hxxps://crystalpvp[.]ru/deadcode

Analysis

max time kernel
672s
max time network
652s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
04-12-2024 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crystalpvp.ru/deadcode

Score

8^/10

defense_evasion discovery motw persistence phishing upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	TLauncher-Installer-1.5.4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	TLauncher-Installer-1.5.4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	vc_redist.x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	prismlauncher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	TLauncher-Installer-1.5.4(1).exe

Executes dropped EXE 11 IoCs

pid	Process
1744	TLauncher-Installer-1.5.4.exe
4860	irsetup.exe
5532	TLauncher-Installer-1.5.4.exe
3752	irsetup.exe
5328	PrismLauncher-Windows-MSVC-Setup-9.1.exe
3648	vc_redist.x64.exe
1048	vc_redist.x64.exe
6020	VC_redist.x64.exe
5312	prismlauncher.exe
5220	TLauncher-Installer-1.5.4(1).exe
8	irsetup.exe

Loads dropped DLL 64 IoCs

pid	Process
4860	irsetup.exe
3752	irsetup.exe
4860	irsetup.exe
4860	irsetup.exe
3752	irsetup.exe
3752	irsetup.exe
5328	PrismLauncher-Windows-MSVC-Setup-9.1.exe
5328	PrismLauncher-Windows-MSVC-Setup-9.1.exe
5328	PrismLauncher-Windows-MSVC-Setup-9.1.exe
5328	PrismLauncher-Windows-MSVC-Setup-9.1.exe
1048	vc_redist.x64.exe
1484	VC_redist.x64.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5312	prismlauncher.exe
5964	deadcodecrack.exe
5964	deadcodecrack.exe
5964	deadcodecrack.exe
7140	deadcodecrack.exe
7140	deadcodecrack.exe
7140	deadcodecrack.exe
4732	firefox.exe
4732	firefox.exe
4732	firefox.exe
6504	firefox.exe
6504	firefox.exe
6504	firefox.exe
6548	firefox.exe
6548	firefox.exe
6548	firefox.exe
5940	firefox.exe
5940	firefox.exe
5940	firefox.exe
4860	firefox.exe
4860	firefox.exe
4860	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
5216	firefox.exe
5216	firefox.exe
5216	firefox.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{804e7d66-ccc2-4c12-84ba-476da31d103d} = "\"C:\\ProgramData\\Package Cache\\{804e7d66-ccc2-4c12-84ba-476da31d103d}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
495	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in System32 directory 51 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_threads.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0028000000045299-436.dat	upx
behavioral1/memory/4860-446-0x0000000000230000-0x0000000000619000-memory.dmp	upx
behavioral1/memory/3752-487-0x0000000000970000-0x0000000000D59000-memory.dmp	upx
behavioral1/memory/4860-1873-0x0000000000230000-0x0000000000619000-memory.dmp	upx
behavioral1/memory/3752-1882-0x0000000000970000-0x0000000000D59000-memory.dmp	upx
behavioral1/memory/8-6394-0x0000000000E60000-0x0000000001249000-memory.dmp	upx
behavioral1/memory/8-7083-0x0000000000E60000-0x0000000001249000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\67e90bf3-0300-4df8-a8db-c16138fc96f2.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241204191436.pma	setup.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e59291c.msi	msiexec.exe
File created	C:\Windows\Installer\e592932.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2B1D.tmp	msiexec.exe
File created	C:\Windows\Installer\e59291d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI309D.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E1902FC6-C423-4719-AB8A-AC7B2694B367}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3179.tmp	msiexec.exe
File created	C:\Windows\Installer\e59290a.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{382F1166-A409-4C5B-9B1E-85ED538B8291}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2CA5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e59291d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e59290a.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe:Zone.Identifier	PrismLauncher-Windows-MSVC-Setup-9.1.exe
File created	C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4(1).exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.5.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.5.4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	irsetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TaskKill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TLauncher-Installer-1.5.4(1).exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008b4330a7ef31bdc60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008b4330a70000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008b4330a7000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8b4330a7000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008b4330a700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2300	TaskKill.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\prismlauncher\shell\open	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\ = "{804e7d66-ccc2-4c12-84ba-476da31d103d}"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{E1902FC6-C423-4719-AB8A-AC7B2694B367}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Version = "237667969"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\Version = "14.42.34433.0"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{382F1166-A409-4C5B-9B1E-85ED538B8291}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\prismlauncher	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\prismlauncher\shell\open\command	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\6611F283904AB5C4B9E158DE35B82819	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.42.34433"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\Servicing_Key	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\PackageCode = "C115E40EF1D73624BAA68F6193F24D7D"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\curseforge\shell\open\command	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\prismlauncher\URL Protocol	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\PackageName = "vc_runtimeAdditional_x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\prismlauncher\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PrismLauncher\\prismlauncher.exe\" \"%1\""	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\Dependents	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d}	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\AdvertiseFlags = "388"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\VC,REDIST.X64,AMD64,14.30,BUNDLE\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\curseforge\shell\open	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{382F1166-A409-4C5B-9B1E-85ED538B8291}v14.42.34433\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\curseforge\URL Protocol	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\curseforge\shell	PrismLauncher-Windows-MSVC-Setup-9.1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\PackageCode = "C029B57ADC55135439F2BCC435C9148F"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Version = "237667969"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList	msiexec.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe:Zone.Identifier	PrismLauncher-Windows-MSVC-Setup-9.1.exe
File created	C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4(1).exe:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 313802.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 186176.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5312	prismlauncher.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
1568	msedge.exe
1568	msedge.exe
6060	identity_helper.exe
6060	identity_helper.exe
5316	msedge.exe
5316	msedge.exe
5056	msedge.exe
5056	msedge.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
5340	msedge.exe
5340	msedge.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5312	prismlauncher.exe
4336	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4336	taskmgr.exe
Token: SeSystemProfilePrivilege	4336	taskmgr.exe
Token: SeCreateGlobalPrivilege	4336	taskmgr.exe
Token: SeDebugPrivilege	2300	TaskKill.exe
Token: SeBackupPrivilege	5596	vssvc.exe
Token: SeRestorePrivilege	5596	vssvc.exe
Token: SeAuditPrivilege	5596	vssvc.exe
Token: SeShutdownPrivilege	6020	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	6020	VC_redist.x64.exe
Token: SeSecurityPrivilege	5792	msiexec.exe
Token: SeCreateTokenPrivilege	6020	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	6020	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	6020	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	6020	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	6020	VC_redist.x64.exe
Token: SeTcbPrivilege	6020	VC_redist.x64.exe
Token: SeSecurityPrivilege	6020	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	6020	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	6020	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	6020	VC_redist.x64.exe
Token: SeSystemtimePrivilege	6020	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	6020	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	6020	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	6020	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	6020	VC_redist.x64.exe
Token: SeBackupPrivilege	6020	VC_redist.x64.exe
Token: SeRestorePrivilege	6020	VC_redist.x64.exe
Token: SeShutdownPrivilege	6020	VC_redist.x64.exe
Token: SeDebugPrivilege	6020	VC_redist.x64.exe
Token: SeAuditPrivilege	6020	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	6020	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	6020	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	6020	VC_redist.x64.exe
Token: SeUndockPrivilege	6020	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	6020	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	6020	VC_redist.x64.exe
Token: SeManageVolumePrivilege	6020	VC_redist.x64.exe
Token: SeImpersonatePrivilege	6020	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	6020	VC_redist.x64.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe
Token: SeTakeOwnershipPrivilege	5792	msiexec.exe
Token: SeRestorePrivilege	5792	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe
4336	taskmgr.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
1744	TLauncher-Installer-1.5.4.exe
4860	irsetup.exe
4860	irsetup.exe
4860	irsetup.exe
5532	TLauncher-Installer-1.5.4.exe
3752	irsetup.exe
3752	irsetup.exe
3752	irsetup.exe
3752	irsetup.exe
4860	irsetup.exe
3752	irsetup.exe
4860	irsetup.exe
5964	deadcodecrack.exe
7140	deadcodecrack.exe
4732	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
7164	firefox.exe
5220	TLauncher-Installer-1.5.4(1).exe
8	irsetup.exe
8	irsetup.exe
8	irsetup.exe
8	irsetup.exe
8	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 420	1568	msedge.exe	82
PID 1568 wrote to memory of 420	1568	msedge.exe	82
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 5084	1568	msedge.exe	83
PID 1568 wrote to memory of 2176	1568	msedge.exe	84
PID 1568 wrote to memory of 2176	1568	msedge.exe	84
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85
PID 1568 wrote to memory of 5028	1568	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://crystalpvp.ru/deadcode
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffca95446f8,0x7ffca9544708,0x7ffca9544718
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1872
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6a1095460,0x7ff6a1095470,0x7ff6a1095480
    3⤵
    PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7228 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5676
- C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe
  "C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe" "__IRCT:3" "__IRTSS:25260914" "__IRSID:S-1-5-21-2319007114-3335580451-2147236418-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4860
- C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe
  "C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5532
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4.exe" "__IRCT:3" "__IRTSS:25260914" "__IRSID:S-1-5-21-2319007114-3335580451-2147236418-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-9.1.exe
  "C:\Users\Admin\Downloads\PrismLauncher-Windows-MSVC-Setup-9.1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - NTFS ADS
  PID:5328
- - C:\Windows\SysWOW64\TaskKill.exe
    TaskKill /IM prismlauncher.exe /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2300
- - C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe
    C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe /install /passive /norestart
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3648
  - - C:\Windows\Temp\{82409E98-74D9-458F-9A0F-6245B8474436}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{82409E98-74D9-458F-9A0F-6245B8474436}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe" -burn.filehandle.attached=804 -burn.filehandle.self=688 /install /passive /norestart
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1048
    - - C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D8A16120-E469-4AC3-80FB-756133BB1AB5} {D3D8C11D-B9A2-45A9-A687-54FBB9BEF5BA} 1048
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:6020
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1276 -burn.embedded BurnPipe.{E348660E-E599-418E-8C56-EE3623736EA7} {9F054C9F-B193-4C5C-A5BB-05CD7EFA6208} 6020
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=652 -burn.filehandle.self=672 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1276 -burn.embedded BurnPipe.{E348660E-E599-418E-8C56-EE3623736EA7} {9F054C9F-B193-4C5C-A5BB-05CD7EFA6208} 6020
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{A85497F7-668D-4FF5-9CE8-8BF5F11EB241} {75F7B9A2-6616-4B98-81AF-F04BA2726638} 1484
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3756
- - C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe
    "C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    PID:5312
  - - C:\Program Files\Java\jre-1.8\bin\javaw.exe
      "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
      4⤵
      PID:3240
  - - C:\Program Files\Java\jdk-1.8\bin\javaw.exe
      "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
      4⤵
      PID:3840
  - - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      javaw -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
      4⤵
      PID:5376
  - - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
      4⤵
      PID:3160
  - - C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -Xms512m -Xmx4096m -jar C:/Users/Admin/AppData/Local/Programs/PrismLauncher/jars/JavaCheck.jar
      4⤵
      PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7596 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9564 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10452 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9684 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,2860173817263276884,1366110573613951620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:1
  2⤵
  PID:5452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4336

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5596

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:4
1⤵
PID:1824

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3124

C:\Users\Admin\Downloads\dccrack\deadcodecrack.exe
"C:\Users\Admin\Downloads\dccrack\deadcodecrack.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:7096

