5857eb14

SHA256
81b26017870d6255da12525212ddc72ae6cf0ac4907a2f73b852ac8a2cac997f

SHA512
ad2439556183b9abaeccabb97f189067e5585792697b000053ff4f32751ca176a426343d6cb6616d6e45027d0a4cbb1dca2523c6e03b750b137464b02c2c811e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
7KB

MD5
9be8244ac37b46296c3b0fb3cb3ed968

SHA1
cbdef35988371850128281f43a10084698bb96d7

SHA256
d771b32ac63b8c89a047e17745bbc4a13d10cb7f20d65d1fff171d415cd99a63

SHA512
0d66ca848aa89ad7d69f5ca7fa577badce4794c827cfd747bb723d02da5aa779e1ea89c0e3d27197e67f1659c8730d53fb8dc5858705dff80b19af8a8319df51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
db9ebcd55a102a68c8e4a7cd463aa8f4

SHA1
41809e884e9d6289777e061c3358f3b2413c87ed

SHA256
88b7c5933c30b9f2efc8e02ddabbf13f2f41755f5ddad158c68c1cb7ad3e5905

SHA512
127e3b76d173d409e5d5081eed3ffd43c0c51a9bd2748d3f44f6273839efadaaaa137bd40620e5d3acee1459fc24adad511da6e249f80fce2b3a5b11019cd5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
6KB

MD5
3ab8219ec372a48edab20fbd5ca6365d

SHA1
fe78c7c8ccd0794565aa5d5605452880f93c8a91

SHA256
16c2bc37138e43050dbcf88353d80b5533fc804c14d0921c66f63938d3c70058

SHA512
f8e0576473c5b81696a1fe528755340e2e7350d24e7f2b558b3f395a89b9ab3aa733592fabdd487cf9b4cb051c79b7e3c5a2ef93ed4697ac4f8f321142f60ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
758ba9fcec1b1c9b23bcf955b5fe5994

SHA1
df20c9aaa9e678ba7e9c2aba2ef1bded4df2ada5

SHA256
042512d9328b96dd2fa39e15418df389811efd01829c2e905e1edfa2679e8f58

SHA512
16c792b4af45823c9b1afc5f1c9703dcc031593ee9918182a3d744a8bea7877f26c04657ec68a7be942b2b726ae9f98ed5026ad7e377f353d46017f3b89156f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
05d602faef181ee710f7165d03d47b7a

SHA1
8d052866872bdb2c55b239873960e12054535bd1

SHA256
38f5ca52ca8c3d7f34f6c89b2ecf658e9fee67322b864ea6609a31c1f1fb3715

SHA512
e8b072024c64bc527b2f1e0a557eefeba9465cb580b311e3093a8a6985720bfaeff86cc8bcc4e5cf17eea52b149e1680f24a8a0ff54da0410035c57ab4715cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
6KB

MD5
f54ed3cc295b323eba717bfd1c634fb3

SHA1
e7996b6fb40648a4d808a9fd1d052045e0ad38bc

SHA256
dfe8d9c866296caa2e1833a9efd643aaac0e7e0c424241a462be81889f1f64d9

SHA512
467a8fc7f1f6b449ca1a9e34157b988171a2b95cd2d686cfc68d3ab1d848fd6dcd8c9f96341d21f5274c2abc29f48fc4a1df5c366cdfe58271310831625db961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
d6feb81fd484eb021631535804ff9c93

SHA1
cf36d2857b2c6f766e7d340695d5695e9d72cfdd

SHA256
15da015de44d693a831116075c1fc052754f2f9136dfbe229e3db34623465e65

SHA512
1bbb97809ed9e538a3d32d81c61eb69db108c4c99dd0d1854f1d218c3135b5d6235af7bd3374d93bcff706ab18d4082c43647e7e5ed64b06137a16333d5d7101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0

Filesize
1KB

MD5
b11bb1e1fed8d8463fc9955e800201e2

SHA1
5708d942de8e1071c09066db9265e71e851e9a15

SHA256
e3c8056ee5f5c5b6af303044afa1e0aadf83d905d7828200010c5b69d2dd95ac

SHA512
7726af21f076fd1c363722153d9a9409bfa8059ca80d6829861c06a2d46804e113df329d5397984589fe56b2c4996bcf9f1fa24adb12b13d4fb1a284cfbac741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
233d8d37bce4b5dfdcbf17d1501ca30f

