Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/D...

windows7-x64

3

https://github.com/D...

windows10-2004-x64

3

https://github.com/D...

windows10-ltsc 2021-x64

https://github.com/D...

windows11-21h2-x64

Resubmissions

10-11-2024 10:05

241110-l4p4davelh 8

10-11-2024 10:02

241110-l29p1avblm 8

09-11-2024 17:59

241109-wk7jesyhpe 8

09-11-2024 17:59

241109-wkxn8azalm 1

09-11-2024 17:25

241109-vzld3a1phm 10

09-11-2024 16:09

241109-tlvj5szqer 8

09-11-2024 15:54

241109-tcj22sxeja 10

09-11-2024 13:49

241109-q4qgcsvkew 8

09-11-2024 13:26

241109-qp2abatraz 10

Analysis

  • max time kernel
    367s
  • max time network
    373s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-11-2024 17:59

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe

Score
8/10
bootkitdefense_evasiondiscoverypersistenceupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 15 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 35 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa74d03cb8,0x7ffa74d03cc8,0x7ffa74d03cd8
      2⤵
        PID:4376
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:2668
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1272
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
          2⤵
            PID:4396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:2532
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
              2⤵
                PID:2740
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                2⤵
                  PID:564
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                  2⤵
                    PID:4656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1704
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                    2⤵
                      PID:2464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                      2⤵
                        PID:728
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3956
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                        2⤵
                          PID:1012
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 /prefetch:8
                          2⤵
                            PID:3672
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
                            2⤵
                              PID:4116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                              2⤵
                                PID:4732
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                2⤵
                                  PID:4884
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4940 /prefetch:8
                                  2⤵
                                    PID:5064
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
                                    2⤵
                                      PID:3900
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 /prefetch:8
                                      2⤵
                                        PID:4872
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                                        2⤵
                                          PID:768
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1124 /prefetch:8
                                          2⤵
                                            PID:4840
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
                                            2⤵
                                              PID:2868
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6176 /prefetch:8
                                              2⤵
                                                PID:4864
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                                2⤵
                                                  PID:980
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
                                                  2⤵
                                                    PID:1376
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                                    2⤵
                                                      PID:4028
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6880 /prefetch:8
                                                      2⤵
                                                        PID:3668
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                                                        2⤵
                                                          PID:872
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                                          2⤵
                                                            PID:4496
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                                            2⤵
                                                              PID:2788
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8
                                                              2⤵
                                                                PID:1044
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5580 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1432
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1152 /prefetch:1
                                                                2⤵
                                                                  PID:4664
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                                                  2⤵
                                                                    PID:3132
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
                                                                    2⤵
                                                                    • NTFS ADS
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4488
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                                                                    2⤵
                                                                      PID:4324
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
                                                                      2⤵
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:4504
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
                                                                      2⤵
                                                                        PID:1836
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
                                                                        2⤵
                                                                        • NTFS ADS
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:2816
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
                                                                        2⤵
                                                                          PID:1412
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1152 /prefetch:8
                                                                          2⤵
                                                                            PID:1228
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                                                                            2⤵
                                                                              PID:4328
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5744 /prefetch:8
                                                                              2⤵
                                                                                PID:3372
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
                                                                                2⤵
                                                                                  PID:3768
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4560 /prefetch:8
                                                                                  2⤵
                                                                                    PID:3128
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                                                                                    2⤵
                                                                                      PID:1668
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 /prefetch:8
                                                                                      2⤵
                                                                                        PID:3528
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
                                                                                        2⤵
                                                                                          PID:3668
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6744 /prefetch:8
                                                                                          2⤵
                                                                                            PID:3264
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
                                                                                            2⤵
                                                                                              PID:1596
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5056
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=216 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:644
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:1012
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
                                                                                                    2⤵
                                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                    • NTFS ADS
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:1808
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
                                                                                                    2⤵
                                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                    • NTFS ADS
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:560
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:3128
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:384
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:1504
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4072
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:412
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:1924
                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\WindowsXPHorrorEdition.txt
                                                                                                      2⤵
                                                                                                      • Opens file in notepad (likely ransom note)
                                                                                                      PID:4224
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8
                                                                                                      2⤵
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4380
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:896
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4084
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:1644
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4228
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:2020
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:3748
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
                                                                                                      2⤵
                                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                      • NTFS ADS
                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                      PID:4620
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6248 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:4932
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3263398833087167297,549352389041117994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
                                                                                                        2⤵
                                                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                        • NTFS ADS
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:3612
                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                      1⤵
                                                                                                        PID:4052
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:2312
                                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                          1⤵
                                                                                                            PID:1636
                                                                                                          • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                            "C:\Users\Admin\Desktop\MEMZ.exe"
                                                                                                            1⤵
                                                                                                            • Executes dropped EXE
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:3364
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:2656
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:2992
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:1580
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:4628
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:2556
                                                                                                            • C:\Users\Admin\Desktop\MEMZ.exe
                                                                                                              "C:\Users\Admin\Desktop\MEMZ.exe" /main
                                                                                                              2⤵
                                                                                                              • Executes dropped EXE
                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:2140
                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                "C:\Windows\System32\notepad.exe" \note.txt
                                                                                                                3⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:1052