C:\Users\Admin\Downloads\dccrack\deadcodecrack.exe
"C:\Users\Admin\Downloads\dccrack\deadcodecrack.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:7140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1632 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc9d12df-0802-482d-9bfe-348ef46502ec} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" gpu
    3⤵
    - Loads dropped DLL
    PID:6504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a46385-48af-4e9f-9cc4-5b3ad2988cb5} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" socket
    3⤵
    - Loads dropped DLL
    - Checks processor information in registry
    PID:6548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d2677c-3916-4d41-9fde-a74218995a02} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    - Loads dropped DLL
    PID:5940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3776 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3772 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5702b635-e581-49c6-a78e-7f2ac56f91ae} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    - Loads dropped DLL
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4932 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4864 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33a9333-c6fe-4176-b78e-655a787bd475} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" utility
    3⤵
    - Loads dropped DLL
    - Checks processor information in registry
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2764 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58ee16ac-8cbf-47b3-8904-17dee2c2038f} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    - Loads dropped DLL
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5616 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b9c4516-8962-4c9a-9216-e1f309d7956f} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    PID:1128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5856 -prefMapHandle 5860 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {337a05df-838b-42ed-ba28-b54efec95cfd} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5972 -childID 6 -isForBrowser -prefsHandle 5932 -prefMapHandle 4176 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d1f3175-d141-4fa4-8af9-0034c2fd45ca} 4732 "\\.\pipe\gecko-crash-server-pipe.4732" tab
    3⤵
    PID:2184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:7164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 23681 -prefMapSize 244741 -appDir "C:\Program Files\Mozilla Firefox\browser" - {799c5707-2049-420d-b29c-f5fd6fa647b2} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" gpu
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2280 -prefsLen 23681 -prefMapSize 244741 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69175936-dfe8-4161-ba93-abf6f5dd1e16} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" socket
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 1 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 24180 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bfa7aaf-0fc8-4fc5-bb60-32e96f29f5f8} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 2700 -prefsLen 29413 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b1e6fb-b9c2-4645-a598-36ffaf4f8aa5} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4240 -prefMapHandle 4244 -prefsLen 29413 -prefMapSize 244741 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad90fd16-18e8-42cd-a504-57ccc242fbc0} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" utility
    3⤵
    - Checks processor information in registry
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 5276 -prefsLen 27320 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a90c1c55-a25d-43c0-8c81-d97216a50496} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27320 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59224096-8e11-444b-8e48-9ca613f2ce4d} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27320 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24596bac-3d48-4922-846f-37cec12252d3} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6640 -childID 6 -isForBrowser -prefsHandle 6600 -prefMapHandle 6560 -prefsLen 27615 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b10565c4-f956-4307-9875-fe5addcd4f62} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:3332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6784 -childID 7 -isForBrowser -prefsHandle 6884 -prefMapHandle 6780 -prefsLen 27615 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01960be3-b2d8-4154-9d54-41391450ad37} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:1440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2824 -parentBuildID 20240401114208 -prefsHandle 2836 -prefMapHandle 4864 -prefsLen 30108 -prefMapSize 244741 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af411c1d-5314-4c2a-9f58-946d5a9a8b45} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" rdd
    3⤵
    PID:1664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3924 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 5576 -prefMapHandle 5572 -prefsLen 30108 -prefMapSize 244741 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea71de4d-caba-49a2-9fe5-af735c4d2829} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" utility
    3⤵
    - Checks processor information in registry
    PID:6736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2532 -childID 8 -isForBrowser -prefsHandle 6216 -prefMapHandle 3800 -prefsLen 28181 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08a5b9d0-1249-4359-9ea5-e7c2ecf8a669} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -childID 9 -isForBrowser -prefsHandle 5436 -prefMapHandle 6580 -prefsLen 28402 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b9d51a-f75b-4f26-bec4-8d87434935fd} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:3380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8120 -childID 10 -isForBrowser -prefsHandle 8148 -prefMapHandle 8140 -prefsLen 28402 -prefMapSize 244741 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eac7a9d9-8393-4bfe-acd9-f5a261cbcb36} 7164 "\\.\pipe\gecko-crash-server-pipe.7164" tab
    3⤵
    PID:4020
- - C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4(1).exe
    "C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4(1).exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.5.4(1).exe" "__IRCT:3" "__IRTSS:25260914" "__IRSID:S-1-5-21-2319007114-3335580451-2147236418-1000"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e59290f.rbs

Filesize
19KB

MD5
5266596cc60cc8074b3d84fdfcc58d57

SHA1
ff44be0f88e0c30970719fb16428083f866ce867

SHA256
5f0c591bbe9205cd824dfdb2a89499b5daa6d10dd0ba1ac091423dc92326a31a

SHA512
8607487bca12bc69e045482e470a810cca61d9e86984a54b9f027db2ec2511f255ad7e8df38d345be28a8fd5ea2bb6d85be3f8ee4116e2d4ffe3e627f8a5bb8d

Download Submit
C:\Config.Msi\e59291b.rbs

Filesize
19KB

MD5
86644f58fc664e2d30e5fac589d0a8c4

SHA1
bfc21d8dc45c61ba92c1679c52fdc0ad85bd60f1

SHA256
a071dd81c2e6b825a056ba662a671ad2cba2a6061d3be35c9effcd7cff19bc17

SHA512
abd333c40b05a8d8ff54e340177c81cf09c926ab2ed8a4b28acd6ed54b056552a3698d06608f8a42f36dabf46df9d64049ada10d5e6672baef61f7f88623824c

Download Submit
C:\Config.Msi\e592922.rbs

Filesize
21KB

MD5
b6fca24ec62e7e8e88522db7df201129

SHA1
d064e30687682df0da6da9b63517bccf124f27df

SHA256
8b64693a5f24a1b88fe3c01ae41f9b487f30cb8561936f7be26bcd1ebae05d3e

SHA512
1379483c70e9f716bbdb11af0765d9bd71c15b0518653754fab6b7d1a3b94873e6034e97fb3c2f174f7806b5f7e12579357f58ee4abfafb52c1d2291cb365900

Download Submit
C:\Config.Msi\e592931.rbs

Filesize
21KB

MD5
02028503217288497c260b62706d54d7

SHA1
3e999b55644ea6890c0b86f309ff5901cf528567

SHA256
7ee29979df9c31ab54deb20bc99e8062ffb041cd54d919a9a35348d00e3f16ce

SHA512
d48d1c09e028c25838c135ad38047c7baf4237d77372043a735c7ab2ecd81962dfcd02218a6c1b2327b904db29d274cefc177aba5d77969288c5e1476ba0c872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e78e32e-e188-40d6-ac30-12d649277156.tmp

Filesize
1KB

MD5
e781de3ef8d0a3b0f5df6331fbb89433

SHA1
ce18d7bc9539b2cee61c965d618cb7a50a6ceb16

SHA256
dceb75f97a54dbdd8c14677a2107e99f179fb26b28081acd357467bd704a9add

SHA512
14b61e8769e0e92d5cacb9064fd963d64f620b438ef3fa27d8646dcda9f16650b24569c597f90d9f5e591d5ebbe2d809953a298feb7a38eeb3de37dbe5c657d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
06d3948920c7ec2b8a1701cf1526fbd9

SHA1
5e022503cbf1911bab49391ec01c1a9d358ac89f

SHA256
952475f18851113a7c7dc01c645c61df6acbc9e1d9ef79cc9ae72613d7c447c5

SHA512
6439998b59061fb1cb9b06da3669c0d92c5bb812f4ddc01f5f8d61c76f9d7975bfbfe63655646c4fe1cf7a0574061cb6514f6fa11e32d12f5f2e379ebdb0f63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
a8087cabe3a1189c03591dcc62bfcf97

SHA1
f56a340d8c8e4678cd927c706ed393d627a138d7

SHA256
54aed9bc27d61517d35502eb4467d9cd346e81936c4f89a54d6f2792ddbf150d

SHA512
6da006b2436b4fd338780721d43e40f797dd46c4697831a140723559c7acf5f423c2b360105278e99c9ef628c77561db48a4edc6629d08fd295892cd05c0887e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
135ad959d22ab16e9397adcc4dbad050

SHA1
bcc3b092cf2a17652c5b00fc214f196d4cf5363f

SHA256
0153f8229e99f3a625dbd20db65a13806618fb2d42ef80d515ef6bf1871c5a84

SHA512
34ccf4fdb55ca08a97b22a65781178c4e9ae373e646653f2b43be3e4a65d557884eadea2a015208d5345852193b355469718103430be810d366b4ac4eb298350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
0a1c0e94db97a99fce89f3095e170467

SHA1
6ae6ebfdff4eee34add668a26be42304e1c2d45a

SHA256
1bf785495b12dfd8e2231f310952fe20256cb82ae22726880daf73da27bc7cb9

SHA512
989eba5a214fb8ec5f5b834d19b6c850476fb54e7a60bc5d17c979a9b920d3aee3740ebc606ec7256310fc26fdfb9e4883b7bb4e5f4ca8909a2524f51288dd62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
64d973201fc0315bd44c71e924a3fc22

SHA1
d93997c29dae870b3401fa1fb035494da659b4e7

SHA256
76b262f8131dacc9051766f5bf65e72bb2738d7581c4014c20aef1f0d93d3c80

SHA512
f617808931cc29c4c22ec8e938ab68e188a508919448a9b00929a24f3c05da137f5b8adc2bf15d06087c9643e0ba07d6d62abd7db6060d6830a1e06774dee812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
1f93fdd303abaf0aed9ccecf589ca3a1

SHA1
e9270cd0b202a3a6e97ad703c10afb13930f62c4

SHA256
0c15666118c2570e4cc6eee666cee530a56112ec99907080eda72ed8a4bc2e85

SHA512
d3cb3c293841b8a05ee6229439368c7513550778dbb2bde0928c688a59a834ef8172d07149083dde17ac8c2753eb5e0c6a1c5cebea6c4ca2b180e02d7c242850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
54a0ac2a8aa60ce2feb564ab4ad26eed

SHA1
d28d0e9a1a80f9babce4b431581ffcabf707779c

SHA256
dfa5a968005f3969f02a629ad01c551747228609a4649369487bfeae4f8689d6

SHA512
5c4e674654b8594b4d663390507290f171d4d01fcbb98f87ca2f2c897353f703671d5733b3528848a9ac197765d5c70db7989e6170c595c7d434d028fde9494c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
8caba61f32f3b4e2fa26fbd742f6d37d

SHA1
827136aa8220903fc8700a76605e0ee7745dbd4f

SHA256
ab1345b863e705c43978b79d52967434868203fe8dbe80fdb93850f0681b5f27

SHA512
e36df416b1de42b3888c3c84b0a6a44ee44547965f6b6b3bf2a8290dc69c4efab79b86730b8198929bd48524b259eed31e7213b12c78658ac03aa772c3d5f840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
27f8fb5a606f41cc7e092e6c78e455c3

SHA1
57091cc12f79372793c2a557e1f182ac79423586

SHA256
f38bf78666eede740302f2a2e554807979f4ff15799c2622e57497b673aa844f

SHA512
11f9559c1fa11baf328052dee5c6670d778db76317e88dcdef7520ff649dd2d0e5ff373800fe57f8be09ecfdd9c3cd87d90a5beee38e4119629e46f52eae6204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
90f9d761f323f664c3ffdd7fd57858d4

SHA1
c3740803c8dcc1c548d53a2a6d51c419ca94b56e

SHA256
326353df8da2315ee696c3702d8b680128b0751be976516dc7881699e71a33ec

SHA512
57aa16a21a9830cbe60feac79f1451fa5374df1b36955a55ce76c710c110d5142c9cd896f1635ae5b0583e3b689b0958c30ccf8d28150879fb05b3e2e568e8a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45d6f4e7408332d7_0

Filesize
289KB

MD5
53f56b07daec05addcf708c94b5255a4

SHA1
dcd644493ebe9651e0e13bddebf2d1757960788b

SHA256
bdb2d3590ed85d1ed54a559f07ddbd455a6e5a708f7500bf735806355362ce73

SHA512
a18e0e81e12f5a95e8ed0c900511f74671cb9fe3dfed86121684868b0868005a9281be32e6d638cd696ec67ed85387d04acc4ddb036cf73ef69896612b8b065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
69c5ea2c917715df5ae0f074688e5cde

SHA1
641bd9ca803c3ec567193c1d889b117a7727eb6b

SHA256
6be281747db81ef1afa4d2dfc3301d9d8e2c78f2d064a61cd5946d319c0b9c1c

SHA512
fc49a3c8ec03f7d6aad4ed55dcd77a6ee0b78785d2eab6fb01485cc5256a44c6d00554cdd36336e1e12f9e3b142526ff1defedcf4c376d765caa5ad306266bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
8fdf4153a5469573afbfc346e1e3f977

SHA1
15962b8034d0315e52ad4428a24eb3a195b81e8b

SHA256
bf8a5e03b9ad5a59b6cfd2468a7e483e696c478acc06604cbf0b5300cae98158

SHA512
2f63596aca5bce138c7d5a0f04ea1dc7122843fd2336194b3efb2ec53d6f41ee920f7c3bf3efc19e0b96b8a212d90845062f7e7e175e33a4c082a5372dd7af64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5205bc59eeba8ccd_0