SHA1
17bee56d541f775091b8fa95b75f35f43974dc70

SHA256
a52e9774409d423e3a510379831f39fd6bbb71a7a1f031e19704474f785bcf08

SHA512
8fc5ee962a704732f02429cdca14a6dc22a65720bb1582ed620e895f554705956a5754f6b9a88e187a453820bbfcc5fb3c14a10bbffcc95a7e87c309bd29a7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
673cb108f5222309ee6bea14f50f71ee

SHA1
19683a434eed1ea638ba07888ec8bc6bcb93623e

SHA256
1820e23278040d6d480830e1c1ba08e25a5a8363cec9a2efb11e68e8d82640b9

SHA512
cd5af6df644462b1da46a9c22545aa12ad129fc97c840e0d94354bf8c602a8475db5d64a6da387d8bddc3ce3c9d0d63334a42eb235f155c94b26817e823626a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1262bc9457d23fd4b9670c712ed9d754

SHA1
19fefb432d7cdca9642a18ad4ea2956b9bb46e36

SHA256
2e332c029b731e9767fd564a42f7c46ce7a3312db75976fdd0bc7a87378dba1d

SHA512
d14729863e6a70b418e0a496f4e2a791c39ad50578875a8b8a8f47b8ab2b70e0787fd9916c9bea828cf4a428ea75cabc2c2bc4cd36ab1b67804c9e22713fa57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b33a9b737e99dd4ccc11b1c0da390e79

SHA1
2b8c8bc2a159450635feaec6c2e4d68a54f7c6aa

SHA256
2332a16161ed47f6cbbca7a2a301a0f977bd11146a8bc7e9e0d0bc16592400a8

SHA512
a5a5d664cc0c70dd5cb0cc1d8613504a521736920158563c31b0007a09fc4fc67592a3afa28a21be57ff5bc87dd38b6d6e166a3fbe0dc9ac5600e5aa764ed248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
745b3dfb815018754b05506eab140341

SHA1
766114564803d5d29d2a69a81832e5129cee7429

SHA256
f60b75b5a0304f0a11ca2e284861f9974be369b0a3899959f29d468492965feb

SHA512
d3feeb3685d83d471504c44d7bd5f9e8683cf67dfc88004437e739ece82bd4faa69ef6538e6f6db50f6e36c03958835ccf2c22d76fbd1348f3776ed6d36f5c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
044334ade1f382999bc44f776fffc821

SHA1
136bb7d51ec549cee21568afb86bb1cca3a4f1ff

SHA256
4c4b3c8f41fd9e3daa1d37ea7ef8d059ad4c4a6df0c3be0226193303a5423b8f

SHA512
215b17c08d1c53d6f8e3fb27bcbc4efb89b89341a49fa634560fa7994f1b84623379965d1360e60f6df5122f3010fa9cf03013e539a2617e692c66fd266cf022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
60fed94a685b0fea421967672cde3a9a

SHA1
c417eb8455c7fce8372743a5618b30ecadee05ca

SHA256
d2405715e233995dda07f03186c90ced5c36f8a4bbfdb1f78fd0e1ff364a080b

SHA512
c8dbc0ce78a684e1f5918786d10fa4dd1ed18a8e1c33e92f1b1de1ba107ddefcb4d08190075bb6823fe40f6581616de960e80154fd6aed67b09e0be753b184e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
111ec194ad012a2b08711f7b8e8b1ed8

SHA1
11a1d60152ef3dbeeda86692f2d0b399a02a208c

SHA256
b419d817cbdfac5df359b9620676d53786d5e40832be16c1197560914e6c4237

SHA512
a3d9e5648e028c8968a3033aeaf20dc1f13d1f2a5cb41d4e8f9929dfc50d0e4c8623990131aa5767e34ab963cabbc61b5f4fc0db593025c13673c0813b647547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d1de2a36dfa7bb949ce1a07154c52b9b

SHA1
2b17b534f5b3c96a26ee43145e33d5e2a86d92ee

SHA256
c9a69a9bfd9d275adc88638b5cb07e92a21f2111cde7419c6367243974a7818d

SHA512
d0e4b8cde6696ed10073465f7ba12f9124ad9153372fdba0c1bf74c884d7b3cda51a1c2ed4afe0b80d2891403d03d4e93d39e0c5817555a4fcbdf160ea7234b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
41ecdfa2ac6bd985da4b7101ca1e6b97