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            e1544690d41d950f9c1358068301cfb5

                                                                                                            SHA1

                                                                                                            ae3ff81363fcbe33c419e49cabef61fb6837bffa

                                                                                                            SHA256

                                                                                                            53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

                                                                                                            SHA512

                                                                                                            1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            9314124f4f0ad9f845a0d7906fd8dfd8

                                                                                                            SHA1

                                                                                                            0d4f67fb1a11453551514f230941bdd7ef95693c

                                                                                                            SHA256

                                                                                                            cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

                                                                                                            SHA512

                                                                                                            87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0348db53-37de-4fd5-b57b-dde5b5701066.tmp
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            b4bac52d7cacb5eaa8451202f4321dda

                                                                                                            SHA1

                                                                                                            4320ca9f6a688559d999a40e254e7e98291012b2

                                                                                                            SHA256

                                                                                                            876f0f18a8c58d6069331f5b4acaeeb87441960ebc8e82ad8b4ac786dbe3e1fa

                                                                                                            SHA512

                                                                                                            3086f77e90c6ee474db9a4c9ff077171d3684f5711518dd9927a0a10d82eb78ed64e01bc7dde489053ab35a85c20d0e2cd88ede701ff3caa9f455f695024ea0f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\76cb9804-1a92-47de-bdfe-17a20cb3ecb5.tmp
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            94411b5a063289208b30fe5520bfe3f1

                                                                                                            SHA1

                                                                                                            0b3f93e68e649412bd21f63927ad87c8ee7149e7

                                                                                                            SHA256

                                                                                                            45e27329de18ad3f92ec39207617eea2cc098cb20c891e4d2bbc0ffb35c99654

                                                                                                            SHA512

                                                                                                            40887070c50a652f1eb8a2749e97c8c7a6205a20224af9b8cbe338980ecab7f8492c085b886d88653c8a7ad1de5f2170b40f783bde10dca973b940ceec0c5e63

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            448983f83760a46369219bbcc5ce5ecc

                                                                                                            SHA1

                                                                                                            f68c6a56e17cc513739af92f5c85c12940c629d7

                                                                                                            SHA256

                                                                                                            215106a88ea6d630e1c9190c9a3eb9e0e73cae2aea93680962f63852616d28b6

                                                                                                            SHA512

                                                                                                            7839d1cf668674a335ac676f69432f927aaa73f4a21d7c8813882cb906c10b3d8405080c69d9c6b4b519ea734fa1eeb534988519c9874ec816a3749fb9f4cd53

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            63f0858d472e25150be4d5fdfac798a9

                                                                                                            SHA1

                                                                                                            dbb83fae38c62c64c0a69721ad2b0226154cc6fb

                                                                                                            SHA256

                                                                                                            02b53039528ab8e4c818d92b649c1a629fd948169b86b9ae19232255939948a0

                                                                                                            SHA512

                                                                                                            8cdf3b882ad66d564f7870974ce71ddddd700bf8bc705b3e03da82030cf9f3c725c57b4165977cb73eeecf1d37f657d0cafa8ce42964732577a48dddbee89a85

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            87d66d0bb337b597738dff0703881b71

                                                                                                            SHA1

                                                                                                            f2277a59ba3254f2e5c2e6332e3a177399e44309

                                                                                                            SHA256

                                                                                                            2314d635b9b9974ca195df53e62768411e8aa9914dfe5d0b88d45d4630254cb3

                                                                                                            SHA512

                                                                                                            5d404ad5b09998bce9098ca29b193872336c92a05094a37082f507efcaeebdb33bc40c3303836154c50f4443eae000046b11c244998f6f98c51476882dbcbde1

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            d344b9e1245608ddb9654a073e127435

                                                                                                            SHA1

                                                                                                            140ed9dc80e9e371defaacb244f44be43fa88da1

                                                                                                            SHA256

                                                                                                            240a245cace71e045100d5728dc63b7d42b80e142ba75080bbee0780d9d35566

                                                                                                            SHA512

                                                                                                            864bee7dd4b072f3e379e7f2606e86a5864b5a6571014367b8f74500eeec71f9177c26e2c7ca7161a0de01906a3da473253886d287a47ee48e3abd0819941391