Filesize
75KB

MD5
4f574438becb91d5fc72261e8e12cb75

SHA1
45d67bd5d0d7c3b488ce5e27597d7a5f61019377

SHA256
daec1a0910afab7c2271a4b2739166e46fe6c0ff55e6b951ff58a76a83e37748

SHA512
7d2b0ee71baa8770806748832c9458490acdbb25c00b10e546c15622592b48b300b924df4897a36de8323cdb65436871c3f1c98e9e6d284495a67542e1692732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
ef0a6d6c3850e30cc9e78e4e6a59fdec

SHA1
c641b0249309e950dba843acdd618b0c29c21585

SHA256
f6a70380c11a701726d6f9e02d2a9fc2a162ee04e87338237f3bc859946709f1

SHA512
628c46cedc7441dd84e1104fe8bb739624f13cde38e5986dc8eda4d0e3299bc236911ed0b6bc5b2b53bbbef9517071c557c557b9c422bb9ee51e29af8a69ff6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
c5ad42cafcdc2d9ebef398fed004b322

SHA1
a09078d973c47378fcf81f073dd1b52c09831483

SHA256
a25de9a5aef8c8cf41dff6c2397aaea4a12a3b95aa9e058f9c5b4d635bdcb5fb

SHA512
913103b4743cd8267080ea816e40e96cef9f4b5d773a191042611b82dfabbb57d85ecf8c7157d0fa94464f64f44cc2b52b002c7fb568db1fdb8404b7b50dcd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
2f61a581723732aa3ddb642b4361cf81

SHA1
b0a5d62886107c58d3315c420d2bb5849b59dc15

SHA256
bc18b729adeaa2d8bef860ad5cfb87f7e37a48c1bc70844cd4080035114fc162

SHA512
7e9011163860861b66a0b0ffb205a24d34fb842f20e95d2d6c8fcd7c43bac11a6eae808ac27994831b340b43e358b5228d795ae6ac21c3abc60bef50db1c2522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
9d4f0607dcfe2a9256c9e29f618f4755

SHA1
90a057e6a63990f2a6c9847646e695f4c20a5c2c

SHA256
6b80366dec803eac456e4b8d2aff2201b345357c8cb6c62f976c774bdc63c5a1

SHA512
16c621e0ad19b44eeba86bd1b7d1b9a7a7ab445d5b70842744e78cf2fd8d8ee30c05ce2b841c524f8104a010679804198912e0dc6c34fc55c50fd54710c630bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
0bc4a240ef4f250d670c69770d9b30b8

SHA1
8c46692d8303142cc8b2dc453650cb49a8b86e9a

SHA256
d4ea1ee7e3ec6b207d4f09df4135e6dc90d2635a26fe5161f02619ecfd671579

SHA512
d47450eb3df24a2cf9258e6371d74ab8a266c7bd5406234fe63182f78599f4425cd3ee91a720e05ccd9087b243dca9ccbef58a9e907051c9c74af0a513c42d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
2KB

MD5
9fb7776a62bcf911ef0871127c206f3f

SHA1
cac6df2d0ffdfbf17f960dc8f2cbc930eeb43cdf

SHA256
10eb6c2d2a88511c37e141e1ac264ff1b63a4dd77ff574339a13cbc9b43d3995

SHA512
61c095ce896c57ea5dc807c1cff19446cfec50a1ae5f718e512e2ffb2dbbae71a719db49c8b1e4401108e285ec57a1a011c1b031d183db9f6d87e622f1979558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
f840cfdc912f7796621ca68144781f10

SHA1
a162215b9caf71074e8e8801707262e380eddf1e

SHA256
ed10e4c21f635e75707b8e51426036f977efb483323826f22ddf54c868b54ac9

SHA512
200a989135aaa080db1835381afbbfea5f4836f0ea701dd65fd53b276a74a7265c41b42409a5be89188c7dc5abb166ceb6afe7dff5f89f77c037e385460dc693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
0df0472d73c70361a54b69115a80904e

SHA1
49a61f43cad655c57a736069c5fa8b1fea67eae8

SHA256
cd3f03f6e55aeff69a4805ad5632ad77800fa5ea3e40512eeaff9cb4eabf683e

SHA512
d6e16b486e4f6995834ae5f420ace241caebbfe2d22888ebafd3d34bf55c72bce3ccee2fce7281b236da655e4fdb9624ed19bf7b1ab0d95f95d0dd71ef503c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
730c1beb23ca4923a86b738a8e1c9e4d

SHA1
8209ab85da3b0afd143a2fc38963f9a3651b7248

SHA256
cc7cb025fde6783ba2c6a6e8f61186cee3fed683ac1ba4f975dc53cbc080d6cb

SHA512
0bf5a32aec62edadc63cf901fcceda707b3958bbed7a59517f07b9b8e69550b70257dc4e51d12f251100b6d7ab29ada0d10c43c03f5aacc1750aab8f7dd9d19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7382f7d06a5af787_0

Filesize
198KB

MD5
e2f7eae29f92f1ee059b699095513426

SHA1
09636bcd56c4c112b7fb3949ea40a5efbc43c913

SHA256
f9dbbdaf9e40fb1edf40334f6954571344723bf728b7a63b937a5212f882c5d9

SHA512
70101acd91576d583c4f52925264df2f3afa2112d01f1d1a47d3662e5698bf8f1187211bbd02a99d21759f4b57f8764edc6dcf521606825f9b581deaffd5b779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
8ced0ba8205cfa44866a801762c19bfe

SHA1
d50df7c5a4c2ae4a1a97790eb12276b3ddb461c0

SHA256
ecacb7fcc6469521f0b7ae31e4c8150817f09fd54e6540030f6ccbdb5d937702

SHA512
1c019e779baa290321560c05c958be04f875db5d1cbebca0b1dd9f493d064a2613a39a2ff779abb03517281b5062051c22ce5d0b662e6b58c60e5df155d56997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
0e0ce366a9798eebbf7f01f470e41202

SHA1
bb448f95b5b4348243699dc2f567740ae6ff15b8

SHA256
7f30269b2efe98f51844036b4406d008fafd16eeb8dfc1ebaefff9a0ea4db27d

SHA512
13906b3b1608e8ca93f7c37aea083798975f877952e16482b59c3acfe15d0c44afc8529b22c95c1443d4da806b1034a841eb7399d4a405b270e9d32460c3a00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

Filesize
27KB

MD5
c4fc11b740546931774811df96757ec2

SHA1
61b36462e6ae4ee60de5b0d57f49778c8a4c186c

SHA256
ddea8a12c1da859da7ce8b56b6ad1b0a1a8bef76c7b2bd2db6794dd65cef5fc7

SHA512
6e6dff69c4dabdb96c62c9601ea023909d11afa01aa464219f468f41b5f93e78fb58cde05b3ed98e83548143f11427d7eff69f21d21f6216d5e3327fc2e8f0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
cfb77715a1f87559417b7cc8df899cfc

SHA1
c4ba3d9708040a79e4fcc569f006603eab4fb642

SHA256
a948023fa2d27a4afa8d0b740cfea70ecbd844c5cd0a33550ab791bb99d9b02e

SHA512
1c97aef672a843a7e98c574fa232c4e7336c302b9eaee87b02e6d989c99857f564b96a7d2731e712d6256941f676bccf260184b2182e37e3d1b25b87059accf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
7520ef62cfd03786799cf107ef9228b1

SHA1
eed54644599c09dd2e09347d0a6a92a65e35fa12

SHA256
578dbd734cc241764b1e41ac778a3341b7f86fff5b335e8b27624852522505a8

SHA512
bf1fab8e57eba5a9d6e203326c4ee86bff4d34895953453c32fb1b15e86c6d121100006a528c568413e8893e5dbeca92ad2d88bbd351a2ebd0a4d9e225e7c25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d07dc3a67fdc3b2_0

Filesize
8KB

MD5
297e0a1a1ac67acd05067ccefe643f79

SHA1
464f3d4c8b36d285df0a07c954fed23117aa77c3

SHA256
3b2d1550dafab478b25443971f2c99204e4e86247c80266ebbeb4fc40a9b0086

SHA512
f194c5c470c7817f9ad05665d4b35365d9379587fb40f1d2cb4c43e863cf08095ae72b1cd7ae83dc3a05c2c92e602adee332eab56764154c30c93210e041b2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
a4b013957a3f1234c71ffc617d4d4c51

SHA1
536779d4377bd2a1dea7a284efc1e881d2192566

SHA256
b2adec1aa100f3589746d60be76a104ac5fe47b45199930111eab4d391f99492

SHA512
1848eb201b3528f32e73a7de626f9bda33272b26d7b7617fc6b2bb53d65ae750ab0d624f7536220d656a7f5a1744e60ff527c53de6008499782de3404de992cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
490e052db9ad28c8e388bc1e7c4f21ab

SHA1
6ec07385b11711f1130c001ed1d0f59b8f4cbf92

SHA256
13d36f052f0aea5b8e8b6a0faaad94533a7e47e088855f0ffa20be41f96fae2f

SHA512
779435b40e87bb1ddd5e9402d5a8e7bb84b9e0132d4d1da599e20d78bf9a92417e928da8c5d742bc631fa0d65ce49d58f7798a62666b65cc74472aa154e366ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
a3781876c7b06db4094174410c277f9b

SHA1
765d2276b2b768489f46372054b70c0573c8fa51

SHA256
3806a50d0251cbe26783ce3645d1bf17c31f7c8dc55934f7c1cbc09d5f26fa00

SHA512
11d58bc73854b6ce04983ae51178287d2330b2f18aafcc3eb5c614ad43b9b9a3f4961e99b802dcd08811505b61d70e60fdf35724118913a6f0244b5a3de3d380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94124545ff7315fb_0

Filesize
22KB

MD5
4be1fabc7c57c2851a8fc0f579c31ec1

SHA1
2ac4e62dc735e39fb023851cf0a3297c2645f412

SHA256
907c020b91bd617a94351ea6317cfe59cfba29e8306819ea69c97cdbd6c17bbf

SHA512
32bffd3d7745b22b5414b187957cde47118a79d489b7e5f25428d3ba23f7faddce27d808397feab35142232900b4b14c00ee489d5167e0d70faebab5b028b5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96b356ed177fbcb0_0

Filesize
294B

MD5
9759ffeae3e1bcee45c2b7fe3b54c5e0

SHA1
743bc238e391601c0f2a39825b46e94f5f425779

SHA256
58be68ce65579343b837bf8f7702dbbeb7385f6ad84031ce388a3ce5767cdac1

SHA512
6a2faaed3c1ed72d09eed62250d306cd1ce5c326350c85604f03b0f8a5cfa558757c525e95674e3f9053195fd9a138a3a462f58f2f8a3671e74612435c70d814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
1a3ca25dc3bfe3e213e4275853d632c1

SHA1
936ce86567c252b5af2a37b5b9cf173f6f487d30

SHA256
cc624527635a6c914080f2f1465ef9ae88829057df3347775e786e1d84e56d1e

SHA512
a2d36eb8e25083d35a99b5e88c93c03c66183ee2b8af2ff339db79756ca1cb4b6048591b356b1c23ef2ad76200e1a51206204d9b47632b6dfba595751f1694ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
72505c1089d81bdb1a7f31eefd8ae982

SHA1
ee9f8e6d424510069bca95b0d062db497e2caabc

SHA256
c822b648a4a6703f0d9d542a3e32c82957f46497b875aca0050c8f2054e619a4

SHA512
0eed7922ddcedead0c54a88bdae66b209e2442cef04ca4bf07549db9ad25505d98404fa75b6d6b74f7c3585b1b4fe0aac4ccf040857572222770376395724827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aead27c05dbdd98f_0

Filesize
1KB

MD5
eb8141100f463d96aa2ae06d91b3bb3f

SHA1
e8df2636e7f708a752bb87f63020726ebb09433d

SHA256
8f7abb7e4bb18d24c9528bf413c7c19d461fb8f8e37f7168aad25f46f0bb37b1

SHA512
424a1660a16aeb6884fd71d5295dedbd3ebde34f8261fc9e62d793b67515e14f16e2b11a48fe6ea6f18fd4519e13ba8ade35520e49b7466284b3e8dd2af8d09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
14ddce7eb7fb03de4d8b9dac544ae0c6

SHA1
139ed4e219115c54196d9f63abedd5ed888d01b3

SHA256
8c7f181dcaf5b2481544b2dcceb0d4a322480eead478e21c2dbd50f34e570a03

SHA512
ee56c03b87bb631eaca98e67b6816cc9b8549707164421f9e415798627272a772f4809afb0d75057bb788d255ddb7e8ddf13a9a6ec10ec5362089e7e008222f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
2cf5672914e9af4f880698a10896d8b9