SHA1
6672b9f8bba7ab2d31f0fb8226472ad29417c9f7

SHA256
533c6353649992695672740df0e5fadf640c618c77a12ba3c532b20e1675079f

SHA512
4d1976c6a18eaab342a9dc49c0460ebc2b80d4d39fe046977e18c658ec954e92ffa32b9556cac98d526de2bcd03f68bb850c9b15a9a03a452f87a593c6399b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
01d0a649c0dce87a073a87d3c414a478

SHA1
e10ff22112239babe84acdee43f346f1ff305a31

SHA256
04bc9b9820a577988d8758dc3ced499a04711b0e23b186544ee1d81294d873f7

SHA512
8911a47a0b03ba71e63c321ae95ca6cd6b3680f0cb4e1b4841c11c61d28ebe3cc01ea0cb0d5fa3a876268295844c14d0c628892ee8817ab671de466d3b15fc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddb589c5ffa6de0448aa3470d6786682

SHA1
ead69e521967c3ab35a69417fa3a2eb5973862c4

SHA256
18f489f23a5973590de8ccf31b710f18cef13987451fa0a4c5f2bf99eea92586

SHA512
abd5659a4d47556981576edd618179af310d4f7a5553314fb43421afab96367e2baaf12c8af8e84ac0adcf28e54772f4e8d5d1ddb20eba506bb7f90ace4162d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2711486f94d0ade4f2785e96a08b82b

SHA1
4dd941b6c927e66648fd8a326a4577fe998f8149

SHA256
d388a941db2c57f2f77482edb80a872f1e0c609088b351077831ecc7ab722f0b

SHA512
4d0ac74d60a88ce87c95b122c985b6ebc9e7667ad8aeec2870b1d9fbc0ad5cd7d49a1e45adcee73cccccfed7c18fcfdf6b5d80e18bdb3df9c9acf16ad2080b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0006b602d29db52f47d13b458295d55

SHA1
a74f68b4c26db35dcaedc083905fd87146bf0e28

SHA256
d6d674fffb83cfade63cb9034031c756aeeade76abcbb44370a46c7b6bec34f1

SHA512
aaf07bfa755c1c09cec1e7badddc60e77d140b239f54583614fe473011b88ab8d48e62380ed1a79a85c8d0abb3ad498e923f981ac757db98a8389701aa99019c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed48c04df7501cc0bc4a0dd90117327d

SHA1
5793d542ecd3d96ba1a724895398e254e3f564a6

SHA256
5829ddfea2091a70b801f6cc121034f52052793638aacc969aefbcf54140bc93

SHA512
31ff3de83e7106342cfa3db726166bd6003a911d52294bd081dcafa98b38ecd15b451e42c0b80cb4259f15a806dcbbea3fb3c13d424ea5218f7dabb6ad98dda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5e86d34a513eba43aeee65bad7efd2ed

SHA1
c8345087e3219726ad095be5f4b3d8b03d9a34a8

SHA256
e5c9967cc5b54a8b5705f092fdef2058d943449d954b1df2c8b894a868213832

SHA512
6189f38eeac545818e5b3ac7aaa33bb2d98229f1c25a5fd585c642d73f017fd724d4b94f502936342a59dddd6777cae7c4456a7d7f71d4f2beb33e6deda7c8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48c3d9777210f36e8a3aa8678093f500

SHA1
fe3483e66d16745354d178f0d2d1eb364ccb126e

SHA256
4e478255152064e00f5f9473e44e698b400472aa2320fd579e9e8e2df961b4c8

SHA512
82b7fb1067067835fda1b0b455b1914c85b16a4817566ec8567b8b79a3b68be334a08a97d9037c8556812ee15c39baec66db66460159200c8b8b4fb7abb839ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05e214a6a5f47a591e27c97e8ee2f01f

SHA1
9710b818491f40d2ad1c9f002eebb69bff8d1c21

SHA256
2114450d17772ca9c3c068c15141c9021f4f3d06cd64ead175edbe2893d9ac3e

SHA512
c9fd10c4441b95dc222e7e3651212b6bdf20ffe6235c9f53bd0ab89d9db4cc0e79e42a850ea3e26fedc03e58b76c3727e525ec69865ac2bf0269541457304ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
99bd977d698cd80f3915a935645ce9cb