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            bf62eed938047a226a82be1f128a9798

                                                                                                            SHA1

                                                                                                            4ff2899bcf063adc05567078df802b8cf9ffed40

                                                                                                            SHA256

                                                                                                            ba2d567935951fad7104c63fe58efd16eaf2e6c8e461f82aa602e2005b718be3

                                                                                                            SHA512

                                                                                                            8969e598dd8bb4848a95ed1811708c688074dd8954f97ffd4aaa605dab431fb1712868dad7cbbd3d66005535fb57a3c1d1735ecb9153554401f681003aee2e90

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            ebe4fc9fb6243579b6fa29cc224119a0

                                                                                                            SHA1

                                                                                                            b9aa39c2d87674bd0bbf00ca76b6a32fe9dd3be1

                                                                                                            SHA256

                                                                                                            fc9b5f101dbd3c7bd1f78b0e8e7ef33f3a5859972cd946975ba2639747d61186

                                                                                                            SHA512

                                                                                                            4d7bec250acaa643d8e4400930da728708f64020654aa94c523e55cb9b31127c667578bd7936b8d42b94e45a8eba313fce67d02b584848b6cdad4da0b01fe1ab

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            85e0bfbc45723dbc406a50a4fbe41eb3

                                                                                                            SHA1

                                                                                                            d6d7f9ac71537418070fab04284a87e7cd8298c2

                                                                                                            SHA256

                                                                                                            b634bc5c290334c3debaf9bbccfda2d9d8c5ee311ee52eaae99ba23aa14aa776

                                                                                                            SHA512

                                                                                                            43f987d6211c277ae0b144ea74a022ab2e277b032481b767d2a2e97eaf6d176910f8facb98144cc88a5018197ffa7be31d3c94189c84f1a216e93ab43cad8fa1

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            9aa5fd67bd86aa90708ef269cdbccb48

                                                                                                            SHA1

                                                                                                            1c4052a0bdf4c2dbe5aabf1c989819479450d003

                                                                                                            SHA256

                                                                                                            ed3bf6860d31f0fc18ab02a8c6f47c8c012896612b133400568fa50c0cd28dc9

                                                                                                            SHA512

                                                                                                            5904272b2f09f5559ddc60166199d88484b3a643e5b73f025ed51c71105b2a14375b2c7464545eef4115bcd60b7acd947b91a5c01857d4a5130b28486c101f6f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            74ed2617c3d4cd44b3ea365a28879739

                                                                                                            SHA1

                                                                                                            305d98b5ff739e3c4d29bc80f8a6df3e732a1923

                                                                                                            SHA256

                                                                                                            dfab4efe4cb471cb759c7467671a9db31896de3f15dcbc29af81c5ded92c5eb8

                                                                                                            SHA512

                                                                                                            919ad1afa4854c443aa4df1dc0074ab076ca3db04485c6550b75340d4781441d027426a4f3628df1f9396200452e6b34358b6a44ed884deffa49c5492d1b815b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            b8f2f76d02939ac39833a3e700fbeb21

                                                                                                            SHA1

                                                                                                            7cb1dbb140f14df0ce43b866d475c31787fba967

                                                                                                            SHA256

                                                                                                            bb7335bfb768b2411c7629f2962fdaa1d273b5917b2dede4721dac18d49fcdda

                                                                                                            SHA512

                                                                                                            ec39187e77d983e4c7fc56050de4cbb858024515c39bd5fb3d51251a71b49460e070d4e21151acc2f5e62e63a86fb8e88fdd73b0cc854b960b0614f449e1839f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            c544b44082b302230ab5c5867d002618

                                                                                                            SHA1

                                                                                                            1c15055757d8586432a8f7d7b17d4757f2aab156

                                                                                                            SHA256

                                                                                                            2cadd86c092976eb013a68cccc83f6ea4637e54c7334ec92c9d0b4140793fc6c

                                                                                                            SHA512

                                                                                                            f0f784a3d682968f5cf84544c8258ef45f173e4c10cf7a6f9954c3d10640b9456da063b8de2c021a80f2720e2263359aca41d2128c0dafc38a10877ce3325d21

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            21d2086091e8d5eb84e6e780fa4ad844

                                                                                                            SHA1

                                                                                                            375a53f64c516a377f22683403553d3cddfd0daa

                                                                                                            SHA256

                                                                                                            68278753eeb43aa81f4829cfdda70db4736712c76b0fb5a296441235e970ef06

                                                                                                            SHA512

                                                                                                            0f29201f5f7cb53fc6e87ced8b5170f6531f6c4a131617fb74400943d9a908dbd684d3ae3e207a27cd442e909335fa0c4d14df626cd56c66d53628f284fa6e38