SHA1
3869b1e7cbc42e4f65eabac018483db0dda85a8f

SHA256
303a7c64e6ef22b281d1a3008599c61d81d7abe66208d9cb30959b48445cb093

SHA512
e800f627ed81df51674272fdd0a370cf91193c8f4962f8e9a9fae230713235fcf73a2e9c9b05821cc73defaab01e579e567baa57294d4fefd11d615bf0ec0a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
a501f5863c21d5320e255e089e192fb2

SHA1
adeaa7e280115a827b4570b390c8795f96d67603

SHA256
25dd12a354e00324d8d5bc2927e3cdbc8851835f56996262a7d87b3210cbcf35

SHA512
3c922f68b1c592614c6c1f4570b97507558fb084ae5e60ef5554d37799b32adb4f02a2f88c6e0d9cffbbf82ded5e8a1c9c532a216ded223dafedb1df670a2b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
a2fe558fefe57b06db48873b44aa397c

SHA1
14bb8c4e81dc2d58baa59347f0fd09627f3c5985

SHA256
b4d3a20f0996550a6a61b9fa64395e6ab34201696d827a4ad432bb4bddaf087e

SHA512
634c7991f502a6869687db540dc4dbf04ce402351ce41990397849a32c277a3c02bb0eebb52bfe2002305baebf763063765139f4fb7bfe19dbf884e2af753fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
4764b57501b06bca19706a04de4c00eb

SHA1
c7a8825c934fd4d77f220078c0c73a57af71b9c2

SHA256
52377e427270f432b074c03eac12ec17c738a40767ffbbdd2ba4f4fd10b6ab11

SHA512
07585a6714bbbde66ee29afbb78956602fcec44b898cf779afdd583f08f4358516961ac2e6503d8664d250e49be893d808f3d16a435f877e8438948978e2b8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
e3db78917258cac1b47ec32858b50bff

SHA1
ffdcb3a68c1323396b32ca72625ae17de84fcf1d

SHA256
cc8c118a5fa5066cc7f636e022a758cc37af824fa4cc663c0b13e1c558619448

SHA512
ec8648cf89ab6dc46fef6f6c4485a58197806248f5a4fbd2acb74246ae200ce565cf90e2f63711360ed5d5b3f28be0cd5b751de86f65c7733ba68b7692ce18d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d23c5885716d996f_0

Filesize
262B

MD5
1c5bf3edccd64d316cf7ab553c2d2bb2

SHA1
a16e5931e14843dde5b7f0006a0dcccba843549e

SHA256
d95a5da3287b3e86190ec9df10595fcd5141ff9a6977d12e1302640edf9fd38a

SHA512
9fb121ef2df10ee4644c3f572f3e6da608e9cedabd67b52e8a167ebf36a8f499f53db89574832061951973d5b85f0a20634ce9057030c691a32a20289a8e2ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
4b02b3842e6c5b8e9ba4c1b4dc6bdc65

SHA1
4f6cc195bd68b7f13b9efb9d38402e26f687fbc1

SHA256
8e686db35ba300f6d68fe69b1d6ffb6cede881ad26fbf65d321b6d66ebae2844

SHA512
99ebb8a6df32ac952f17b00211520ded8c77b85b58b6b6ba092a826859ea2605441193318fd816d49d3971d40427010f8fef3f8acf3cf5704eac64240624c49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
56bea4949bd677c150c738c54d078458

SHA1
50d12999c801566b1ec2c85f58629e39f311335e

SHA256
60813107fd8a35c99f437a792564a04564aacb075ec7bdf6ac0e7beda3b14e9d

SHA512
0b42a3ce64b5400ea2b4e40002dfa8bbf7eb81b142405c6a61dbe776f38509b6cc7f5f29cae5095855ba081c1c7ecaf902e59254094b76360b8c2f01956bd7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
28KB

MD5
27b6798548b280e04b8904cce7ee72a7

SHA1
0789f9e32cbeac42631e2e87a7eda8496128bc6c

SHA256
9f5599740edcab0216c64bdd95098b3addf4c5b5960fe3660a6cac17e016d625

SHA512
43fb4fe55b4951e773ce5c7492810ab6729d86adf7e6ddc3a007aa1f218ace237252850a0fab5e9557cb5fccf91ebd6e8ff2296b194e09ad2adabcb9771d7042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
f8a854d2f2d957d47aaddd2be0b2c877

SHA1
ec9aafda3491b8c637939db96c247f62085843f3

SHA256
be4f67ed9bedfde1920e87997daf872d09dfb832bd29804788c6c7e14b2647f6

SHA512
463fc727c6f1a1040e01845f07b1388f294b62da3d4d8275775caf570d4980cb71d9706036c0ba908330b98c74941fbd4b53e4a32cbe34a30711c60d9df38d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
47KB

MD5
de3bf4a011d444648b36dab631f5b8ab

SHA1
97fa0f19c1a93afcee19d7223c55a9031fdbc3b5

SHA256
fde2255597ac7148794cb9a349a2f0d8b9710cc0453fe3d80fb16fb6670b5c05

SHA512
019179bc81a3c8304f9a73433db84acc930f4658e770bdb8e58d37705ae67df595750a9d2db3f309c5f9491c3c5082afc585d66d387e3a368a2f7e64928d5679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
af4600285044384b4aebaafa5da724c1

SHA1
247cac250fe7d79e1cbdb5be76b0e788c93df8eb

SHA256
6fad0c3cdb62d478ae9603cfac5c7e373ed8358c9c71689ca94536905c904607

SHA512
ed925d3e5e259932a0c537307149b4efc063cc7f27f7a6fd9cc58cb0678be352407ce97c6724fedd65eb1cf03e9f856aeb830054ebb52811a0086653dad1d4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2f407b1abb6e3e5_0

Filesize
175KB

MD5
a24981c9906a6c5df24712537bcee5fc

SHA1
3dbe95f033acc060578336aa19647db8b988b461

SHA256
753d384a2a4836276977e0587dcb88286c38caf6cdfdfa171ca6d66223c79a14

SHA512
54b842124d03bfdf5e5f98b3b60684b9db4a44051d84c3d11b12a16f49658c707be045446b6b4b0c7d3fcbfadbbbc14ceb5b9d1e7dc28753d2e7a48cf51c82ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
26KB

MD5
7a990eab7bd8dd34ee11ee7485ad6e3c

SHA1
c701d36dee0ddfaab3587ea74f7adf0bd5b59781

SHA256
6dbaf8837b214b5f01675869d1314ca1acfe50fb8cb1347f78005bb6c7a11ad4

SHA512
f6e8158d54e31b3671b25a72ff605c47ff4f42220ae8608895fbfdae0947881b1aacfd44913893f6799434c966738f277f4a546de05247083dd4bd51392d3a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a5d950bc5342bc9b8eaea5baae0cee39

SHA1
3c7dd26ad1991578e4bf6d4ea8eb6f7cfb9749b1

SHA256
ba7b29f8fd1b0884243bdbf14fc73866d4611031e6aa048a476476009863b8e3

SHA512
14db4d9021373245ce43dcd53ecb35fc22f85813a401f8e58f2086166fa546782fdb5cbd5596a9fa19f3202c12adeb4b77e856d8dc55387f8dbe2c2119ce591f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
2bf09cf735f0f3194870aeb288dfea2b

SHA1
eb6c0bb87f508814c78becc7adf90a10be37b378

SHA256
b920dc2575e72ca15c016bccd5b56b1c535c6db4a54333646f50b0a9e312cd6b

SHA512
60b81a2e1f87075b5eaac3f4a7e6bdf78f40cfa4dca5a1a7ef13001e54c95bade15bb900071b72f543bb7dd120ea6109b74e24c7c038aec346614496dc092e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
41657241ed98a00680642b430982a199

SHA1
f8d53296b8e6d2630cd3eef613577ed5c3e8c405

SHA256
ce7ada224b7adca20efdc1734130836578cece55f41bca24e5e8006dce125b18

SHA512
adf05023ff2ce2c9d3273c0cd958aaa1e143ab5071520e18870d15c80b6c4f149bc135162e10963e4a3a72f768ae75261a8a5ce20c50499bc6a145d1227f7b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
613dd16987a8fdf06826d8c77a6392ff

SHA1
1c6b791f533530394e5e52a95db07b0d4401d22b

SHA256
da05e48499f7f3fd9b96cbb87caf86c2d8877bf9dfe9a288d233f923d691be3a

SHA512
21d54e36f39abe89668fa4fb5e50d33920e32ac256f8e0cede0607d2a636a4b79cba19a98cdc6daff8b3577955749e8336cb339056ec1edb91c6ad2aa6d7bf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ad5f5bba787c635fdf2c55d998962d1a

SHA1
f1a8963449fc0fe8c4181385d20f4187dbbce0c3

SHA256
bba5fe6ea1d601a8aae7a790d89439010683efd38847a2203be7c7fcc87714d9

SHA512
6b4b9e5993e797ba73754dcaddf9d7e16232b444f81938e76c81a8c53b693a91722f95171063978dd8dd441f44fc420b1b0c6ff2cc3e8972fe273f76318732c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
8c31e06a795d0ef7a9f05942aae9fad1

SHA1
d1d6025f52c4e59d24bcb37883a7c94738bb8e36

SHA256
9b3acdca8ea7583a47b6d3925fe63a6ff4313c3b4810f5e3052a1c39b0766ba8

SHA512
02efc34b421aeb83212132994ac2521661ba7732f4500a8f91a8b6469b6d744ae267ff073d98eda037c3c1ef78d7a804e0fccf7cab34b320af09ce88abdfc03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
deb193d5d49952828c2450b47419e815

SHA1
48fec7fc5a920b4ff774ecce2a30d7fa4e8c0391

SHA256
d57b369d6a78add66ce3db53e06a7195847be59b56bda91867a233799243bcd5

SHA512
250d0c38e8b68963a5ba9ac4c17817675648ed3043d0dbb4eedc95b80c3a80a5786c7663d00b0073718f6f3bdc6350dbd1bd1132bc94b5925968a0637e8ab0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d6dbb8a3f22dac86404f9490af80df1f

SHA1
913a9d51f0488861b474c0216aafef7bebd85b79

SHA256
81a21126b2c7849f4952e419ab5fdade6859f1191c3052d8288fcf0b35bef329

SHA512
7719a3a88897b90cfe59115c40bf6c2d6c7325af87bd32afd76eeb70fbd773a0a96a839ec18be2c55bf950b2db7ecca9985bb8e7ff4c170b4369459ab3aea009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
757aa8b6df0d00e9b7ebb978cb644970

SHA1
950f0cb56a0a5811c7abd45dda69af700cdce861

SHA256
8ff35bc0c5fe0fe9b989fc96fc8345c851f05756970b36801a21f0f0b9952a19

SHA512
e783235d1ea776b38d12c5a4addcb428d723e5b5555264d8fb9b7f071c720a23a0aed1808a50f2d7daa5a34ddb2a85b73875cf790ffec07fbee59c9c4f800582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
cf8149466435c0c771783909e6ca2166

SHA1
cf44729877c0b11b2078ccdfc9a31af2efc9728e

SHA256
12d47d78871da70570b590b57d0129d9ff0588f7c2ad58cc0021f10c6cf6c5f3

SHA512
a450548bd0b440bec15b29c6d308eff417a8103300f843e001f1d6dd913e979792fa92798b867351b0529080866caefe8c1dbf78eb01a6147038a7c2c6e05c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83c56b3a168fe43c2cf24beb4d793e47

SHA1
4289b59fea29c580ecbccb5ed59a6b4d3aab2678

SHA256
cb20d89735a2bc3be9463b41a8592f3820fb450e4d73baff175e1015ae183dfb

SHA512
794beccfc6f22fcd3f0763b6089f5335984f23dfe6d2771cbe5654c01e3baa147fa141486b2b589e360d8b2806fb010ad7f58cdeaa51489e3dbeb7bbe8f3abc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f35054d3aa66a7e70fa98984b9e8533c

SHA1
0ec9e0baf06b498ee7b8617f58aa9877b73b5fc0

SHA256
e22391bd713959184763e467f2533cda04f0ae6d21d674d1d8d88e0f890c2e18

SHA512
d7d3e88bcaa91b727d655fad6be8f241940314b89d507477f3986155843b514ddd8713bde6ee8c3a1071f735df821ce3674ce9fa6afba3cbae2befc2976b8e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
89d6bc519460945549b70c7f5e5e78c3

SHA1
59b98771cac986a9bde64437bef43f8423380dfd

SHA256
222e295b8c164e47ffe75a6abd622ac0ae38ece5fd79d99b43e501f031eb638e

SHA512
6f9bb6cddbfbcc34a7a76641548d9587cc1b4d006c9b2d4909312cd88221e8ce384b437e38aa21770fcf6e293be380b342c2f2254a5feb47c22d087b834f03e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5891db.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4005f3728fc22b6e406d9067d339425a

SHA1
068f68518e87be46171f68e46d379307bbc2b7b9

SHA256
9b6a2bb46adc66300665a475411c7ac76a0ca9a26cc32a5782729c9d62233a69

SHA512
9cd5f3496efaa11b7c4678bfaa96373d31c709494442e42ae8b3b3d735bc2423211707ae31d748760d9c4b5b520eb963dc07ede601f30adf7d5b885dc4da9de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0268ec5f5cab4e5ef862e2aea18b007c

SHA1
0a92ac312885cfc82e799480f5ff811147240e64

SHA256
ef389f8e062120910d6d6c4abb62af2ff8dc8ba54024473beb464eb8e76cbf93

SHA512
959dad966060b4284b800d175831e829add67bc37eda495a53382b4126dd23633a51cc09c7f1e438e85a46983e54cb7687ab37a644ed2ae263d956f0e798b0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
685ddd205433c3d52f5303e9802dd0ea

SHA1
7d24e96911afb721c1b0cf49fef1e4767a192766

SHA256
a075cc55448e7f461f0bceae61ff569806280af98c0a47c9c66a42f53097da53

SHA512
88a1a613abdb726195c89fa0d7a9ff3b91feb586d32a194ccd74b6c495e0c19e859956d4ea7bc76cfa2d1962737a8e364f2c4053fe7f3e37485e207c8378ef03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e88f09a43532b95d297d7a51632844ee

SHA1
11a087ac8def1c3bc36ef5cc55e9cb815f8b3929

SHA256
35ba290edc61dde0e9f957da28f5c519067b9e4a23bdf2c0eeee04650bdeecf0

SHA512
5fd63cfb2b52df520382348a816083b5f5a2267dab2e5a3ecff449dac44fe3eca262fece2d2c6e8c7c14c1b5280de325f2fc8ed7b97f357d631deb4584606d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d3f03d35b11670e67d1e43e70b944191

SHA1
96ff061084a389c58e8bc2b1f8238c8bce9a0814

SHA256
58abda6ff620251caccaf5f02dec97a3ddd5091e076e88d9c17de17b48135a96

SHA512
618d37b798dd2d62d46ba0df2584974a9e338340fbab4521c67fc18f79d388d6b0c50c7f4ded5e3016f30bded5bed35890fc7c5d5e86ede98d75b06d08ad861a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8818cc1ed297f06ebe2a0410a934a1a9

SHA1
6ed85648aa0bfec5e350999213ae1c488066a0d2

SHA256
93bd6606e56c71d05131442382048aa4b3c4b7de03adfe46a7f39bc986950c5f

SHA512
49d348f961e2abb74d51b6e45236f9b5fec3efc5724afb2ca713af0a78588a264a85c24eaee76d1eeff797440efd53c8b7298af837d12876660607af80b3e53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d112651fafea33774164c493310a7b1f

SHA1
ea818a9043c2fdfec93ea70e0d27b6886e0f20de

SHA256
477eb43ae0588774a248ac7a72c4d4afd7e9520edb56cd335eb686ca2bb43cb9

SHA512
5e0b90fca7365694d700093b80efdb082309e3d949e73f65d54c098c636d12787668c22e7cd79957c6ff3ee552c904c97a10048de9cb58d76ab582d7b476b100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
a6976d015e3d461c1abfb1b6b3c5e832

SHA1
76cec3f62ab0a51fdf5553d991b60ce06702ac98

SHA256
ae96ea8978e143b465f72c3ebb9660fab4a79d2c9425f2875c064d722ffb82b2

SHA512
821d7a1facef96c2197e07b170f13974e794879786b55a9ebccf0ea09fac587a903fa54eddb4b40bac4b002e0536d218465e7a74165f72c7a4d63debd36ed033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
fb157ed6d82d858b2db15679d6088cee

SHA1
c2f84fb393f205626cab0882f09480e0ef356c0c

SHA256
3f7f908e99d3c40836983b6a7178fc945a9e6092a10c41e8ea2164f9ac20f75a

SHA512
e324aba5c37122cf3a6bd8bdd75a8286a7ba43a19836580d8de49a6c342c8068e0f4a35bfd37eb5119b850b8ddea7c2a957a40e64673437deb9b706a5a319bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
55590969e5b3a06313e1c78438ea3e4e

SHA1
1ccfabfde2821971012c2d7fc3e75cc85142c7e3

SHA256
3d4c940d69a4a6c471684e612434fa983e2fd62d10f1916b1f99eb037bbb78a3

SHA512
442ad68364f32296e20284630ef9a88a3898ef07092740aa7c9da4993184ee7a002ad25f0f8b33f0ba0e66ac9c45ec47197a68665d309b7e12600fdf931619d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7569ddf9b68d3f40defbaaa72487475e

SHA1
41080bfd4c90691e43e7f5247bd009c5cabf2f3e

SHA256
046b85c12b8773e7e351417bfd8be70f3e80feb527c52672e43a7b4c8c6cda66

SHA512
cfd12976d17429ae52ab09588d546992571a55fe2f0ba669e3051ef6c8044cd6f4d4c2ba015cd6cf443f6d785457796e58b3de3fc3e71e41c89886b1547379e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e260839e065c0b96765b3aa6e17e2b20

SHA1
dc7db13efb8b8f1306092501a75f4e56c6703b68

SHA256
09b831df5ab36db76bf7af32da3122065e9cc1843f18ffa425f0bfdc952311f6

SHA512
f5705290a354c67135a1323339fac52cdca66fb113c3a18375746025e8e76e4287f7ad61e93c9c3015f444cd0631c38c5afe8e64e9658a3c645c9817cfed7bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccbb270c30085f81b139dc930910fd63

SHA1
d671e8a39502f9071be67a13f8087817d8316fe4

SHA256
07ca3d50f728ee680bc371f9ed4dd7b4fa2ab818372e76d541a0ec392e654185

SHA512
736f7f95945c7327424728effcf147244da3ba9f89abcc99087bf8dc6f03f856d64669744bba73232e0465831999fde458da82c7628ddccb9a3ea413ee4bb123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b047760061c63128cb83342689beb655

SHA1
4f604524061d26e0f037c2ef7e7a0b13589cd688

SHA256
822f0a2febd923380f6bc397bb211dfed069fa91d4d7d7a378d2607bd2fba00b

SHA512
6a53c9f73a5d0044ce34ce32fe485a32502b19839e9a543cb1990306382415e16134bcc2f977d5e022eec565990aed039d9cee43fbc57891201c8c122bacb1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6be7d73428e084842a4690290ca3ddb5

SHA1
80ce114ffab8696db6c5847cc00ab0e9c01edf5f

SHA256
e489f5f89104393fe91958ecd3d4122d6802127e9d726172bfc2ea270f8ffbb4

SHA512
cd6bbfe93495a776248494c3260330b89563a1db5f08e35827ce4cff53ad67fda1cbf07dc7b03622393ce06f0f86d907da3e8db15def13813f19babbc3f2114f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ddf279048adaa358e2262bc72be42f38

SHA1
47bb314aecf8d34998b07af11790c270382838c1

SHA256
42c1441422e6dd0274e8dd26f8bcfbc006b42ce774fcc15553c81f09fc910dc3

SHA512
40f14d3b7baf42198fbe3c56ca2689c1d58785ec408e8d0685993ed3a89e9c137f29694424318efc10bd171bdaa4259ea64141750407a8effad4e5ae17edb009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a00ad.TMP

Filesize
48B

MD5
a1ec4b04b0863aa615bb1bff4be041fa

SHA1
5fadf2285b9079674c8107f433b01295f2e822e6

SHA256
4f9866725ec363b3c8b3bdfbb032cdecafa74d32047c6f67df2567cbf0bd38af

SHA512
a420734004914a77c48ab1b8caa2697aeb594d348576d22ccf16516bc534c00d4e34d525d50213a12deacdbe99449ae0a0f742ec42424af58e98271d9cf6a8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90bde0b1dce79b980e3c38ba18fbeeab

SHA1
6e9e5f5ed05112309c692fc44c154ea7bc245dd7

SHA256
d0ceb73b22a23818a31310f9c6231ec0a9bc06c1f89cefebac19acbd4aabae7f

SHA512
afdfbaba5855c9f6b3ddac5ec93ad57be2ab7792760c9d591ae1b35a4975bc538a01831499b2878a469c024f5799b03bd6db77cf1734bc68d7ea538e4d5caaa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a33607c21d8a690710ea6c238e50b8ed

SHA1
78fa21cf8da11af4c2bc3a0eaf1178b96ef1bef9

SHA256
94cbd15c6c24367d524aa828718df6703885f5c919d356cce27580373232c85b

SHA512
befd06604199a615dcf82dcd34614947c560b0715e1a3c0e9faf49f7722998fe5afdf36feecc1cf27b0d424441d87b86fb01fa7fe39a81f9bda1562d624346a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2475e327cb0260608094f2e88f1c762c

SHA1
8535023533edd4fb6fd1376520aea8a322315fd9

SHA256
cb3da17e73b5c4fe5baf296744f7e1f5f78426a0b0a26dd36b5bf09ef144e187

SHA512
c9f9417a688a6bd7de73b3d6b611b412f7ddce24b879582d8c17fb5876a0137c5ab9416904cf30e527c0ce397d395c4fc6f14fd2d4884fd27b9ec867a11fbaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25cd40574862643fb0163ff842c73904

SHA1
234d5fc858c3b3b9414eb58620d9348711dcf16b

SHA256
26003e09c52cd107b486c2084b32cac79a486d7aef6e5f715884d8de90cfa7a3

SHA512
dd62da4c12aae86e7b3df6eb25e46955c33e0dc032581da952d7839f7a30e8e98b05fecdf1852b1a794fa76a65ba4e6c0c40b99e3a77b4cf5d4e79cb08c9e64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f9f0363364553c616b86c1da3522d29

SHA1
96b75f8b2dce38ff79c32375d20bfc1ec76a767a

SHA256
c7a0e3ff57ccf48d4fb17b5425cc8e4e56e62e67bcdf77a0d30a43ed52717a3f

SHA512
06988cf6c7bd822b9d98995866d03fd7f3220d656f375b8846e00f6e4c7df40f897ada1b41fae060b5f0ef5c03202397402247a1dc933af1aeac1844fd47e9fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec3ad85ad19b424fd95e3f2f07cd5453

SHA1
1672b9a304198ea66dfe98a12b03e786a494ac52

SHA256
f83076504d510fe74799012170458dda63f8feb3beadcae737a1b9d9c8b3e062

SHA512
049ac667ed504a2341914b8980328c5e7c138968aeaac9cb400337cc3fcbc1595e96cf1dffba6c24fa9348531676da3592f6cfae3485fc168782265e2a6e7015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d0a471415877f63084691f421e5877d4

SHA1
9d1001b5d0c2e7f3bae4966047800b902aa0a9f8

SHA256
f71e835b740967556999f00d41a5320aa59d553f1eef0f8f6ee6a816525f60cf

SHA512
f0062b8b26f407c12cd7e3c55ac00328d2d4ab60abf55623b7ac6c86d5691af06ddfacef27f3ff89f1463fa4a8a7fd091c8ac2a1132923a68db151b4aa6a9ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
60f96a146f79d08a84b53430165f665f

SHA1
e6c3518af229c90573d64d4bec4921b3d7b35e8f

SHA256
66edf6757e6bcdcb3c7a37b98c5b47adbeb25112996e04c60e50600511824215

SHA512
b9a30055884562c605b260776bbd041a8a40db812dd986ad9810f4a9e82af434174a44bfd3f6cb6d6032cc715514c56b31dc7e798b13869da54e306b0da2972c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
56da6577580b028a5155cb1020c8621d

SHA1
3cb7ffdf5cb1b011f796fd3037dc4b262d9833a4

SHA256
a32707930b6d5fe2462716742b5e42677fe0984a6e6ca382f15011d41ca90113

SHA512
e937c6afc1f5becaf0765e886c375bd50dd1a971fe6320313e2b9940c5d3d006aebaa81452789b31532a4519fb987a92e0fc997935443478e8310b714ec0594c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2ef373b47c50a1dec4b7eb38f259c59d

SHA1
4e9423da523780a8545e2f3ac0d1135e236bc5bc

SHA256
4b0f32b48698c44e7f619544dd69a0b9d7f8a5d82d8dbd19babb12d0243c7065

SHA512
88a9d6e00be734aff2b9f281b3f171badb7694f2d83568cc0fc9a3f028c6a702cc5039b6e6fa96dc131b4db199773ffbeacc268c3a1c9238efd68335cacf34d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edaa1315ba5919f531b08c54d3401aa8

SHA1
1ad43f24bbd41cea8eaf86b46e007128b95a561f

SHA256
c521d873b92032fb8b13bd1e7121b0459616e4696becd4867ca3a59510f65910

SHA512
e8d91fe9cc136b30330b279109d7354db4a4816ec99c1c72dbdb0a432fa0af4960cbdea5b6cef895f1f4c9dcc94411f0666c2f907bf5c590200f3c451863efc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580942.TMP

Filesize
1KB

MD5
39162c19aeb886a134060451e0c4c55a

SHA1
eda1ac788672e0bfb9b425481ee76bed17c4a1c0

SHA256
374a5e664a54bddd03dd232afb9c09992a2a479a55d7a132d2b9c98b5b4bd739

SHA512
90c7b414e0ebdb9340d2818c417d70190b3ceb90a88cb6b49bb79c17bf0b550bda0e67cb4ad7e9f5c0d77857188c7cbd6473327e1fb7cd59388b0fe96c837ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3696db123f08e811240581be28c95b81

SHA1
fa7035c4bd3661343b6a64cfac22c1c880b5e7c3

SHA256
e180fd2fde82bc7f4db26902d684019c4b2cc7e2e3464651c9e84b7aef1c420f

SHA512
fe21f3c0bd36feafa3ab1926ca6df01fe5a89616ed0aafeb6b5b77381855314a41c61aea4dc0a9b685bafe782be21387ef38e2e87d19883e4539b5773b5c75f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
724ca04cdf8882ac2c8fad6309e4dacc

SHA1
3401312429240010b688c1ff607145907d35de15

SHA256
dd23e94a963cbc396caf82caa11b9957aad2c074acf1926af06452c2a28d9605

SHA512
420740eb2cd6382968ce5365b00f944a46d94de0ff27b0a956e797175d6865deaf65db699cc925691b3834d48b1c048c01451009e20947734c243e0de83ababf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da0b2ed6f6507cb6c5aa9d757747b3a4

SHA1
265961a1045aa235d50049c719b367b56942e645

SHA256
2b82a935165ec74c8220a56a7d6c3cb4c1039c23163bc5c0ff11ba429db5e25b

SHA512
2c8e4933c5e1ae9db8cb6b928881d4bca7dba30968309e2f3840929e0348d9d229afc958227ec1aa469039dc13903829764b51d8286a51fb28662ddb602ab9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40a15254161641e336772027c2829fb0

SHA1
e8e2ecd1bd58b728a1a13c1a36abb9ba363f40f9

SHA256
69c1a076d230c6764ad53dc4a38dacc968135fb4ca0ce6cf4115e5a4d5a29631

SHA512
509cd57f5f67672099e8c1dda658e789cdcd56922ce7d015c9ed123f123623042b851fbd9edd2758c9ff671d04c8abb55346567aec123ccd9b04a906cd378420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
00ef7af57acd6c7d1cacd2bffb8521df

SHA1
4e406ae1f443a25e1d13ad3aca6f5ddfe15cb665

SHA256
94e9d0b0076ee7922f616094628c0200e4199786a5dc2ae60396cebde006a0b7

SHA512
526bc0b539491d3ecad2a8f68037c859fe640ef2051813948f822b460cc6c7b8d1f2e69ec8d91ae5b2bc7d46c95676274d5f9f71cf0f6d82723cbbf96da73a9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
fbf52199704ef3a73f7f3949d84249db

SHA1
f77d83e15a0c2a335a6074fd11280d1e310db05b

SHA256
7c721665eaf580407a770c2ed3b09450b3ffa34154c749d3182644a6285fe240

SHA512
fb8d4aaf023d462244583b4406f06d92618d92a6a30342646cfc95081b66aec84eecc7d13f6833bc4a7298c934fe69131d642ce3bcb778a5b6edd78570c8babd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\2D49A4713421EA8C68D04DAB96ED352D070E9259

Filesize
144KB

MD5
e208cb014536749a44c65f8f1835faef

SHA1
1cc7d2766cdbd14b2d078b1be3b528735aa5836d

SHA256
bdd7a017c6dd2978667dedcb341e9cd2209b7333cc4d2a3534f22dc9938b45cf

SHA512
a679a94073b114f54ae173ab6804eb259d1ad86860fa4d0418cd7a326e5de4fe6bab93168f1cd5533e81273a56c0437436b82e089710368917ad6751f2269d30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\4A0675FAC04ADED265624AD1ED8C9003ABA0B655

Filesize
70KB

MD5
951abcbaaef57ac53a9db73806a79d1c

SHA1
84f8ca86df4f760042b1042340623aab98a742b3

SHA256
8cd5287e75eb76626842ed3de87da4b75a3232825144b618e146f5b76d0e79c8

SHA512
7435f0250623f316bd56456e624996724b9fa731d9fb7f8f7388bf9beed496b4542572cd1dcadc439483d60d5480f70aafe9ad7e551382dfff4d5f960f9cbefc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\A2216AA7120D9889F3E2C2918E6BD3A8F7CFA00D

Filesize
112KB

MD5
dd32a758d54e4b6ff59351a646bbff1a

SHA1
fdaad3c7d150fe28773cee603e20ac8f99959cdd

SHA256
4af1dd03c475f14c26768a553c69f974011968a0fd90653143cae277a49305dd

SHA512
bde2bd77089979e7a04ca9359e31fb801f6d861d856c178a66effcb09fe6d7561bdf3030d4b643c1db39a193a2575958569a17edd3db86e416880d599266ac90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\B0F225520321AB43D7699C9424DF0FAA23AE82E3

Filesize
132KB

MD5
3ccf40fdbb30cf550c0dbeb81d156c65

SHA1
8d446807bb2b6bdcf64c94e84d3920b57d1bcef1

SHA256
4c75c96c42a5c0ad28dc8b272566738e91f2f92a69ffa68bdf8e0161a57569e2

SHA512
af2551ac94d7f7dea9ae4e1e1bee07393a95a67f0f5179d4de997ff88d8177f3159fd14496a1aec1d143378d24210b845374e53dd564d8862ec7a28f67ec302d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\B6F76A7745D4127240F6F54D2ED352EAA7779D3F

Filesize
140KB

MD5
4f6c168838bf7ccd85190562e0a93675

SHA1
921785c8a539e03aa0197a1dec9c1f527b4018e0

SHA256
9aee9f7b2b8e81ab6c8e09b8aab3adb7eb4424e24c37b36bd696edc88e365893

SHA512
42d2bc8e5536fbd03f8a04b981708fb5a92123988bd68221901a0637154f4ab400ce95b9b8c47496f9321561447eb16beacf1fe659efe640613fcf0e41f33cef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\C63389EA857788E3A42180A9F8EE54E3B43B8BEF

Filesize
97KB

MD5
c6845d0446398df0d4e73917d1c5a5bb

SHA1
68a0f0437c8ff8d17da4a8213c6d3002e22a1589

SHA256
e98ab745ba4d2fca84c5adaaced1cc584674a8691fdcd112e5ced6ec7ccf01af

SHA512
932486e1546f1d006e6802efad2a6baa4f1177a3f8bcfaed76f06361c7a4d4ab46ae34bd724b53b6ff6cecfc2cbde886c42fcdaac17b0efc0517839d55e778c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\DF88F41E5DAC45B039B785901EE8352DCC6CDA96

Filesize
49KB

MD5
afe7c79411650bec2a75e60c649b7f13

SHA1
7cb6a64933567a6b4ec680ec228712b60a66b94b

SHA256
a9845cf0448324e21637961fbd92699a7c1f93a745fd1eb48c2119d5e27192e6

SHA512
941e1b91c13ba409b87c62cbe284712fc017828b1cd4c7293e327c7fe16bd347c11b517774ff8d465ac873b00d137a159c225af005061c91637d1fe8d541da30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\startupCache\webext.sc.lz4

Filesize
108KB

MD5
41b477ae4399021a8e9cbed4b7fa09aa

SHA1
2999f40561f0c10af3d46dc22f75b1c4919e36a8

SHA256
8c6129950d3a707614c4a64a1b4b280223d6fe040b2e460bc0ec82aeeae408bf

SHA512
fceb0dec6f1cf89eee197ea9c8adc147c365a44aa030f42a3d18e7d2523fe8b325ead6e152629a9c772cad1a417ff91a11498bb301c70621b4621350349c42dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\prismlauncher.exe

Filesize
10.2MB

MD5
34ed8c4decb9e92348e79fa146ff5e1b

SHA1
f43feb9cc8e3dc99b5b2d4ad7d1941684ef29b90

SHA256
a048f77170b58bf5b1324ef9ba5abcb124715568eaa31b371e9b8b32e25af6b3

SHA512
fd92cc4157f1656672fa2d7de0a01599605091443c7b1afde493d44eb5dc3f4c7c940a98a4d4f57192d8a1ae2fea96ad3c0cd2ab71c017efacb0c0ab7ee04372

Download Submit
C:\Users\Admin\AppData\Local\Programs\PrismLauncher\vc_redist\vc_redist.x64.exe

Filesize
24.5MB

MD5
223a76cd5ab9e42a5c55731154b85627

SHA1
38b647d37b42378222856972a1e22fbd8cf4b404

SHA256
1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940

SHA512
20e2d7437367cb262ce45184eb4d809249fe654aa450d226e376d4057c00b58ecfd8834a8b5153eb148960ffc845bed1f0943d5ff9a6fc1355b1503138562d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
45KB

MD5
75ad0ac83402e7a8ecf154efa31feba1

SHA1
db2df40416a26580c651581b4ba1a0b5b26357eb

SHA256
e290ef30a761839e4f2ee4baab625d3466ef183d0c4e2419c08374624591a545

SHA512
f8e268138fadc3aa3055ec445e9c4b2122811603b28e0e2b8cd360f696167810556c13c6f78217e638b37d61e7c1bd68016f64b6c0814edc54620a92749d0ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
0b689a412150e3e6b39c6ec69146504e

SHA1
b690cecdb4217d05947f46eb3720fd3c10f0ebd2

SHA256
ee52474483d6f29d606aa7061d3c3b958d95c9c940bfab7578c75403be59d656

SHA512
e978b873cef32a8d6a8e692cf12728bbf8089b7af67ccd972eeeab69f88a3abecc5aa1b51dcae35e28ad01152ab7c978cc4df2e9580db438bc179dc5ea9f115e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\BrowserInstaller.exe

Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.BMP

Filesize
12KB

MD5
3adf5e8387c828f62f12d2dd59349d63

SHA1
bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

SHA256
1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

SHA512
e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG2.BMP

Filesize
12KB

MD5
f35117734829b05cfceaa7e39b2b61fb

SHA1
342ae5f530dce669fedaca053bd15b47e755adc2

SHA256
9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

SHA512
1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG3.BMP

Filesize
12KB

MD5
f5d6a81635291e408332cc01c565068f

SHA1
72fa5c8111e95cc7c5e97a09d1376f0619be111b

SHA256
4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

SHA512
33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
7.8MB

MD5
7d59406199bb0dc15868de4cd763e833

SHA1
11358676ae6f2f296a14bb670b5e551274bd3916

SHA256
92cb2f5817ff912241c24bf82139e150188c2076d9c8c624701d813e2eb29a7d

SHA512
132d5fd76650b0a17495da8cd76cc7382d0d208c05c0c2d9f8e9c573c280374d21c5b78468970aa5766ad944213d9943d784f27bca44bf27705c157be39e6790

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\Menu1Text1EN.html

Filesize
1024B

MD5
ac4725ad14a44844c24f77b201c05077

SHA1
26ac7d670b1cfb432bcd9337814a850b68c2509d

SHA256
93ec6593dc0e29027b5a7aaae44f469103d4809f2dd8c31bef9e4ecbbba4910a

SHA512
cbda2778b058a0abdc67e306d50ac4ed5221e6292d9b1f0a7c18c8f056683572788e4fa02e1f43d5303df2294c654bbeab37a620ad7f2908d76de478caf1a35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\MenuOperaText1DK.html

Filesize
1KB

MD5
560b9252575c317363bd4e95b297f7f8

SHA1
a6c7fb21b29395ab63c38ce0c7f7e0e92ad95ff4

SHA256
e2d05208ca70dc3339b25003f28aa72181de0ce59462bbf73875aedf21fda59a

SHA512
804fe0d8b6d308dae976f96d897358541047bc05f119d23fc8f9c8da76318b865c908a54f7daabf923b295023ad249eb19d7bc492c835324e0097a4c610a1ebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt

Filesize
50B

MD5
be27a7da181fe2e0f9daaae4c93dc291

SHA1
79bbf661f01c7d11916343bd98f0ec594a4c2434

SHA256
ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d

SHA512
caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA218.tmp\NScurl.dll

Filesize
6.0MB

MD5
bf43de0fb8a2c38abcf7b1cf6be7e7ce

SHA1
5c14855ddbf563da3bc14af40ea5650d627ab81d

SHA256
d9438094e22bd3183864b712e2cbae07f6b184a5ad7b018185e425e215feaca9

SHA512
145388afde1367253d723ea78501dfd61ebcfb17d440d324dbceb5d9b1c50dbd5a69946209722396f1d0f3699dc967bedab690dd670eedc9910b75a4e7d13830

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA218.tmp\System.dll

Filesize
12KB

MD5
192639861e3dc2dc5c08bb8f8c7260d5

SHA1
58d30e460609e22fa0098bc27d928b689ef9af78

SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA218.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA218.tmp\nsDialogs.dll

Filesize
9KB

MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d

SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA218.tmp\nsExec.dll

Filesize
7KB

MD5
11092c1d3fbb449a60695c44f9f3d183

SHA1
b89d614755f2e943df4d510d87a7fc1a3bcf5a33

SHA256
2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

SHA512
c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PAS20EXN7Y5PFFRRMIZC.temp

Filesize
20KB

MD5
22e42a8205a62dacc974064b9c056d96

SHA1
21156a2b30d3fb061c27516bc37a6828da7b46f2

SHA256
7728123a98903de354c3a1044fbc43e7edd3106ff4c77673367e8917ca6bdf21

SHA512
2f1cc12402e4ab6a45b9ceeb16cb04add808c62e498763b78a4c3ebce3278ff5239a5eee1b08990aae9649b9a53473ff2babdbd120710af7a052690f3ddc947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4b521e2126bba04661c15bc9fa2bb3e1

SHA1
c618f9d93c284e6e5a28e37f52bfea951b5ba03f

SHA256
bf33c782c498ba7ae1ce135d2110fa10e9e995a069bd3cd51c9dab193b086ae0

SHA512
0c0358ff4470a084dd241621e6a4a11d9ccbcb1df5d3896ac604a9186f84243657713428fc215c55fbff226ded90a50c5b539a24ad06caef8d37f0dbef5cc5c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f3e1bba3d93839b3c5532886793fd0ac

SHA1
387269647bd41676e9618070823f2d8b405090eb

SHA256
b9cbdbe5df6630cf34dc9a3f9ca8ad9996bc02df82a7ec073fad8be17f3c0724

SHA512
5314cc4f5eb44f4abff8e7e51cb16cf829b5910ecb918f99a0c11cb7611704fea94acc2fd4fb39f110697720003aaaf401d86045bfbc6f26a96bb21cf400ee36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
6KB

MD5
694018d8ad77997cbdafad1a4a4aae5a

SHA1
061cdcaae789bbf3842bb49ff337285822a6bf6d

SHA256
3ec2b9600babcfd4e3ef36bae31b1d7fc33b54d36a22691d6589ed2d33138acb

SHA512
ef1ef50bcb36b3695f8bd0d56031a03df4ca6dcedfa3a9e18ecd88f86cf51004a1298b96124e0d9efb465fb5851c25505250aa26f2532a767f398fb528455572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
16KB

MD5
d12ff67c790f615ad6aab4a0e95a4f5c

SHA1
e210aa1229db3f33f00efdc440698b676b1f454d

SHA256
858aedc35859098d02fe478963c2dd4206a8d8b065581cdd8e4ad5749490f4ed

SHA512
93076f11656de5c7d44b5d8746de8715cfd501d0ec9dcf7e706e8fe2e2c059006f205f4f13e41fcb7e7df265d2b1bed9e0763fa35ebb23009e0c7564a4e0a14f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3aa5d5dc0dc19f86c02b44e89e8bcf7a

SHA1
1d7e972e619192c800c3dfbfebfa23425c92c8b3

SHA256
bd55398d9f0d09644247649d6bba3a183f6017b9ee5fd9a123a7acae2bffcb45

SHA512
51d7e4061e7a49a1ea19a5c0dd1a385f6901ce8cd138c8d213314725f2eaa69c7cfceb63200cc8b2689f65360838349634e579b72fddf3b53a23e7af01d84755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d89f3c360b3d8eda3463c71b92a84bdc

SHA1
bbb6516f5a51be917e075d0fb52287aabe4868ae

SHA256
1d5e6f1acc0977ec054a2001d36649f6dba8e7f8344b6067917c7c036d78ac3c

SHA512
27bd1e9eb9956d40ba3d4c93eddfa7690c65f928c5ede1f2389b45f5fa48285a930435298464c59f1ba311e2ea9271757a1bb85d5984d5b308cf2738b3e3d697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
28KB

MD5
7c8fb4103d4e6c5173c30bc991ea6faa

SHA1
cd508c4c545e39c440a6b66cab4d780fefe24361

SHA256
c5b4a70846e1d5c6d1d9fcf6505e30b6c6c7e20e6c40465ffb5f65ce26d32600

SHA512
5d946fe0426970cf574f989279d2791ba9a0a3f36996248ca7886b8391e97e37ff51594abcfbe70acfd4b84d9f930347c38af815591e26662de3495b8ae8d5b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
1b0901e705882de106e8a0b458732dc1

SHA1
18959d3f6622ab6ec6ccc7d439bca3617e331b9d

SHA256
394391c3ff1a467adbd1fb6896a0ac0acd37e8fef19c60253fcfd6ea47ff7028

SHA512
87019efc20b1f5d8eb5dfc2e7db368c34502ce48175337732c51476a9a9220999624e2a5a97eda016064575065be333341898dfabbd3861aa8633ed60e8db552

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
03d3356c967cc5b6505600fa1a9cbcc8

SHA1
2801627c3ba57c710c8c764a4be54c0a919a8024

SHA256
1ad5d8b37506555c0790324307c1883c0de26dc096d435a2659860cabbbe1faa

SHA512
dd3bfb6c3ec20c24dc88022dc9da945f0b4ee113fa170c54dec205c6653bbc741bce73ae7aadc324cefbc38c2bb42293c09b62dc1cfd21d25f05858e8f552868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
5bc5293c4aa46e03c63bd8fc550214f0

SHA1
a4ea7e082585200b5916a3d08d27de00bc6190f9

SHA256
a407dbb5199fa185be8b2195e1d3248af2150e5d482f717943d7951b45696788

SHA512
1f656fd194a1bc02462cc08c78396fa6887e6591a3fd76d9423a071cd4548d80600ecd026e18c6d6a2ddb6dc46541286bcb09470847eeed96a2133352e62f9c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\126b3672-2436-4313-924c-1430e2b915d3

Filesize
25KB

MD5
29302653bf1d5ec5ffa002212107458b

SHA1
a1f5e832b2474440149b63acb65bce3c57ed4c60

SHA256
133931c15608537f642ba409a1ecf0bad6ab0bf3f5552c3630f9d0588befb777

SHA512
4fd584f212d5070afe19b9d9baf6c0d7d3330494fd39d26d7b2f36c1167c17be17ac5b4976537d486f452d7a4a1fa9348222c8059825767d0ba3ed77c35da4f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\1fe4b88f-80f4-49f9-ba98-6c9cb5a578fe

Filesize
1KB

MD5
6397552919d072e45ed88c7053a16e21

SHA1
c992abd85a95971b0f2879560970253ed00abf99

SHA256
d4609f9647662ef1a0ca18a66689503ef90ef5df87f96e4b2ce45e3571eea1ef

SHA512
fa9df9691fa3dde54e3c45d09a7d8ef4d6bac6b9bf6922fea47f01e0c284357ae0b422fc70b5951c2bfbfbb612d532b574a17492892967ee582eb22fcb34f7a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\3d24df13-c1e5-46a2-8156-f3072de44a1f

Filesize
741B

MD5
d9f10c08e2480d250e2db90b951bca95

SHA1
b993949df42ed1e0f26ba936c1a5ca6c9ff967cb

SHA256
be36396b77923732be0df8dac2bb31e0caf03dba7d52d6cb33aa3ad090577957

SHA512
a55a413b6012403d0f1508bc20bfe44ca7010cddae1572ea3a574cad433cf7af275181ca139693b93bcfd9414fadc9a8ab99c08756b0ecab8dfdb02378575c08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\6b7e2b61-dc95-49ad-8ef6-b78ab2d5618d

Filesize
4KB

MD5
38cd8609a3bf0202baf0cac7e550ac9a

SHA1
0b2b606eeaf466d4925582d0f536e6b65c2db54f

SHA256
77d1d6933d220960370dc65894ba28863006708d0084c9733943f2f5e008694d

SHA512
d081d0509d7c5313f676e9787a9aaeb6777bf7adf16258c190f82292e82bb9345b4d24941f8d71e0b41fbb1fdb96980a9d0a36ba035cbe13218821dafc49dde7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\794c7356-1e65-45f3-938f-b67749622d8a

Filesize
671B

MD5
6bb05d4c3862f9eb53b8405e45468eed

SHA1
d4d66318ee232691b22d0a17ec5e23517f54fdf4

SHA256
aa67a57dd955cc05eb10cd273bb17cd42656c1e51796e4280c8f1217e440419c

SHA512
8966ffac9222eb5592eb9fe6ca2690f3849098995890111ed4179f6ed92a7c79f6927a1ddd42983e7803cc18a8456e6d9528f4f6fce7f84062581c27114a507f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\d430a701-7041-4d48-ac33-1f1f2c659ffc

Filesize
982B

MD5
418beb149db4fda740e0e9d6f3979fdb

SHA1
2a3ff57b70608fe4e0b05803e13b26909cc126aa

SHA256
cd8d033928154b12d4c9b6480ab639ce25503559c2f4c0fa28bd4730aaf56c24

SHA512
e4aef53c05e39f5f3b908781619ec14c2bbc15eebcdcc5ed5131f14b595d1fc040e55c822c368b86325eb7503b2338843b5fb4b21aee16333e22505f261849f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\ee122265-b386-4a68-9c80-b0daca08dd88

Filesize
734B

MD5
803759ab3ef08e859140314c05017772

SHA1
4ac46f0f20c76f494a63c9261e002c93d98170cb

SHA256
c08472733c68d7b868276ee4f58ebf46382e603f71d3b77799708e8d49aa3357

SHA512
df88b6786eff7aac22fd1299eb369a90c5cbfe056e61679d0683b3507eb3887d45670066d5d56c7bf44080d72c4ff139b44253687b5316fc1608263a0b04aa8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
10KB

MD5
56263c0872732d46ab5be649537ef998

SHA1
4c644550ceb0e6068d758e0c9dcac54e637a36fc

SHA256
211aaaf56adac9557a352201c159da9e5ba280842cca9c4c97ada2fe8dd090fd

SHA512
3868a469a7f258424b86c53ca2d94493949d6ecd7b08bea717d611506edec0c2dd195778c9ce1e831accae0d056b897fcfabc0ab0525c2ce44e60af205a290d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
11KB

MD5
6244844534d9a2f138e9f5086677499f

SHA1
d634a856b9f2c39812243ed2e45a02460e67c60a

SHA256
f9eca08c26b2982547363d224dc12444ee315d04093d7ae2da6f396cdc52cd10

SHA512
fb916e2f95164bf48b6e146e46a6dec181f37bb88ab9f0947863796fccb592f069ef2db63737f7ce60b5ec4cee46d3ebfc161f734a13cdfe686d8787dff99ceb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
10KB

MD5
de0a1cae9038ab9de9bcb6b51e07739f

SHA1
89368ae14c79d9b2fe3dec51820a6e19202aec06

SHA256
d96d5a27097cdc17b93dcbbbd6df981dc25bc141d224ada69f8f2cef4fd3821f

SHA512
0fe5195bd8ce9985b142916128ff569ec8cc8a8ddcc8d858e8b3364f7c2d2b067dd9f5abff8bae4659b2e874969fe97dcb0b24edbccaf04911cd2884d5a0de55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
10KB

MD5
adda865aac44a15442b1ecd3c716b41a

SHA1
73d9ccc79cd45fbcd53998becb00880b3e63dd09

SHA256
3ca7ddf0a11fd25b97b87687cd2b0a20e053f5fee044d0a74390c3113535336b

SHA512
520d412a61c06c95cde9e8b756dade0c774a61847367d877284b57061bbcfc922811eb9d85bbade0158e7db4d7de3cd080fc757e5e522072d39a4c01b53253ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
538f5e8fd847853825f1fd24bd3d2cbe

SHA1
a58a82d2e6a843a1756aaf317e9fa063fc74d963

SHA256
288758576b376f0327813c974a98930970ab8ce692b18a25edf1164564cdb22d

SHA512
554eace2f5d977f5ca421bef0e6345cbd381a3b0dda1c7edd6ffed2fde2e938a31acd3e50712ad9bf02499f0c8537650d5216d4c0382af49fc9adcd924115655

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
585ed53f5584ea3110cb194a4c70e3b5

SHA1
c599759ed95811d8b7e6faadef17b421aa4f4645

SHA256
74d56e75d465d20b408155ded31ee21f29da18c8e3d1f81ad746ca13aa530b20

SHA512
395fb14cb716341ea7bd6c9959a25c5ecfb3aa9315b24e256b9d9932258486bd17ebb63c95f89bf2b76a120e1dbdb2857cca626d0adc5d45239ea3ee0f941c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
1a028e723762105b7169ddbd6449fac9

SHA1
ff734d6848a95c113b21e0d446e41028c6818b78

SHA256
0f178943c30e6af169e0bce1a979b32b3b654aa3bf1215357c1ab0879e96874c

SHA512
372cbec95f549c354af57450e3e410da0b95b1681cadc42f6b186a03bd1974bae862e7386d6eeecdecf36d07f2593cd32e31b9f57d27b73ef3f7ceb0a41b8693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
952772cb60d6cecd9d92b27d55bc19b0

SHA1
e5fd7330e1ba9229a876e9770c5932e3efc46006

SHA256
a9451a6e767bdc33c1ecbcc5998fa87f868ac4a15b6c680570dd170c38fbffe1

SHA512
57457f708c4d93810e4a8910d2bfddf2add175b6719d0253c79246d6219b229845646e92a2c73ca74e6fb8dd35a6c1c244e9f75ae804c5823ba1b8cd9e19429f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
06c8e966a9ae7b8b78ddfc1ece6beda5

SHA1
9fdef77edc6ce11274c2917a5880e35e3105fc20

SHA256
d8b3764ef9c0c3e3b4c541fdf62d12f02eccd2753c249d3c92b152ed7f26e1a7

SHA512
a96bf20ccb8a37e5f8723ab96683d82dabe549e3fa8a201e5da5698c76ace502defc08b85458b1354df88488c51127d35772cbe6451e8f1c4615c78612ea239e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
fe76c09207a23bdc0f850853d5bec690

SHA1
7a149c39229187ab2afa95aef39b1bc727b3a1df

SHA256
f93fda8f58434c7cd1221e8e2e397df69ac7c01672a9cad1167397c06020f4da

SHA512
0368872f290461a6f8fd6305fb7117a4e46c89f174467c0d6c6eda8ddde25addc228130754f05c3ff686e662d5901760613eaea6f04a391eb443ac597dc563e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
726580950d66ed79638489d68f8b059a

SHA1
02d96ac97d736a91c37d08cf47d4971e485ecc3a

SHA256
e0c6f070f28634c565972b5c26c0f96a0f542f35462bcaa0b001d0ba165d8d73

SHA512
40dcc655260c5fb0bb70a18e642c36955d87462edc28e8d38db62073e3ca4d690a4cd834e9d5b45b15bbb171a84d2e7a80e5cc068cbb5ef12119e76901ef760d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
7e7563d28c632bc63823c84e33374264

SHA1
3971784043f255b72b9efa94d2405103026d8645

SHA256
43a093c249ef60c94a9d409e0414c0e54f39255ad8ca4deaf17901b7799a16c2

SHA512
6de8e02c7758e37cecb88d98349823600f45465f916681e3f2f4d6c9e9f6997d7aab09c163a2b46e6ede2401920f0661f0f93b702fb8f64c3c2652a432efe536

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
5e2c5d22672ca4cb30d3b4cd9016e098

SHA1
4c3b7ae25ce1fa935642f1531ed9cc7588d2fc90

SHA256
9f1a60818adfe992320b952834fccefbf6812c73a34adc44fa0730f082b3a4a6

SHA512
6c3b5461a475a274c7e359293c6dd4771bada25643551ae0bbc6941e3865f011e33338135d352800f500d2a69560a9ed7a759818fcb33e6b3d56a36270ed41be

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg

Filesize
30B

MD5
a6dc16331f06bc5831e5ddc9799284ec

SHA1
d344f83d549df8c3e2c959182ba37f8c81d885a5

SHA256
9da99b49301ba83c33387e75d2028185562479e677b6afb110b4f8b098465807

SHA512
43e498eab5c6f9b2f70c01e0abd4e63edb2651e498f267b53c7f62f2ef9c1eb68fa4783967fdba1880722a8bcd6e58065108f42773f0f47c04c9e54e809b1c14

Download Submit
C:\Users\Admin\AppData\Roaming\PrismLauncher\prismlauncher.cfg.lock

Filesize
66B

MD5
818c03e60606c4e7501370bd9695a2ca

SHA1
4f1ed569c6635c61ff40e5e80973c63516ab36aa

SHA256
981182d82ddcc2afbef793dfee3338e943e678ffc7fb88baf6ed4af99b1872d6

SHA512
3e1cbd0c3152768102f62cd360c05c9e4d6d67d5570b3b24c4c9f80fb0ed140719c5ec31e05869ec2c008f85c39db4cf60da16abf01e6255665a69b2ea75156a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 186176.crdownload

Filesize
21.3MB

MD5
255c5fc4ddd206f19d6fdb69b147b5f6

SHA1
dc7b59bdbb3fd8f065b8a53e2b8f742f24e12888

SHA256
e1c336a931699af16de244550da8ce7e1f9b70fd8023aa2ff896d52a603b740f

SHA512
cc6388f1760385a8386d0e2ec9312a3c9615d2506bf1f7c8d8cdf215e5b6371141c7a91857002f72462dfe1a262752dc45be711133f8158938f1ad2aeaa9d701

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 313802.crdownload

Filesize
24.1MB

MD5
18f27581ee61474a5661fb3625022df0

SHA1
265d21bff7bb85d42a7eb2779a75c6e1468a9a79

SHA256
f59628d7b563e099c5769b93df66123bd2274ef43e262337b1dc0e41785faf45

SHA512
99dc67916fb4dc1c1ab93a98455f1db3cb3d23fb5b42f7cbf7f8f6c098ace89abd75cffb0059548409068bb7ea738584b817c9c694e724f7d7afabe487f3cc5c

Download Submit
C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\.ba\wixstdba.dll

Filesize
215KB

MD5
f68f43f809840328f4e993a54b0d5e62

SHA1
01da48ce6c81df4835b4c2eca7e1d447be893d39

SHA256
e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

SHA512
a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

Download Submit
C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\cab5046A8AB272BF37297BB7928664C9503

Filesize
969KB

MD5
8c302e40fbf614896ba36a75f3f8977e

SHA1
991af1495f7783173d0c5691be38ff8648f2df12

SHA256
b384b812dc59c2081cee080ea6bba748e02ecf3c0800d8dcaf9607a20a4f3290

SHA512
53b1d7d8ab495931f50b5d815afe04d52f9e0bbafa0a5f3e4f6605b6e4f2a85c583abf9014dec41481439827bb6bab23ac439d4fd7d0c3f191f21b2bf5afb11d

Download Submit
C:\Windows\Temp\{668BC1B3-193C-478B-B82E-C885B140D230}\vcRuntimeMinimum_x64

Filesize
208KB

MD5
09042ba0af85f4873a68326ab0e704af

SHA1
f08c8f9cb63f89a88f5915e6a889b170ce98f515

SHA256
47cceb26dd7b78f0d3d09fddc419290907fe818979884b2192c834034180e83b

SHA512
1c9552a8bf478f9edde8ed67a8f40584a757c66aaf297609b4f577283469287992c1f84ebe15df4df05b0135e4d67c958a912738f4814440f6fd77804a2cfa7d

Download Submit
C:\Windows\Temp\{82409E98-74D9-458F-9A0F-6245B8474436}\.cr\vc_redist.x64.exe

Filesize
670KB

MD5
3f32f1a9bd60ae065b89c2223676592e

SHA1
9d386d394db87f1ee41252cac863c80f1c8d6b8b

SHA256
270fa05033b8b9455bd0d38924b1f1f3e4d3e32565da263209d1f9698effbc05

SHA512
bddfeab33a03b0f37cff9008815e2900cc96bddaf763007e5f7fdffd80e56719b81341029431bd9d25c8e74123c1d9cda0f2aefafdc4937095d595093db823df

Download Submit
memory/8-6394-0x0000000000E60000-0x0000000001249000-memory.dmp

Filesize
3.9MB

Download
memory/8-7064-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/8-7083-0x0000000000E60000-0x0000000001249000-memory.dmp

Filesize
3.9MB

Download
memory/8-7085-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/116-2698-0x0000028A6BFA0000-0x0000028A6BFA1000-memory.dmp

Filesize
4KB

Download
memory/1484-2546-0x0000000000F10000-0x0000000000F87000-memory.dmp

Filesize
476KB

Download
memory/3160-2684-0x000002C9B0980000-0x000002C9B0981000-memory.dmp

Filesize
4KB

Download
memory/3240-2679-0x0000018B213D0000-0x0000018B213D1000-memory.dmp

Filesize
4KB

Download
memory/3752-487-0x0000000000970000-0x0000000000D59000-memory.dmp

Filesize
3.9MB

Download
memory/3752-1882-0x0000000000970000-0x0000000000D59000-memory.dmp

Filesize
3.9MB

Download
memory/3752-1886-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/3752-1829-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/3756-2500-0x0000000000F10000-0x0000000000F87000-memory.dmp

Filesize
476KB

Download
memory/3840-2674-0x0000020E7E650000-0x0000020E7E651000-memory.dmp

Filesize
4KB

Download
memory/4336-1914-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1916-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1906-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1913-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1907-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1911-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1905-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1917-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1915-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4336-1912-0x0000024D534A0000-0x0000024D534A1000-memory.dmp

Filesize
4KB

Download
memory/4860-446-0x0000000000230000-0x0000000000619000-memory.dmp

Filesize
3.9MB

Download
memory/4860-1884-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4860-1763-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4860-1873-0x0000000000230000-0x0000000000619000-memory.dmp

Filesize
3.9MB

Download
memory/5312-2594-0x00007FFC94A60000-0x00007FFC950A9000-memory.dmp

Filesize
6.3MB

Download
memory/5312-2593-0x00007FF68E8A0000-0x00007FF68F2CD000-memory.dmp

Filesize
10.2MB

Download
memory/5328-2277-0x00000000739A0000-0x0000000073FB0000-memory.dmp

Filesize
6.1MB

Download
memory/5328-2287-0x00000000739A0000-0x0000000073FB0000-memory.dmp

Filesize
6.1MB

Download
memory/5328-2356-0x00000000739A0000-0x0000000073FB0000-memory.dmp

Filesize
6.1MB

Download
memory/5376-2681-0x00000214FAB10000-0x00000214FAB11000-memory.dmp

Filesize
4KB

Download
memory/5876-2547-0x0000000000F10000-0x0000000000F87000-memory.dmp

Filesize
476KB

Download