SHA1
31259f45408dbd60d13b1e100fd9a794b96ec44f

SHA256
ef85b2d9b4f7c875533083c37bb8c87e339a766ab1239d7f245a1adf5772459f

SHA512
7f0941e7679c64add59104601a823978a877a7258ba07589fc83885b3cecb7c97a951352cfaaed7576dd3a74ea5d9cf69517bd2662101f2e39a23d05985419a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6fe90c7e7c2cdac7b941e093791be71a

SHA1
555596ff55333b9ddd980770dd13b1c78495eacd

SHA256
e3af330f47bcde84250530ec8fbf0f04af1a79cb682639dbf9dc46c990b75832

SHA512
986555565bf59fad9451d3a7f237aec7ba4a0cb6f94e0b1d1e2fa888d258b63d29f9f685ddbb51625062dd85f4a760cc189848f9a2ec74bc4062302bc475eb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ee901700174200468202c1265b19d791

SHA1
c4be41207acddb556c5454d80f59cf9a74540a11

SHA256
cd80ab42ae79676691437feece2a615dd1ef22d1ef21c8aec4d6f47e5d081268

SHA512
cae7632cd6de0933814a4d6eaf855b75467a674e43597941d8eb42e766ab0f39f1f05f2d46d6626f0037a37dd6b25e1b54e658055b0ad043c3baf1ec31810116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad2c2.TMP

Filesize
48B

MD5
ff2451b3d2bb4952cdab73dea6dec2db

SHA1
f537cb39d00094e7bedc7dff7cba0067a5fc93ee

SHA256
662b21f4ed273474eda2a3f81556c0a5caaca4139b56b18959178fef92d0749c

SHA512
6352594e30f086085f5f4dc3a2470c74ff9c1cd41df166a852a3aaa8ae0a59813fce10f66941075e50d1f7c10566d51b5249f078b3a4e8f278fda75112951796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b094a1f880fcfdc4e00cabdb09100c9

SHA1
c0d5d1252c48c7c3be65118db18c8bd4e7fb51e4

SHA256
3cb710ff1898da7efa540dd6ef9a2833b4f0bdb16e3f69d067271a245ff90b55

SHA512
bfef688a654c6a83aab19d00d2c9bc7ec0642be93f15e8ed5551eb9a7c4b475f78cda03f94da4463119e83c15775b3277728630f9f64f7abfd57afbac6fc01a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
70f383eafcebe519bc90327bb39125eb

SHA1
3ac31cd863713bfc7fc69f40b73326acb22b0b04

SHA256
062b76df845af1cb0f58af7a5bad4f3697a996f27e0bf0a9d5d202004c2a32ac

SHA512
dcd7f77d79d3382cb11ccd3f3b7b27e80c833f9ec3252269b002c2c40c297570584c94b4f86719991ad6a44c7681ca70f3cbaa2dc32fe60dbfc40c9ccdd7d85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee6acf3f28ac03238c7fdf24270a3c29

SHA1
e4d2b4e9486ad049e22678f43e92d8165863c407

SHA256
57353e29185ce7a53c69c73cba563e9bb084dc8b0549ca884f4a596d7eebe706

SHA512
4b0f29531dec37a51b96c26a8687125639c32dc223896420d3dd8e5ba8c5acb2540de19be959a6a3c2fa48d69c58519a4e653975e5d4273cc58fb9125ff5c25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4cf1e97a021eb90377acff0bd81ebeb7

SHA1
42dbbf1dfb00e7a073453854ddd63f13fd26da4d

SHA256
0ace14ceafad64973ac4e1971ecaa0a76df844051f265d065e60cdded3696266

SHA512
911177c7120984c01af5889f82972eda61d1b2468c3c6e76c174c744cb1e7c232df37f61b84229490ed696a19b275cdc71980054bf55a01d4c6fa472026283bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df9bb00c58b39a62413519a0ad071e2f

SHA1
175426e8f0b21fcab7619fde0b602f109fa19f88

SHA256
aeba86965930302f643f2afdfa829fd6f888217b8bc03c09fbffeb2c8ad41c04

SHA512
04b3335db60dcfc5df97e7bc838eff09e0c53865dd5489d705ec30f89ac8d82af81e6e27dc8f5434c49dd1503a6eb343284ec23bcdec956c3d97dc8a3f011bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32025d1244b6609b0cb2c7b6926f2abc