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            cde6515fe39ec912242b8a847818518c

                                                                                                            SHA1

                                                                                                            f65bfec1edf653fc1cf099ff7cc6e1f5ecbd1c60

                                                                                                            SHA256

                                                                                                            72d98d7ab1782b2c733024908832cfe0593514db2cf31348399dff9e3ed8cb78

                                                                                                            SHA512

                                                                                                            263e67ffd9473f2a9838e69d07d6021ac5af3be12961c5e0547bd79002c88384d12d0fedc1cd6092de6aa48069d60f887ebdff7a9acdc90ce6dd8fed334cfaab

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            5676e202267abacf1352173c1fc104ac

                                                                                                            SHA1

                                                                                                            a9689d601133a0eb02fdfbb8b20befcb6cf0374d

                                                                                                            SHA256

                                                                                                            87010bf3d4aa336bf0e04c2a4332b2d0d0435d913c2cfb565da936cbe098e96c

                                                                                                            SHA512

                                                                                                            432095cb078c0a179fbf443181958412e62d0241ded78d505727c5e25b010a9fd106e917fe357e3057ad1b3037f97db1b36145adfbbbf94d4a54f879011983ea

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            8518672368827b65045b1014e586a20d

                                                                                                            SHA1

                                                                                                            2de0eee176ba7a295bcda61cb05da6b191ed6550

                                                                                                            SHA256

                                                                                                            68427e924d83dc00aad3f558ed321e94c2a7a196b8ef6a6b28deb4f870c2a784

                                                                                                            SHA512

                                                                                                            c952411dca59cbbf2b50d6647115a11049ea31d10b0f3a81c6e5a8b896f51c1c607ae7b44df6813423b682e107416a38b497e37840bb6664da40db920606fc45

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            b504088f9ca5eb7f53f7ff833fe63797

                                                                                                            SHA1

                                                                                                            96cc99fb1a2ac2db0225c50151a7e8ffa5f92ec0

                                                                                                            SHA256

                                                                                                            d3255a42818ba58f58a922663b1255840358f95dbbb73f747201b2c3a2b89b25

                                                                                                            SHA512

                                                                                                            612c74274e0e35b2ae1978e0a8c3d662368fbe3718413357d34b6c1c0368b0cb040c1f8df3674ad72ab845e628bd115d3e9009381ddf20820e6ee4428e9d6d79

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            ca9c264469ef496bf76b5f38ec0bb3d9

                                                                                                            SHA1

                                                                                                            c318e2a5df39a6770e1c97d943f1afe3601e8fef

                                                                                                            SHA256

                                                                                                            6a9f53a0495b4ca46ea66fc7a559a79de71b141a9eb7c3beded2bbc0e54a9c06

                                                                                                            SHA512

                                                                                                            84975f1405a4fa66e59ddf34a25cd9961adc323417520e716f5a31a571716cea5fdc6d854d6404520b4630dde1d980c68b9d573e729124da1f44eb13e2e4846e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            0cbc7f273b17b0790d40361baac006d0

                                                                                                            SHA1

                                                                                                            78ca662449f0bd52398a52478c9b9bcfc5a15903

                                                                                                            SHA256

                                                                                                            280c2c3421b703995aaa1467ac4546006bf1c2f7f3f843cb8b7034df06f6f018

                                                                                                            SHA512

                                                                                                            1b443bee91766cdd0fe5029e151a3f874fbea5ac1f8f21ddf5ac043ada6367e01ae774994ddf8c32d0e29363d6178f9104a197c7725fc33fb0cdd173c7524afc

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            4beab4346741dc0c6017f6030ebaf043

                                                                                                            SHA1

                                                                                                            969710c8ad2fb9c89e3ab522b9806c24f36c5957

                                                                                                            SHA256

                                                                                                            f813d7327587a646880947cd7e5fcdc34d14d7bdf53721b5575f195b9e14464b

                                                                                                            SHA512

                                                                                                            3105254699a4f842b8d57a874837dfb6324f1f70dd0b216ad1c10ba8bcb8c19f31a14d18dc72f6c6c65f7d5c55a070e4a6db233622c69fac1cd3bc070af33806

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            dc6b8ccf1de52d01cb2d6aac42610876

                                                                                                            SHA1

                                                                                                            3fb960266389e82e300a7281e25db2524592afa1

                                                                                                            SHA256

                                                                                                            3330be6b0199bb7b653d42fc5ae8d52b0e440a750cf36f53475f9826e9df601a

                                                                                                            SHA512

                                                                                                            21300d3fb2300d051a4da792578dc1b32b92dfcdc781caa5b566e7386f2e28457fdf9ab87cef1361495f991c14ee10862327c29972c5e57d1c931ed3ea02e09e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            a25bcefe35e69ecba47ac396469491db

                                                                                                            SHA1

                                                                                                            baaf03aef85d4e1aff06b7fd6b70350380971f74

                                                                                                            SHA256

                                                                                                            bb3787f40fe1acac209370855a8c932ce76769dd1f1da08776ad1ef8c3f8f6ef

                                                                                                            SHA512

                                                                                                            4084b0306d7a219229627a50647cb12fd2e80eccfeda5962536c7601cb7d5608dfc7afe1e7339cc1d58890716dce8731f1bd8447cdcf77fe4e5966264af5bc62

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            0fb97229373564fec407633f0878aa4a

                                                                                                            SHA1

                                                                                                            6446acc80bdad6c4e161148e2d08276a4844a20a

                                                                                                            SHA256

                                                                                                            695d634c1c651be719d671fa69e8bdb24ea88638b210c4d4d377eafa5fe8569d

                                                                                                            SHA512

                                                                                                            dccb3c91a7f9d4309a91eadd605b067f827b31b9ffcd623c9cfcdc4da07243a5c8c35fb8e2bb5d8588101fcc5877601f08c55381853919bfbbf72e5f70185f75

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            4b2e8a3701a71b7057ff16721618c723

                                                                                                            SHA1

                                                                                                            b0d657ab86e0824c56ff2e8d796d3f67a5512209

                                                                                                            SHA256

                                                                                                            21a7ef8f0318d9772a92be728b4c44a3553106927a176ceba86f243db659affb

                                                                                                            SHA512

                                                                                                            0f9821d6daa705960495f0c430fda4dd80cd54e1924eb024153543665ac43d4c8fb4a26df983d1a43b2fd47aed7aa2a36fdba5bee70db050d39ac232cbe1d5b7

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            dc416a841cf9af17238bc5bd83d4e696

                                                                                                            SHA1

                                                                                                            c240460239021f72986da8f03809dda830015cf4

                                                                                                            SHA256

                                                                                                            070d9d2b95ef08859ea2734177f2c0c58c55ef9fbcb99c7791f09f7005721b61

                                                                                                            SHA512

                                                                                                            709b971bec67c1496044c6e21d83f6bab10cb2565633e4f66e03415acfd7aace9439860483b6a6eaae446559bfed590184939c0fa9bfdff6fe099cdb965f676d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            54cbfe05d4ab79567d1b96a1ddb87110

                                                                                                            SHA1

                                                                                                            5163b14cd6d23f645ca0a6abc32a90a1b39ad136

                                                                                                            SHA256

                                                                                                            3764957583490ad02716488a3b523f3113a00921bd72d454f8b462ce7657f7cd

                                                                                                            SHA512

                                                                                                            23e7de6553fd7659635747c74ea595855cc30b513caf8bc64ab069c33bf4869d0f0ef169f243f4e8881d793669ead0889a28f5f5bf4754051fdc7f9d127297e1

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            a5c44123b4a6f6b143cbbdd37b805267

                                                                                                            SHA1

                                                                                                            a79b0e21d47d95ead855cfe1b334251ca39b64fa

                                                                                                            SHA256

                                                                                                            96e7796a8f50a312b1d01feeb67590e057b1aa3c43f18cd08ee0e0eb1ee52356

                                                                                                            SHA512

                                                                                                            adad8e52e856d80effdff2fe27fe2ababcf52285b1a62b5bdc7d276e68346f3a0e390857e00a28f2065fc4b95480376714d5f8955596516bc041655f152c4e67

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f9a2.TMP
                                                                                                            Filesize

                                                                                                            874B

                                                                                                            MD5

                                                                                                            f7f618b87a89d37a6630e9d05627f5fc

                                                                                                            SHA1

                                                                                                            c4310c1bffabad7a8764fae2af7d848adb1fb2c7

                                                                                                            SHA256

                                                                                                            dd21b2cd19d571ce170c18c3f388f7cf1752bcc70bec8eb56f852ba5ee50b6f7

                                                                                                            SHA512

                                                                                                            8accd97e618d4de89ebd5f3d06097edee0e3b27723f0ad52bc2ba64fb65b985b98779744878bf39f894f36336ff83745229159041c9feee640142ec0abf070b9

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                                                            SHA1

                                                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                            SHA256

                                                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                            SHA512

                                                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            11KB

                                                                                                            MD5

                                                                                                            738f1bc6828515da7e0c89631c6b513e

                                                                                                            SHA1

                                                                                                            1e33bd5681f99cb431a3e8e4f3839962e7053e80

                                                                                                            SHA256

                                                                                                            0839cb43676fb887ec59a5ff747d5cf68158dc9808a5322b587151bc1f0a7968

                                                                                                            SHA512

                                                                                                            affa007963ebd8422b817ab00ede026475de2ed0f0129421a2b363372e38f9279fc83464d4c7dc934fc808b94df051cdebc84d53d25234afcf825a4ea63d5be3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            11KB

                                                                                                            MD5

                                                                                                            316f122ae05e2751becf0e43db711a67

                                                                                                            SHA1

                                                                                                            651b6fb1e0c8d305ef1dfbd7225101ffcd3e276b

                                                                                                            SHA256

                                                                                                            83ace6a5a19fda03bf2c05b4a0ea72aad71cc7852869ce15ceaeeb18055ed315

                                                                                                            SHA512

                                                                                                            d0af0b7ff80e54a18c503f619d7f09a85f1eefe63dd83b4c58c531d966dd4bb1feb02a206de3e26ac9513796d3275b6172dc735d3a87f12b2a0ec7ced054f5ca

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            719dd52fe9d8b548333de0d50f272bfc

                                                                                                            SHA1

                                                                                                            4344101b8fd4203977da213b8061f5f06ee2fa6f

                                                                                                            SHA256

                                                                                                            a34717a8be4c572c8c8e07dd07ac3ed8a03d1be375ff3e599616ff3ebe3ef01f

                                                                                                            SHA512

                                                                                                            e3d90b58fd4eb61db6c0195d5c9ea5c16ffc2b6e5a21189d3e1f1de8d2cc58e0147cda22fe30be1ba6970b965d6fa0b591b2b7e00d0e8a89feb5d3c3d039fa1e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            e55eef1c5cc224c9d2b75c6176422ce0

                                                                                                            SHA1

                                                                                                            d39ff162d58702f2c11ee6105fc4e5f3769c05cf

                                                                                                            SHA256

                                                                                                            ed1057ccadba153fd7323a37a7e03867ae41618a78174b139791e89ce3adddd0

                                                                                                            SHA512

                                                                                                            7016c153d858580c9ea92e60b78b1c6500614f43fc33663611cf000920e5005f130ef3dc53fab706ad876919abe22b2ec1d3d0cfe723b66d962c2f39c6bd428e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\5e51a366-5751-4ec0-81c3-801e8ab87a86.tmp
                                                                                                            Filesize

                                                                                                            123B

                                                                                                            MD5

                                                                                                            49f5ddbf0748e69f30a2909276418311

                                                                                                            SHA1

                                                                                                            c3205cccffe909f2a60560d6179cc096d4907386

                                                                                                            SHA256

                                                                                                            1e9637fc91b1fe4a13401c4bbb1919f0fc951c55b8d120df51854df02f8fcd6d

                                                                                                            SHA512

                                                                                                            dc741df9988212c362315d82a686dc0b4085890cdccce98bda8ec617a671b737f954b4530a424816cf5fb3affe3355022b1b1acae16fbd7dea33adac7cec80c8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                            Filesize

                                                                                                            14KB

                                                                                                            MD5

                                                                                                            19dbec50735b5f2a72d4199c4e184960

                                                                                                            SHA1

                                                                                                            6fed7732f7cb6f59743795b2ab154a3676f4c822

                                                                                                            SHA256

                                                                                                            a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

                                                                                                            SHA512

                                                                                                            aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Rensenware.exe:Zone.Identifier
                                                                                                            Filesize

                                                                                                            235B

                                                                                                            MD5

                                                                                                            bedba9207bb0d7d89d2ccc539befd33c

                                                                                                            SHA1

                                                                                                            f4db228a87d7f00133238f1c2ea3933d077c3a7b

                                                                                                            SHA256

                                                                                                            69ddf31c76d460433e11db97dfc4a03447a8ef9d34ab9a8ba9753d067dca56e3

                                                                                                            SHA512

                                                                                                            2bb969d32576432fb654bf074fc8d0b1bf1816b42840a912b26a338534c72d4df2266029cf9854a5441bbd2b316a2efe686a169144f4838ae1f5a707cddc7dd7

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 127524.crdownload
                                                                                                            Filesize

                                                                                                            224KB

                                                                                                            MD5

                                                                                                            5c7fb0927db37372da25f270708103a2

                                                                                                            SHA1

                                                                                                            120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                                                            SHA256

                                                                                                            be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                                                            SHA512

                                                                                                            a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 215962.crdownload
                                                                                                            Filesize

                                                                                                            2.4MB

                                                                                                            MD5

                                                                                                            dbfbf254cfb84d991ac3860105d66fc6

                                                                                                            SHA1

                                                                                                            893110d8c8451565caa591ddfccf92869f96c242

                                                                                                            SHA256

                                                                                                            68b0e1932f3b4439865be848c2d592d5174dbdbaab8f66104a0e5b28c928ee0c

                                                                                                            SHA512

                                                                                                            5e9ccdf52ebdb548c3fa22f22dd584e9a603ca1163a622db5707dbcc5d01e4835879dcfd28cb1589cbb25aed00f352f7a0a0962b1f38b68fc7d6693375e7666d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 242617.crdownload
                                                                                                            Filesize

                                                                                                            239KB

                                                                                                            MD5

                                                                                                            2f8f6e90ca211d7ef5f6cf3c995a40e7

                                                                                                            SHA1

                                                                                                            f8940f280c81273b11a20d4bfb43715155f6e122

                                                                                                            SHA256

                                                                                                            1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

                                                                                                            SHA512

                                                                                                            2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 38943.crdownload
                                                                                                            Filesize

                                                                                                            338KB

                                                                                                            MD5

                                                                                                            04fb36199787f2e3e2135611a38321eb

                                                                                                            SHA1

                                                                                                            65559245709fe98052eb284577f1fd61c01ad20d

                                                                                                            SHA256

                                                                                                            d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                                                                            SHA512

                                                                                                            533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 391510.crdownload
                                                                                                            Filesize

                                                                                                            96KB

                                                                                                            MD5

                                                                                                            60335edf459643a87168da8ed74c2b60

                                                                                                            SHA1

                                                                                                            61f3e01174a6557f9c0bfc89ae682d37a7e91e2e

                                                                                                            SHA256

                                                                                                            7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

                                                                                                            SHA512

                                                                                                            b4e5e4d4f0b4a52243d6756c66b4fe6f4b39e64df7790072046e8a3dadad3a1be30b8689a1bab8257cc35cb4df652888ddf62b4e1fccb33e1bbf1f5416d73efb

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 54047.crdownload
                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            MD5

                                                                                                            eb9324121994e5e41f1738b5af8944b1

                                                                                                            SHA1

                                                                                                            aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                                            SHA256

                                                                                                            2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                                            SHA512

                                                                                                            7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 618223.crdownload
                                                                                                            Filesize

                                                                                                            6.7MB

                                                                                                            MD5

                                                                                                            f2b7074e1543720a9a98fda660e02688

                                                                                                            SHA1

                                                                                                            1029492c1a12789d8af78d54adcb921e24b9e5ca

                                                                                                            SHA256

                                                                                                            4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

                                                                                                            SHA512

                                                                                                            73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 671920.crdownload
                                                                                                            Filesize

                                                                                                            48KB

                                                                                                            MD5

                                                                                                            21943d72b0f4c2b42f242ac2d3de784c

                                                                                                            SHA1

                                                                                                            c887b9d92c026a69217ca550568909609eec1c39

                                                                                                            SHA256

                                                                                                            2d047b0a46be4da59d375f71cfbd578ce1fbf77955d0bb149f6be5b9e4552180

                                                                                                            SHA512

                                                                                                            04c9fa8358944d01b5fd0b6d5da2669df4c54fe79c58e7987c16bea56c114394173b6e8a6ac54cd4acd081fcbc66103ea6514c616363ba8d212db13b301034d8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 711766.crdownload
                                                                                                            Filesize

                                                                                                            53KB

                                                                                                            MD5

                                                                                                            6536b10e5a713803d034c607d2de19e3

                                                                                                            SHA1

                                                                                                            a6000c05f565a36d2250bdab2ce78f505ca624b7

                                                                                                            SHA256

                                                                                                            775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de

                                                                                                            SHA512

                                                                                                            61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 733792.crdownload
                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            MD5

                                                                                                            70108103a53123201ceb2e921fcfe83c

                                                                                                            SHA1

                                                                                                            c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3

                                                                                                            SHA256

                                                                                                            9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d

                                                                                                            SHA512

                                                                                                            996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 792442.crdownload
                                                                                                            Filesize

                                                                                                            3.4MB

                                                                                                            MD5

                                                                                                            84c82835a5d21bbcf75a61706d8ab549

                                                                                                            SHA1

                                                                                                            5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                            SHA256

                                                                                                            ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                            SHA512

                                                                                                            90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 866894.crdownload
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            74f8a282848b8a26ceafe1f438e358e0

                                                                                                            SHA1

                                                                                                            007b350c49b71b47dfc8dff003980d5f8da32b3a

                                                                                                            SHA256

                                                                                                            fc94130b45112bdf7fe64713eb807f4958cdcdb758c25605ad9318cd5a8e17ae

                                                                                                            SHA512

                                                                                                            3f73c734432b7999116452e673d734aa3f5fe9005efa7285c76d28a98b4c5d2620e772f421e030401ad223abbb07c6d0e79b91aa97b7464cb21e3dc0b49c5a81

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 898807.crdownload
                                                                                                            Filesize

                                                                                                            132KB

                                                                                                            MD5

                                                                                                            919034c8efb9678f96b47a20fa6199f2

                                                                                                            SHA1

                                                                                                            747070c74d0400cffeb28fbea17b64297f14cfbd

                                                                                                            SHA256

                                                                                                            e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

                                                                                                            SHA512

                                                                                                            745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 911313.crdownload
                                                                                                            Filesize

                                                                                                            22KB

                                                                                                            MD5

                                                                                                            31420227141ade98a5a5228bf8e6a97d

                                                                                                            SHA1

                                                                                                            19329845635ebbc5c4026e111650d3ef42ab05ac

                                                                                                            SHA256

                                                                                                            1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71

                                                                                                            SHA512

                                                                                                            cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 987955.crdownload
                                                                                                            Filesize

                                                                                                            396KB

                                                                                                            MD5

                                                                                                            13f4b868603cf0dd6c32702d1bd858c9

                                                                                                            SHA1

                                                                                                            a595ab75e134f5616679be5f11deefdfaae1de15

                                                                                                            SHA256

                                                                                                            cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

                                                                                                            SHA512

                                                                                                            e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 987955.crdownload:SmartScreen
                                                                                                            Filesize

                                                                                                            7B

                                                                                                            MD5

                                                                                                            4047530ecbc0170039e76fe1657bdb01

                                                                                                            SHA1

                                                                                                            32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                            SHA256

                                                                                                            82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                            SHA512

                                                                                                            8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier
                                                                                                            Filesize

                                                                                                            231B

                                                                                                            MD5

                                                                                                            23751bfbd3ef4051fb8c32feb4bb2010

                                                                                                            SHA1

                                                                                                            5ca44f2d2b9a98328b2f8387d38471ec194c7d42

                                                                                                            SHA256

                                                                                                            666f2256615e4eff0ab7263c32d99e28dfda4ae978b7fe0cc1dcdddd104caae2

                                                                                                            SHA512

                                                                                                            d1881b58a6b4d4936cac059f3304358c70065ffa5ff7cc8795c82a3ca7c87772e516100130847ad06bdedd84e768fed38936d36dcdc01ebaa148cdf1c64f9f15

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\WannaCrypt0r.exe:Zone.Identifier
                                                                                                            Filesize

                                                                                                            239B

                                                                                                            MD5

                                                                                                            10ce7eaff5b95b5d25d12d7bc92f573d

                                                                                                            SHA1

                                                                                                            201d5e8fbd9b9c4767f84b676d27727b7f564548

                                                                                                            SHA256

                                                                                                            4fdd58d80dcc6b6c9b30c78e5174772f1506e81d6c3743b7764b4c534223cf8f

                                                                                                            SHA512

                                                                                                            d0fe99a47806c41fc72f317e56591fe971b46ac20400cc2e247d9e3b57abfce8ff4fe23e85b9abcc590dbb88faf681260bf27111698e6c3fc403e7681fa69556

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\WindowsXPHorrorEdition.txt:Zone.Identifier
                                                                                                            Filesize

                                                                                                            55B

                                                                                                            MD5

                                                                                                            0f98a5550abe0fb880568b1480c96a1c

                                                                                                            SHA1

                                                                                                            d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                            SHA256

                                                                                                            2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                            SHA512

                                                                                                            dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\WinlockerVB6Blacksod.exe:Zone.Identifier
                                                                                                            Filesize

                                                                                                            132B

                                                                                                            MD5

                                                                                                            730d64a791c39acb6b4f15a8e5815c8f

                                                                                                            SHA1

                                                                                                            5f95dbff64c05cf60b35e564b4017a65607e45b4

                                                                                                            SHA256

                                                                                                            13e76536f9262fba485a6b476825da09e8f62db7967f3a7bd29f4163ced65536

                                                                                                            SHA512

                                                                                                            6572bf0544148c4a33533c6b82f237c41c45a3b3b3416f3d14496dd009b507a888318ee3e195d1f1fe49267d40e92dab4fd49f5f962de7cca0c95e3fc1bcb26b

                                                                                                            Download Submit