SHA1
4d7a510df646288d39229698bdcef7ad6526eac3

SHA256
1787729d5321a6947a035510a6342253bd40232b8a5bf47e4432e8eca5091a4e

SHA512
99753ec124ee7dda1200a7aa6abb3a5aa6c907c45009c5d2d21752a8dd129268b1227f79e18f8153a34b6beb4ed778b6b58e638b3645948c5b022949e28eea3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580162.TMP

Filesize
1KB

MD5
38de664be6df5f68e1fd3e2cbde8ce7a

SHA1
67c600b101051fe9391355715ad6c9d3c75d0ff9

SHA256
e9bd4268568ab25d3ee3130ea0e676b1599f067d49b29ed0923dd4eae7be0738

SHA512
b930563d59869f958e19d44cb70d1eef5e23f2540dec179a6275b7d372002a35b2f4f28cbfbcb8956ac66eba8a34a53a1201c945ca271ae4278427dc0f6954e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ae00b7115b98d4327aac4b9a84f4af3

SHA1
1a25846fdd3414a35c05ffeb357bd968898de159

SHA256
e3cea5e01da680bd041490e294eed1c4632ffcd3b43dd9108b4c4580ef336264

SHA512
bebf75bdd7e3c29dad18a4884629fe85525ee3606147eca72d47299fa8b7c40ae03850f4d219a27590bb372fb4eece43663d15c438322d250c1d274c05353efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff33f4e49f787e5974096b49054b698a

SHA1
6bf212267a3d9da2eaa9a5635f6940b8d203a160

SHA256
162945ee53eac94e84ed7cc1369c60e3365b6b4231348faf238319469e1121da

SHA512
39c3a65e0c448d7b9d85cc17427affcfb320a85186a613b1e15396651e98e424fc54560e6f905600435231a9f33acaa0885ec3e2a893605c0c0d6409100bd83a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b6184459c020fdd493eb1721c329931

SHA1
40001e3f3d07c420ab8cdcbe8041070ab5ac982b

SHA256
63f63db70766515805b1d1ce152921477e78fec6cdc3ee6541d0c419e08ffb83

SHA512
9ed521a929b052eb4953f47cdc7decb02e2ba11435141092c85ddb6ba9c4d91d9e185c161795c762dd2d7784c48315d103eed8edc98adf57539dfb7aa7a9de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7e9d3e4b4c225a1dc1b07682e19bed55

SHA1
1d6cb187c26e404e0ca247ce2a1feb57776f1eb4

SHA256
56a3a9f47b21b6ede3554734166fc61bc7fa1f4a27b3f923449185c0e5f61ae9

SHA512
d55ee465636e0bf098fa08a8cfb0c9ada5d721b75bacc1083806d04ce094dae343585608b88614715e87bb56c3715c5622e181f725cde8ba7d82e30ff7883204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e7a3b0489206b8b256dd914159cabeb

SHA1
89977d27a7a97dd0b57b7db063a655963922566f

SHA256
35322a4753c40901023842de877e9239b42afa7f928a959e37a06dec0886ccbd

SHA512
e2caf7b909a6dd93fbb9f990e883a67a66e13e75b07515e89c8f1081f57d487d6cd8819158243f9fb72bd47a053cda9c1ffc062168878fc5d949462af688db2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fb4b728264d27b8048eaea3ca0b9b126

SHA1
5176d534bf38dbe1c0c27c80e4b34b2883566b5c

SHA256
99b15974f55f68b9c0deb300c391b5ba6567f04abad66d01f05b8da5e9f1c54a

SHA512
d45c0b19e219853159559b044243bd958e5b222380ae192e4b8bf36248b78bcfc9f3a37c404b8a9d8bef7877958a16a9afcef4e589858308374a6da419732087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92c87da4a35e3eb66c4540e2322410e7

SHA1
b827e9c9b557710fd6b5ca3e7175ec4cc06aaaa7

SHA256
0c40dc8b3e99b4a438db0afe65bed0f4a73f374bf882e3f3d5a428feaeb19681

SHA512
c26ecd975aac721d6ae0977805e63f90cea939c43d08112608cb05c56a882e937a783b302cec17fe66d40e297569d1dd3db5337632a787f488cdb2b60ef2a07f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
30d53ff6d43e86ef4cf2a9008e64066e

SHA1
f4b52a85375fe9ae382f935abf8bff10a5d0f5b8

SHA256
2d4eaef292d9bbbd96fe5b2825e7249221e29d61b6cc226176c9977680e5b879

SHA512
d04787c788a4ae9d07bb3a6276f4c1dead4b2fd4acacf5e90d13fd5bfb244624e5402d2dcc2873752b353eef1c711a4773e9da676eafa51fc188b860246d0df2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
963180ccd711631b923ad9b9af5b1197

SHA1
db7646f3847a9e7dc618f91ce00a5b144c07a259

SHA256
9baa18f7b230b8967965be8075bb46d1c9c79eb2f935a4be59c07fd72634d8cf

SHA512
2bc2be0934468d3a65e84332e4d1be16ac88ec0f836add7f60acef14af2876d0ca10d5523eb4c99192423a56122b567362c8ff3e920df6f3a76ddd4145895a4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\3e344bb0-4f76-4bbc-b9ba-fa9b4f612992

Filesize
982B

MD5
0d82a571d01815fcb3d40e2762efe2d7

SHA1
d421625687c1a3714a5ef612c75ab34b7d8e94a6

SHA256
f4079a6a7339eae47ab005c58c44846890692106eb09d0b4f97b0943364d3c90

SHA512
b31b803e2b4f548b59984c2baaea1e153384bb615bf445cf54d597e887736fc62b2c6da3bb6f6b576b9830fe554fdfe3494c429f66b137a38579aab7a6573566

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\ce26e33e-0dd8-41d5-a669-8989786db028

Filesize
671B

MD5
14e5b5d67ff4b80bfd46ad6d841d5bca

SHA1
5a7304a23d1b541149798e8702849ad425955dfe

SHA256
c02df577dd262c4c8449cfee1a52d13effdab36ef528da8bc339a2a57cabe072

SHA512
7ffe5f161008e8c2082787616d8f895780cdbc6b6e6cc677f09976b35f4d88cb7275fbdc21d89261c9dc4a063bb7b7b1196511497f4d4968cc1739dacac9d91b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\d025957c-8749-4434-b914-97d1cebce4aa

Filesize
27KB

MD5
c3457d15c6069d8d646d7053171effc8

SHA1
ffcb268622f3b2ec8660d4f1ebac0bd86f05b555

SHA256
50c730d59c70026def1a24cfec14d7972a4375af85d645f83dc481c95e809a80

SHA512
48a3c32569270377ad7588e9eff5029f72572b6c1b59f7142f24f5b8e5c5ffcbc54d2961d3965ee3e636b073f45b8e995f17bb4fa29ab5884dc74bfc84a01621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
6dd62f79fb0cbd0793df826e587044e2

SHA1
af5084bc7ce6a34c635465b3e40daa5aa85dc74b

SHA256
8d1038c09aa2d2fb3af9b496ecdb41212e97fc0b6603ec07d82ad2fad8594edb

SHA512
a5ee1eda82e3ca13f3e2673d1c158ed4f364073d3edc89aca1ec9972dc8c3eced5fe574f26bda739b36132ae5b275b50d4accc2bd6714571ebe66782bd0c1405

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
8f3ae7f936ed39b3d0528bb499408bd7

SHA1
90bb0ecce486c87534b133a6ddbd13ea0b94742c

SHA256
7d032ac4fed462f4efd1e705775a922c35d07307c43dc5fb1b254b8f677a150c

SHA512
c1fc704278f8e08fcf9df55b16b97f84159edd1dddfa063e2d009b89810916fb1eb1c598296e09f3d9e02a095758a04802b941036d6c520657ce932011ea1951

Download Submit
C:\Users\Admin\Downloads\EngineControl Fortnite.rar

Filesize
526B

MD5
5f8c53b5e3982d86e6351edd3aa94713

SHA1
a5a2412a11d28db24657546d5b5be16293b65ddb

SHA256
6f60c07376d80250b6813f33398960dde053ec7fe9ffbcf139669b8b51ee432a

SHA512
f060cb89545ae49a0965f3293f8ed3ca467714273d08fe1af55fa8c394d842807d175346a13f28c35802b5671b04041abcecd25c74fdc6508ddfe5182d2902df

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 108109.crdownload

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701 (1).exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit