hxxps://www[.]youtube[.]com/watch?v=ste9kh3Bk-8

Resubmissions

31/12/2024, 18:48

241231-xfw3kawmgp 8

31/12/2024, 18:39

241231-xanh8swkcq 8

31/12/2024, 18:30

241231-w5jcbsvqhp 10

Analysis

max time kernel
448s
max time network
500s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
31/12/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=ste9kh3Bk-8

Score

8^/10

bootkit discovery execution persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
5336	WinNuke.98.exe
3952	WinNuke.98.exe
2328	龄喻焉缛桀鹥姝嵼箉潹笨澩岗潺彺囇.exe
5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
169	raw.githubusercontent.com
170	raw.githubusercontent.com
294	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\75212a3c-5550-4085-b1a6-65b7f0f5471d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241231183926.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monoxide x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3788	pingsender.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5056	WINWORD.EXE
5056	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
3080	msedge.exe
3080	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
2184	msedge.exe
2184	msedge.exe
4320	msedge.exe
4320	msedge.exe
4776	msedge.exe
4776	msedge.exe
4728	msedge.exe
4728	msedge.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
5040	msedge.exe
5040	msedge.exe
5472	msedge.exe
5472	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
4404	msedge.exe
4404	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe
5472	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 33	1960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1960	AUDIODG.EXE
Token: SeManageVolumePrivilege	5824	svchost.exe
Token: SeDebugPrivilege	4688	taskmgr.exe
Token: SeSystemProfilePrivilege	4688	taskmgr.exe
Token: SeCreateGlobalPrivilege	4688	taskmgr.exe
Token: 33	4688	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4688	taskmgr.exe
Token: SeDebugPrivilege	5028	firefox.exe
Token: SeDebugPrivilege	5028	firefox.exe
Token: SeDebugPrivilege	5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe
Token: SeTakeOwnershipPrivilege	5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe
Token: SeTakeOwnershipPrivilege	5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe
5028	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5056	WINWORD.EXE
5028	firefox.exe
4656	Monoxide x64.exe
2328	龄喻焉缛桀鹥姝嵼箉潹笨澩岗潺彺囇.exe
1932	Monoxide x86.exe
5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe
5632	蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 60	3080	msedge.exe	81
PID 3080 wrote to memory of 60	3080	msedge.exe	81
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 2884	3080	msedge.exe	82
PID 3080 wrote to memory of 4796	3080	msedge.exe	83
PID 3080 wrote to memory of 4796	3080	msedge.exe	83
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84
PID 3080 wrote to memory of 3664	3080	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=ste9kh3Bk-8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd772446f8,0x7ffd77244708,0x7ffd77244718
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff62de95460,0x7ff62de95470,0x7ff62de95480
    3⤵
    PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,51778072119720969,9761439846867656240,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  PID:5996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x460
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1960

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5824

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4688

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:4320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6028

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5336

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
1⤵
- Executes dropped EXE
PID:3952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1912 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94595d60-174e-4ca1-89af-f5d7f950dd3b} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" gpu
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4cb899b-3fa1-49c9-a14c-0c33f8346e7c} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" socket
    3⤵
    - Checks processor information in registry
    PID:272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2984 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba39c7f7-68d2-4e3e-a434-23e36402ea45} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1300 -childID 2 -isForBrowser -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae709048-605a-4b91-a2a7-08b8a8619ae3} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9668c740-9ade-4176-b119-e6d1ef2ba68d} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" utility
    3⤵
    - Checks processor information in registry
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5132 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6aabba7-0754-4a2d-9ce0-22e056879440} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {745095e6-b685-4a8d-aca5-2eccdcc72d27} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5588 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd44a8f-4bda-4a29-b3ea-6398f325563b} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 5944 -prefsLen 33364 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ecd5122-782b-44dc-baf7-a218b937bb38} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 7 -isForBrowser -prefsHandle 6296 -prefMapHandle 6292 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {699bd667-6762-489b-97d9-9e8aac836874} 5028 "\\.\pipe\gecko-crash-server-pipe.5028" tab
    3⤵
    PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x7ffd772446f8,0x7ffd77244708,0x7ffd77244718
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4484 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9511364356103839345,11745791264357021665,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5332

C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe
"C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4656
- C:\Users\Admin\AppData\Local\Temp\龄喻焉缛桀鹥姝嵼箉潹笨澩岗潺彺囇.exe
  "C:\Users\Admin\AppData\Local\Temp\龄喻焉缛桀鹥姝嵼箉潹笨澩岗潺彺囇.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2328

C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x86.exe
"C:\Users\Admin\Downloads\Monoxide\Monoxide\Monoxide x86.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1932
- C:\Users\Admin\AppData\Local\Temp\蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe
  "C:\Users\Admin\AppData\Local\Temp\蹊枃脚隬篕姣鲘甃虈耀軧蠭糝欫镚袀.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5632
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ext.txt
    3⤵
    PID:1672
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\he.txt
    3⤵
    PID:3996
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\id.txt
    3⤵
    PID:5140
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\sr-spl.txt
    3⤵
    PID:5788
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ta.txt
    3⤵
    PID:5396
- - C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
    "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
    3⤵
    PID:880
- - C:\Program Files\Java\jdk-1.8\bin\jstack.exe
    "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"
    3⤵
    PID:2444
- - C:\Program Files\Java\jdk-1.8\bin\rmic.exe
    "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"
    3⤵
    PID:3804
- - C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
    "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"
    3⤵
    PID:5232
- - C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe
    "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
    3⤵
    PID:5256
- - C:\Program Files\Java\jre-1.8\bin\servertool.exe
    "C:\Program Files\Java\jre-1.8\bin\servertool.exe"
    3⤵
    PID:3104
- - C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE
    "C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE"
    3⤵
    PID:1272
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi"
    3⤵
    PID:3564
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt
    3⤵
    PID:6084
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV"
    3⤵
    PID:5364
  - - C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      4⤵
      PID:5368
    - - C:\Windows\system32\unregmp2.exe
        
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        5⤵
        
        PID:5040
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV"
    3⤵
    PID:5568
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV"
    3⤵
    PID:5740
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js"
    3⤵
    PID:4292
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\COMPASS.INF
    3⤵
    PID:4432
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\EDGE.INF
    3⤵
    PID:6104
- - C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM
    3⤵
    PID:4840
- - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe
    "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\pingsender.exe
    "C:\Program Files\Mozilla Firefox\pingsender.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490 0x460
1⤵
PID:3176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3096

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4068

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4984

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5592

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3064

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5524

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3828

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3680

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5736

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5244

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
PID:1504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5500

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5ec6f9.rbs

Filesize
3KB

MD5
2c368e20d7602ec3cf0c5aee752e3bcc

SHA1
427a158d926d623b9494e53d9fb1ac522f330de7

SHA256
35f0e49bce663473a15a47b386099e350e590042f52e23590e6f8a17f260b00c

SHA512
d1917a215328355f616227e99dc826a591d6e669da78d1d2297a4e6a6dca9303ddd40455fb28f2e0fa82b38792e5173cd57e452f006de10a5b8c0b3953bc2bc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
0f4717b52caa82774dd22c5ab72c0f87

SHA1
c1b720ffc33cf79b5561d118d13afb137965ba63

SHA256
df721db9ecdd176810d298d286a1d5d4dea6517903458dec247a1ccdbc458d04

SHA512
1960ec6874930da15dd3966016582327de1a34dd65df0aa1cd9f7968bdc616795e41cb36610142e79c661829ef887eba8a842a75ddf6e7dfdba6acb6aa643c9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
3a44824c13738626b970ec4986f53eb9

SHA1
5a729da5893565ef6723494ac384dff130f054f6

SHA256
8b9064c21b24b3a9986f25fbd48c75bda26ecaa160c06cf8d68d64199fd1bce4

SHA512
ce69b303837d328a3be83dad7af34205fdf98fc9d34c4682072eeca05de88787dd36fb6aa8e2f9ee7bc58e1c4436be52fa84149bef6b782728718ae0f8bd3120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2ea5b61033e3ed22eb2e24b1a46367d

SHA1
f7bb6f10eff1cee51ee847197564e9e8179ee77f

SHA256
66e471be11520e6f41d5ce0fed69df262face54968ea0b8db2dc11e8cad200d9

SHA512
27d1a7c805e95e70abb61538b7ba3419f4296da2740024578ec8085d5af3da1aa80ad3db4572505f4e08ea68a43ddbc672d3d035d882079eebb62a230ad1c26a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
92402157b95aba8730c8355331a46b2c

SHA1
c5001e37357cde50bc6e37817a5c4adfcae10988

SHA256
0833aed4b7bf785675cc18cab9bdd471c76ed3aba8ebc0597fcc7efbe0bd8ad1

SHA512
d1dd7e10da9a13b381ccd23064ce927f05489a3bbe41cf126b2d9204bfd4e51efa76727a9220befef7be827a3f06b7945dd1d24be37fcd6d83d81a21f91456f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0cc4c81b1003d591aaef568c4601ee9f

SHA1
cef11096e38bee90c1ca5daf7991e8148e2665d1

SHA256
51c1052d62a1829b760a12d0f70727baca093a937314310278015dbf698eee68

SHA512
3e9e2d03a12f5f3c726901672307c4ed05e257d829933b2c6d960a0c11e977be841ceb5d833032dc21c19206f21efa6313379d6b9e3ae51af628b06d00ba867a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b8380cb18a7e6db20e5b8e2ac9264f15

SHA1
0a176cb5111cb014886c45dbdb95a83aa712a9a4

SHA256
62df88e86ed56a483a9a66921ca4385c9a29c9d834e8a884e020942956111a11

SHA512
f46121e294811097e8a807efbbcfce1d513c057e4d52c7d3c86ece17deb6ffdf924313ee02b3b4d3a35729a40931178b6789083e8f279690ef8302c6a4542e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
aad7a4b3c880a3230f0c82c44ef6753a

SHA1
6c7123081ab04194ceb97f192db591aa2122dfad

SHA256
1cdb8c36553382db292e4b26ffaae147502ae81637a8246eecc59e1fef9713f0

SHA512
790872beb2e1ee4a6676a670fcfe945f52690996477b08e5fb669eca27c0ee6cdd2bfbae27dbb6746fd830670e23fd2b0a1017ba75846653d93180ac42f62692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4bfc04ed2698e6500a2411620ea6f674

SHA1
b126fe63ff0e90f7ed22340d58e63ba85a95799b

SHA256
64846231a5d1026995cd75a8bbd57436492194bef8ee99644cbe55e8fd9f4fc8

SHA512
34cfd496a4532c2e3e52273bdbe2f984284d6beea17e646c4e30d489158dbd08435d8c1794bd6b1805f36ec16a532882b95ab5f4d223700e54dca930a42e5e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
de429b27b3da253e4544781ff7f343ba

SHA1
dbc044b32df7b30f62e2dee8285feb84df41fcda

SHA256
4cad55c2b54aa7905c4e5f4c2e55dac279599aa37a9ff6af8418a93800d0d533

SHA512
e1f828b102b12e33415c8fa9e854b22c4651e3ad6e69646da7cd200c03156bd517010356c4d7729f9785d02b9eae46a0d19ab4355c8079fe385204a0f8f36556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cb9b9e5654b5d40b241ca8022c58cb2a

SHA1
80327d4dd8c85463ea0b78eaa6866422881ad797

SHA256
ba110af0f417a5684895e1e0803fbede899a4c2b3da021ef59a319775c552421

SHA512
b4f5611a09f1b821b89bd964d17fc11a20820ab6778ea9f54a12ab3c529851ddb18e506cbf763b77b02dba32a83a1ea54acccd25e9935b9c38a0a67e70f3ad07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
b34c473957abdd096332e8d0d1b8c6d3

SHA1
ead8c82966435cc24c042ddcec20f4092b1ecb49

SHA256
8d19a6bf6aa64343625cec30c663a02905b5d0c4872a3738e3f8192af4fc2d12

SHA512
53e4e57d50b19979cce3530813fc6393238bde6614ddfeb1a9f3a745c16011b604b748060af5dc4430aeb894f77d0e4f5b855f9beecdb5fc933faa2ecaf8b5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d898b6eab4c4d80358033840b12797e5

SHA1
ff5a3803cccb1f1f5666d91f1776d15f9e6a56dc

SHA256
a05d68e47954d749167f3d13d018f5a52973a2b20091c2bbd614c598dd52531e

SHA512
98d1b2f7f392f0da8d8fe2c084aec823448f1983f22dc7f3876cf3b1bb2184879db5e0be9a292a4680a6285ac45fbbab5e607fd6cf6148b1b35e303dd677b395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e1ceb6acb96690746f0c103696abd73c

SHA1
88b3ac17f93e4d17a1952b018e5085c706dbe35f

SHA256
f0014bb8fc730bbed6ee29069379a7dd6564dd186bdb22b58b791213bd0d91d7

SHA512
2785d1c911902338dc1399e679eebe924b4378845d5abf36227f0b8bbb2643c630888d87f23c7b361a7d7faffad8cdb869d38dbb8b4cbb55f84cd699aea16b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d193fe80573501168aa3ff9d3486f65e

SHA1
28823b0e2476bd6bdba371b00de47d5e6a40c8a6

SHA256
9932632f929c97511ea93c8e468bf4c5799751cdd783c0cba15dfc55bdc24a29

SHA512
a2d7ea517215404d80953f75e6ceb9ac56a6af7dfaa98df8bb0b6aedbe341f95d232bf366654d1f2d7dc972a013b631f7363f54653873a6ba34e38059e3837c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
edeef404ebc1680d395e7972f6286df7

SHA1
ad8ed7db9ff87c39527be9db1cc6fe419f337c6f

SHA256
6efc3a76a2a5500c6a7381022a5683e7126ef7208e93b84f4082d9711147b77c

SHA512
bb818898c1eef2cc00478a05217b8500478265daae2f56e53d9e7436bc8c83986472d5467536f72287287c94077a0e0b2172b5dc5f05a8185666719df48e49b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4647852301e5ebb8e937cf589bb65ab9

SHA1
d6210d1c9e2c6b9e8c1de30e994a539a935e84a9

SHA256
b4753f812169c2e6d2f1951a19a7f4145aa8267df48fa5d7157aac73b6b675a9

SHA512
e0ac153494dd7fca1d8e6abc18902ae2cee2019e6bab4f75a06f64b1bde7766b90e0d156056fe7359e8a837aed503f69d20b414d0437540f79bda8ea0a12a72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3843aca2c4139ce49d474b2e1ace4bf

SHA1
da6965966173f45a41feb264a94f1da61f2aa0fe

SHA256
8b355eea61621b380cef2a704aec25f9f23867061aeb615560ad675b84d025ba

SHA512
c8735ea8b827be0933898d0e5f4f25aaeac921ef05e05cb5f1fc42259cb2260bef7e40077161709d6095fef4a8076e57a29937260034a8b3186eaa09306c7d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
12d9705e55842e07b24f846ee3382912

SHA1
197439a0942a5f49ac6fc625e118bf5c27a9a55e

SHA256
fcb3bb40081b7f424c7b97b7efea818fd2ff1f68bec9a95ab0c711eeb0778bd5

SHA512
a9b385b8ec04988eb26d9c5d956ee41b26f3e4a62daa87ababbc50eb81075a67808ddbacecefa04f5fb386f2cf855ec52abe6fadf92b5410260ebb0b8f6450cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58771f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1443df5c99dddf6f8896ed50b5d2f482

SHA1
921cee8c3f82d1c7ddfe54c5aa5c60f4ca922eb4

SHA256
c271a62cdfdf6b250bbaea68bd997723d3ec36bca244040f86d6d25ccbfb2591

SHA512
eae0db550fa0ec6000a975aa7846900a392b185d1da883d3830e8549eab1223bb7349361b3be9b2fe847c93210c5f78852a05a8cf8d9c718efa6e281c47d5ed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be53970566f5d14f7d796518d8cd62b9

SHA1
ca08c06f337b3b6a35077f3749a9361b4f7f2ac4

SHA256
03e0b4cb7d8003a47c245e2477d789fba6f8b669b2e21ba936045aae50b8a5a6

SHA512
e54978664bce1fa64d4b793802fd91b772e91ba3a98e6116f033aaa51969c1ef9d2baceb70eeee3f4dd6f8987f41fe625b8bfa65358faa4b1731ff65235e7f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9395ef9597c3fe53efc72d89f09aa7f5

SHA1
e1c2f89d5a73195ae499bc7ff6f80e8983a7486f

SHA256
9132369731bd10a181d2a8cf6fb58a464e41bf620670b589c62be323241e8c99

SHA512
5f97e1fb592ddd3105023640840c3711c668ac877f191827b2a70685058dc9dc4e900ba2154444ec9469e93b442b7a6005d7c36f28f16587847442b290378acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42e2ade0fe1ae83418148115111b1fe1

SHA1
97ede17d394baf03d5be54f359187c0cd1394561

SHA256
0251b7f530dc99d8ed2470a9e2720e369700db949cc467eeada17932ebad43bc

SHA512
947b32c929c6510d2cdbaa75c2568bbc6a90a5aa8f98302a0b91b6ec4ed51836c29f69d0efc87ba140f7043623f83ee0f1264c0fe50bf5aee26aa5df499d01b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21d1a1c96ad37d1149e8b1acc759d94c

SHA1
0a15a4c4910edeb62177f4e9c02af2966844ee15

SHA256
6cfef0fe3e9600a9b242a809fce23a0b9449766b1268557dc6a04813f84d7b84

SHA512
387d32036665304bc13c1352c0f3061d00a9781057592deb40aca1202a3c8c8889d2cfa113466cd9da05725b387d746f930a92f61817741e20c44a09c7600ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
91ace49b4e6ffc54c09c6d3cea189204

SHA1
2c33671b1857cdeab7bc204c109f233b7d9f38f0

SHA256
72789c640d4e0c45bef4fe2d6e12ec3fcaca0479ca55b65d327028542b093259

SHA512
843d7ea50ecc54a91ab3434f482d31c2b8cb0a4fe598ba60bdfccdebb76ba400082bd2a4ea430fd185bc9856e9c93ace2745209ff5cb4ad9080a7fa0ae5c77bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
209b99e74943c39dfe3e13be15fe9007

SHA1
ec297a6907ab451608744c24863bf7f746cfb137

SHA256
db1805b4cec5065939042fad62ea2170c8e134a77d5cecb90426a342c746f0f8

SHA512
f1667897ebba96240bdd972b299273bb5b498bdb1ae9d55560718537c39126d271758834b4fc8b2d57b5fa4d2edc5c2f03f3573f22f6e31669b4cecaf05a88b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5241c69ed9b6cb3ad194082ba6ce37eb

SHA1
50db2839b26278b912e01a9e4986776fe0df5690

SHA256
ffe7f6696ff84ce2d66ec068b8a515c7f286affa01c8188aa8ffb03fabeb2a85

SHA512
6feb721912429c2cc0d8da38c9671f78ef896054eb9fc5d3865b68c233ecaf7af59764501b2918d94ec9586e7aeb8267c6a480c67fb0a1dd0dcf6e4de934feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58b243f9605618eb9f503b2a0abb435d

SHA1
54c24a51ec482059e226adbe97f8724128126500

SHA256
cae6eef72da2ba71aa36832d3846aa5a4b8123a55b450ae97400c1f5f9c90b4d

SHA512
1edf75f9a1e4088cc2feb38e6787da6b6ee70a4e673576a28a23aa1641acd6087d21b40aeff350bcf7b7ab298749f6b284429f9326f9bfbbeb19b314f2c3977a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3faaed2583b00b03057be442ff640961

SHA1
b04ad42eec444e4b96d2a092b4841ca42dcc987b

SHA256
2c5b8c476c50e15d14f890ec1eced859a191d114e9c1d2c2289c590d68380090

SHA512
1477af6f06cda4682ce217cddadbcd9670714c2d17bdd2fd5c72621ed2d307912050e24e3750557704201e01d4dcd244eb76e6a6e4fd8db344a75763075ac2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4e30ad153c4299acfb8c7f47e4bb6de2

SHA1
cdf7ee269f163327d4a8070369f42a30a9af7d90

SHA256
78c971a0783111c805771992cb15d4cb13154bcd3dc13cef9731c3dbd08d56c5

SHA512
17c65a5b033d2b6885a48a0ea24244c70bcc4f4d6a28222261b60da3761632b6e3da7bc813ee996074dd2739e5b01948c83b59794683862716ae8a4b5d0cf221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9a8aa3f072f5dafa336ca79ad94205c

SHA1
0e50dcb29a5729fd779439255b811bb1df6be628

SHA256
fc0301bee7045cab3151136e06f286fdbefeb32138c32e1d7e0e25b4dd883b46

SHA512
e36a8179abf38eff778cd9007407c2e1de728b44d29de3c6885ad683eacbd2b5d511521a04063a738a8ee66ba75fd37fb36c3c2833896afba40e763eb3859cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
729df10a7e0b722edf6673d36f2040a3

SHA1
d082d92cb6eb8c0d79c9ea7e67e8b4828c5ea02b

SHA256
e2c498352af617d6d1106ea4d53c59fadc993a1f432068307250cdd0be68f7c0

SHA512
1619048945ed9b48ab2568dc546adf5173f2c60d03ee74f4616c3ffafe7182052b760feea19ce288799448c0f613b5e5592e5c547417fd7705997663439e3270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
78a049c86f502df9dff4f392a47ae9d5

SHA1
00e13560f0aff8f8ea98807bf738c29069c6e2b2

SHA256
1631cf0116d6e624299e855acfcad683d276efd7fbe152c89c5944e3630b10a9

SHA512
64bd581d4a60d40fb00538e80402e0e986ee239f5e15c7bf1085f5a6b91634d3f8a1257e417c0f2185b87e3cc5f503f2274d014e0ee42efb22711bc34cb234ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eac05892-4eff-4985-be96-ff665f56cfb9\index-dir\the-real-index

Filesize
2KB

MD5
4ae29bb531baedcf616a84287478fe88

SHA1
ac84bbab6c09f53bd78f8b646dee3fa2c2234408

SHA256
df9db1ba49385c8c44da46bfad5f9543863fc9df6fd75ee8c825361d444b6699

SHA512
d0e179f48640fb7b5f2c57f4abad5354a36c8a4269d8ecd081d82b92f51323a13660b9a09e40e0d6a0e783a69c36f30690fbf5d48a6d338eedb9f505bac631a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eac05892-4eff-4985-be96-ff665f56cfb9\index-dir\the-real-index~RFe57becc.TMP

Filesize
48B

MD5
1150b2c2f220842120ed16ddf02f63e2

SHA1
6ceebc80d7c02c60c5e1c28104f4db8a48ae057a

SHA256
a6c263213e97d7b1113b9a79207ddba7ef692f59af4b00808279e6fe615e8f4b

SHA512
e553d32fcbf090def8d20dedcea32ba67ce2630b58c3b77ba3d709414c5f1a414d18b5a2bb63a635dbef32fdf7c70eafc7605b4ee4a8332c7eff7f3e0b1eb822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b925a0b4047b17c363e8d0a3aec756e8

SHA1
516319d7851a24fe2c634e197597481b91f970da

SHA256
75ddd443b061af3a620852ba68a8deebed43ce4d4087eb96c031468ac73f5d20

SHA512
08670491cf80d13122133ba4365021da7e8e5c2ddd93b4676c0bca22bef5a3b2d8f6d1dadbfda90e95c0a5c899e675bb2290d64f98cd85a75dfb8ae0cdc643f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
9799abbd7b5f3cb156dcefbcc0076549

SHA1
6d4809817bc7555a0dc9e5f3ad3a3d18a80d5c54

SHA256
9f0200ffa821ca2310862df7bfbc1e1b8b6e5e1d28ff57cd84792d10a6fec1a4

SHA512
d16546bcfeeabee4a44e607bbf16f17d7cd1f02c3dca93116ffb4dec07a56659c822e68b4f717236e39c33082cf1f08b0d10afc04c737406e20247f96c75840d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5fe578c75909e3ee2f2dc709e188d6e3

SHA1
4d3ebe7a0c893c017006a398e29bf33caac17419

SHA256
0ba8c3ca6c1d9a199d20dc09e0d927488a501ac5afd9d5b9faa8a58574537aea

SHA512
383e97aeef11d337657febe39bbafac90c54e6fdfddc540bfda0b5e96db193b8e0e82fa51648a638521136e348bcfc7ceb1a3b23fb69263f409fb79ddbbec35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57634e.TMP

Filesize
89B

MD5
1a6d3d8b2a8a82319b2ea72c2ef3b54d

SHA1
83e263286767fd96192ea3786341fd63fc465398

SHA256
0ccdd21dae2d00771b85c9f04f67688390292f6982db2938ddaa6ff416276b2a

SHA512
6b13db31f8654abbf649c68f7ad05c1f3c82d49df9857fb40a71af7be15cb296620e75517d99f50e58d2b1477be3f98639db2646afa18aa86f47feee588d7245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0654d6ea7084a4bfc39cf803b20a8104

SHA1
0c8d785d03637af5c32ad392e3f5c0c8c21f43db

SHA256
29950334efc2ec52159c7ee5e158effc5389ccf8cd2175ac900b523baf7c6828

SHA512
2949bf85b389e6578a9662d624277db4acca583a1c32fb62f474b951c214bb8604046bb2c2062845ca27d6dac068b5b10f6fca1b32409a00e19ef5aff86561a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
4dbbd300f82b89842a400951693c2a20

SHA1
16f7e3324c397b9625576ec1e6ad64a4a0b9057d

SHA256
c7e6a5741ed8b69d1de574054537ce11f65a37de6a6ccbba0ee000bdade89cf8

SHA512
5ab8e6487a898786bbd3f670c393355f85fe2041f1f82f3baaa23ccbc7d4c13a16743f6962a6dd2bd6d9c91eb91606b48e597293c6686ea6e93a3a4c939859bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b2d5.TMP

Filesize
48B

MD5
caa869c4e83803bb2c97805c15c3ecfc

SHA1
6db61843804114528160e01f702f6e633364255e

SHA256
a5f1ea88a6cafbe15acfcee70bd8005536b5c4b4ed9cc045a0938cecf8ecdace

SHA512
98bfb7478495f7b587c0d03ccd31f4719cbf72523ef3ead93187effabfe68d891ae158a504504a7833b6e7edd4ce292ad6102737ffdc0bc6d7fdfc0be195eae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
42e9b8ae609724ff502697ce0345bf7f

SHA1
50788e8bd96d6e3f85bd01565e882ff82292ad54

SHA256
c90cceb05de71b658efb9c035ee55575c29bc29b7f9b626950bedc293446205f

SHA512
1a70134900f440bcbbfcb768ff2bb4146bc16020460aa3c1492925eb014a01c8b7b3e4848262323d9f8108aa529c2a1407bf3dccd3e9fa0b0dff964b8bfcb7d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
420b4b7fa53260250cb3f83ff5066e02

SHA1
bc06844db024920e36c6f944f543e50adf02cf06

SHA256
05940ba9c79bc4974df9c96e737d93cfab6bdff88856d56081f01c18b2fc33fc

SHA512
c05cc44a4f518a207783ee228dae68987f328bd83c616cc74a62f7754baf22c51c990917f6d879502f08e9034b83065b6c59f42411f35743694289ee8f8df7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
07d178d0ed16d2285408ab676979d44a

SHA1
a60951fcf342af40da0de61377bfaf0fe61bc4e1

SHA256
3bf56105a36516ee26d799333f179707b68c8ce3564c084d02b9c8b92dc9a64d

SHA512
f8f2c1e3ea619a1d0e1b954920e8b24a43d2591cd840e4240d4d88378ba243cd72729cef2fde2bd9ec00e057a17e37cfff14449efb370d49b15b65c748c3139d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38c095be6c0084349b95e68d6288a93b

SHA1
ef0e6e5a1973421cf1dceccc70c5035d3a3e90ed

SHA256
e4bae184d064b31581bde7ea0d857eb4fac2fc6f3ca83edb513b55e0e8a12fb4

SHA512
82d900169ffe61311c8ed790d87f51b2d3432f3397c537cfd95f001f94ce55aaa4026e3e532726a1bf042ba72039ca1adc64c11099f69e9a79140e7ae8b464bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b14b084e21678b9eafc9d39e4ab49ca1

SHA1
0ba2a06242e9b011c3f4309ea91b65ba7cbb984d

SHA256
fc1a5bff3f9b8118da1aa19080a85a0fdf879d8e2bedeff29cd5c056d8a20ab2

SHA512
83f2693b15bdd12b1802abd8b286aee9c6529b408064683583d06a4a5f0fc916b2dbe91ca4625cca95c64b5a52b7b5212534cf87fb97e02e58ce6cc00a76ff00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e5c6fb2b18fe85969b0734b18b3a5989

SHA1
40e78c07820d5930a702308fe54e96a8064210ac

SHA256
2b0bc93550880aeeb18c6ef2487118dfe58dd41009038fa0e8f4176b598bec9b

SHA512
36b7356020cc1c6be131483ca9fa9147c53f5398e7743e39886bff34fa94318c0fb29647901da98d2c388e71b7a8602cb6ee00f6909db805f38abdf59fc8955d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8f3c60cf88fec47e740c0ca201a72151

SHA1
9d55469d59de7b185711b379e7c672a078c0ec6f

SHA256
b7130c0c54390034dde674327e2a4dbc338a435ecdcae2e65b7582c551bc5d5e

SHA512
3f4d450f9a6ebd0869cb6d3b5c161a614e53ef7c33d9c80748a098eb815b97bcfe7b19d5c446dfc952ca8af9b3674115fb8e68aec6ac4f36477490b514885a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80a9d4eda18802db0db49256a124429d

SHA1
cec7299d4989e0544f4a3b63369442f946fe27f9

SHA256
c0295d2b22c858d66fd6bdb5963ef3bf1e302e75f3c749d28768ea43475106fe

SHA512
7913e3643df5b062fab729b9ce86e4badc3127e5d7755dfad492338571a818f2896ef18c92c3da837e29ce79b4764e7b7c16576a8e4167e667c65f4f357d22f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6b29a6bc2feb406e6844f8e02a97386

SHA1
f77aa186d39ebef6ae28952a573f5432fad9c4b9

SHA256
656a7beea07bc05da3ae04d779936f28934d6fc9f736e492d6fcf34585303aa3

SHA512
8dd0a800426e4b6ce6235cadc38bc813a20864afea41e586fc401f2207ec96f96ee7468c273b05b3fd3e6035103aa7b8ab5c9873d0d0f6a889258a05785938ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ddf49397a69a28d781ec454059fe65e4

SHA1
29497ccf944f231364f4ee282382801477ae734e

SHA256
25a5e8289977cf8e54f0d566443ae2c2e6600768379ea324be12f6d1249b0ab0

SHA512
23a313497a5c398ed43b8a6e9e0d8e257b3fcf140913661350991945d0865eb4de4463bee3523f2b8929858de88d31e42436f9038e199fee2274ab9f43a0d5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581529.TMP

Filesize
706B

MD5
9a2b654243d6d5904b4108027afdb128

SHA1
b289f1e7cbbf2b4ee127f8b455037e599c6d2ecb

SHA256
43caa2870e525234e254b3dcee968da925be1918656b561cac0270dad22a2008

SHA512
7f9d4d97322c0c29395678345b1002b00a22b5487667bcd616b12fcaaf2a28597e57a25a19dff3b64e479577b65996396cefe11cacfca10589e6f57e8a09e506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2d839fc9404c63e20781371ffaad7822

SHA1
adbd90135ee08a717720613d02cbfb4762bcdd4b

SHA256
caf3261ee38b9c65d4a2d9ee49b18c52c6697f5ed60697f73f2288ce5013b432

SHA512
c66ecee66ee73e8fa531c769ea80167024f038ff4f4b733a638fc6bf2a929f61d309574570889d207fcf9cbf6f984a8232f3ab5b132ddfdaf61908e4744067b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
645c4c7ed5ca0160802c8498ef4f1b0f

SHA1
a84a6ff9218909062eb1b87d63198a2cdaac8575

SHA256
dfa165610b3d09354b85123f6fe2fa9aa408413eb9b0279effb1cb0f76eb31b8

SHA512
0ad339e4461f2f2be6ce8181e26b412bfec61536a0520bfe89636f7bc068a31517ea6cef858a3498308c65a0ca10a238f627cf9f234cf24a9fed28bb0b67aa22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\efa5b772-797c-4580-b333-df653f30f375.tmp

Filesize
2KB

MD5
08af19a73b81f2c5e3b07fe6d225a052

SHA1
7240d99ecab2c0ae16ed2a92851e5cf712ef81b9

SHA256
679182206fb228360de3041785bd8bf3276fb502618cff44ecb3731fc2450037

SHA512
b49ea145404652e08fe69ed8ce438a701486fdf25510bdf97bdbe6a8ee24fd0474582b7f73a7e203436e126ed5c51e9efff75dc528e525383259edd2669942f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cb2e881bd6c64791e2fdb525572963c

SHA1
3bdc4fd8706083fc13805dec3af662d4a1252424

SHA256
d75d51b6a1c45df8269c14c07442553a9f1810280e0b5962f355979e23789a0f

SHA512
4f0f86533b4d7d2b3274028b0ef33760fc85cf290eee7033d94fa7d1ca386f2dc492ed019a2fec68c80cb22deb795c8b5c6191548108c929820ad6b9410be555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8b11e8c5cee079a306a0d998d3f98dfe

SHA1
27219b3c00730741f31c18e33e4f8e8a39397c83

SHA256
e62baeb7a6c83097138ee5dfce303a74df2d31da7d6f172ceed6466247fac07d

SHA512
1c6b91a01cb86b3d50d23ba36dcea5ce6ec451741844df77f929c50931ffc10b4b03a875dabf4c65ad097bf1ee2bd8ee84a5c545bfda7d60673b80a0aa09e698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a14cb15cabc22a1146a6b1abc4b65e1a

SHA1
74b4c528e86a48cba4dd1bf76c592a9215305406

SHA256
717b49e768297cdc14c3e74cbbb1e789bd5dc34182f3d578c5f051ad3dbe2f3a

SHA512
84032b458c50e81df5e8e78d53f7d21d12f2b783b88b7466c073f934b2ee3d45f555b98472f02a3c36a7e9bdfc6354ae2240b572dca88022538d8405b7cd76b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aec062619de903fbcf74b8a48f7ae61f

SHA1
14006d91a2fb2a0b24c4ea71a93353c178e2f61d

SHA256
aaec51f4e2ae03a1aaa429ca4d07fea7d1b1652e697d909b875216f27e6569fb

SHA512
f105325b28a01eee376b7d1569b8d66c5f1d620741c8293bc9cb507c28f2cb59e238df5bab0b01da642cdd644e4641bb48e1f05062d2f50814a12c176ff4a584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfab403e8e247a03fae489c735842d01

SHA1
e9253228391a5f1222b8cbd2f007a98298dccb5f

SHA256
c260cf2ef99936afbbcf4ff6dbe8e8d73e8c0831f4a2a092cfeee2a7c93787f9

SHA512
db932f907540b54152ebe1f728563f4acdeeebde24f3cd83102ddb992b51eff2161cef9623cf9b15b20dcfce56fabce6e9365e804307fd80a7ee6187d2d1de51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f42ad263262f9756701a88cfef2409d7

SHA1
6249cfe36845d30597132ce33905fe98b39dced6

SHA256
c78521d68bd5c3bab49fabe5ee4e29138b28109ab55fa8adabd868d8654a85cf

SHA512
697cbf0ff471907f7a27f66a75bc943e39bca44cc44abff8100f086d28edca70ddf858650966e364e3164c0338b6c5addc0d20cf00c03ec9773f155deb8b0ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ba79c607e72d8c4125cf8871343aaaf5

SHA1
c9357e105d72ff68eb9a26131da32d11a545b1e7

SHA256
d461f268960feb5d4409efe02fbca80fb735b7d51cd548ca1e65276d84c88fe2

SHA512
392f74fa520086a2083c0e9f20a8ee19c99d8a7e45b93fe5ae0328a0280ea224b25925c55f869aa87e9d53c96d0f4f52796705324241666ef8c115939a61cd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
fe1a844f647800b00963f0f45035fcfd

SHA1
2695af16e73344c7ac857fc89336bf1d1d6732a3

SHA256
662835071396d1e863dec65fd8be2ab986227a99cdb4def1107f41afd78065dc

SHA512
4719c62c62acc3d664dff1b569149accac6aa3dd2320f7ef6e44ed7a1bc7d5346e83a9f1e664271613c3e5d7f9e1ee43a6139b1b2c81a583dd437c8d13f7a38f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
035a05b2ef96a2359714bede5d2bfcff

SHA1
3177c16c8f72ff48c71817f3fc580821770d1493

SHA256
a81701f2d45885013bfc7efe8a0fb2084890fc1f116532f0a852512ef4ced84c

SHA512
40d646649414904af4fcf889221e5581e66c43bb459f82c36be65b830f7d72120472a36c6757143e7e5e95873ec52e57bf759f7fb8051c7060e6b7c8741c00b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
5968cf7e3f34220960878caa52fcd0ec

SHA1
a6d87e1636deeacf1712dcb4290bc99400b25f93

SHA256
991c07e718cc1f546e42dcb2b296c6540b2cbc9c605f8eb0d05c3f4a53638f3b

SHA512
adc401dc35604fb901f9855b98e74b9cc17ce4eee7d386ad3d80042e22582aa9abfadc43ee5e471849d3361843ce1547fb7fe8e5a191dd88a35eef2cbbd7edf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
cf2511f5c7a478cb4ee77e4a3f8c5c12

SHA1
503ff9f926c514276c9d9f2f9bdccbde544a4589

SHA256
71569482e93421c41f60bd0426e0b59389da13b466a71002d3b2b8516752cad3

SHA512
fa2ef715e99c929457c30bbfb2bd7fc1f3b6e945a35abecdaae8a08985e64a13a4672d56f6a1313ecbff9fa9ae1c5f02b1a79aa04d1a251a835b71003fedbb74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
309B

MD5
55b604fc64d48b8d25a8a297adcab5df

SHA1
25d18ba678257b419b45fafb715c0262e31a0a37

SHA256
8e5db4d9e5469c70db785255e78070142fe1dda90389bd451da2b45c98d33813

SHA512
f11f4b67dbfabff6c87f471ff850d2538e19b865bb51f0e2c4f2dd2bb653f9a3275e50932131bff3414eb5b7a54f6ea1a126d5e1c60adfbdb6b9b592d9b221b6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
923defb83d2898d9748e12622a3785dd

SHA1
f9a06e57433a542b611327807ae54b3e71bfa6bd

SHA256
e09ce1b34be138e24351c1464817cc2390b8dbcd464c827523f6e891aee70f96

SHA512
6bf30bd803d644c665d533954ee41b3bf72f023342824a7b9394c65e8562193d21256dddd471c09cb44721a7760fb333f7273e5aa011e1fe5f21214d1c6cafcd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0d658473328b566723284833b464fc71

SHA1
255570f05b790e898e3cd2bba9ba9abb3b4f43c3

SHA256
2e591ab6ae4ff823e735fb06a91b76bd783ca2a17702f31e348f810e734a9853

SHA512
07f587643846cb30f8ffc07b0d0006aa8a7a187fc139fb3de8b26c250ccfaa4870c412cc31a5b673a0836a293e0005775c25038ff964db6fad3bf60d4bad770f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
536dd8baa231e4b977c17957b0de26d1

SHA1
32681dd00f322f01b18aaf1950ee9cbc7f3d9634

SHA256
0c2c71a934e69d9eb6efcff8758c4b9e983ba3a46f23933babcfd20df40dc5e8

SHA512
55551ee6b4a610c20365093054dab27f817c17d73b1d2b8ff612dcbe7d545316d50e6390deef97be35f7c0f936d84fffefe0bddadec61358406a8dc3b5403b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin

Filesize
7KB

MD5
dd5974aa54ec117f37fb3a05dae30058

SHA1
321dc0f1aa0e4b8820b5609eeee7da64be26e111

SHA256
c169bbe0ef3ade14a664b68da90cae65dc3873d1805c6a2582f0baa27ed87e60

SHA512
7e581ca83f7622dd65496c690624a19e314fa49a2da838ac1bd46ad94b9a9f3a0432ec38f81e06baa714b3f707209439a499e383412fc457d90ed665b2aca46b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b5db805059a87bc95f6411c63c78f5c0

SHA1
f4e6f6cf227e5156205c231dda51921608a18ef4

SHA256
d0b3a638d1df48b116b1a6c7e4e3690a9830f28a771f9b17b7202ded621c16e0

SHA512
016a606436430b590b31f4253f05e5e2506f82786939445ef52e03966f87b5fbf0a25a39c08f26415f734e6f509171676190e274345f022cd57b6487df7297f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7193ebca99b2c63326ca3062a6854778

SHA1
102f9938c9a0f30ea794525038ddf4ce3663f98c

SHA256
aab7816b7dff8f37a75019fb3db40bdab89ec29eacf0a941136bf0f93fd02e66

SHA512
38ca4873c24813a40db3e83b9e60d2cc8a61a1ebb41b6a944287504233230728d91fe7a61585620f23362722a7399c29b3e4b53f02ed1716d2ddbe233d556f03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f9514f45e2823dfd27460be0e3a0f276

SHA1
d68003b90f5454ca7344bc2a31d33892a5eb608a

SHA256
bb339bdc64bab5a648d5773a5d2af9c1924f42ad38de09ff44711541ac4ba8e9

SHA512
99604ff8c24f56b01e8edd74e8f21678a8286a26245e3bed370456c53ef37a8dbdb91f928137e23e6024f895b331da060b5d42a5df64886b2fe423d9e6641f82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c121b45d78e239da0566c569bbb19e07

SHA1
21904ce8cbb6247a56d4cb52a21c8b1723995e4b

SHA256
c453d8a3d524496f959b9d2d1b4774f41715cef619e320a5d561958f78a1f35c

SHA512
6aa5b4e634eea17707cba930d40ec3196e7e12598e685f11aa1e80ab736f639be310c742f293f83632bf27186b2d1b303c7da7f442d11e8df70f1c5157c9da5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\5d5ad9b8-eb30-4d92-9b78-a046722d3101

Filesize
982B

MD5
749386acd1421a765e269416d1d325a5

SHA1
f88b988e24f746de32d738c895871dd8d7b7ee33

SHA256
3aa3f2d5340fa7ed8f373b2efe616aa65e4bce42ffb490fe79a4995483ad10a4

SHA512
be78718440c270ed63b733bed1fa1f96fe520dfd4d318167b44f258dbf70f5d23f46a0dcafd40bde7e4e3d0831fe63b69164fcec9190bb3bc90d9e9e9e2ebee1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\6135ebaf-9607-4231-a250-0c9310f34441

Filesize
671B

MD5
1d6c63b9b81bbd633bcc276878ee6212

SHA1
0f8140ecb82cfa46b70e33d8142d3c5b300e9f44

SHA256
7864c8300bd1ca7004c52bad36f7f21590d93ff98ff4b5a983a0d403f2bb38ea

SHA512
be16770c02426e95985c516e50f2ed2fbf434cbaf78febf50580c7f4348c5adb3a853dc714acc0eecd72e2ff4ddf9e1dd3e932ebcfc0a8cb10b88e2fdcd5deb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\624cd8df-4188-4d67-8696-243e20dda756

Filesize
26KB

MD5
9b429e46c7f3773d9d84a78c4d733d3f

SHA1
cfe94c9bc3ada1ca0a02b4d1272876df5c520a3c

SHA256
fc2bd2a19bc337afe31c18575316f4e1dc4865ff36c0fbd77ccfce60797ead89

SHA512
34dfcfe137cc1899dcf2156d079a2e57f113f015bb053de7172dd9c5cf5f5f62891288b3411e64f54100e7756f8bf0a21ea1e4954e2dec296b26aa8f0f854cee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\a5d1fdb7-5f0e-4f62-87df-1ee6f70f0d30

Filesize
11KB

MD5
084adda62ea72e39bdcf637aa80a8ec9

SHA1
aa63f9e58bac3c342d1d77d11bd517a12299aa28

SHA256
8f3d2bb1998f1da00d21b103bed8f838be21d6b5e9d276b29e58b1c732f02a94

SHA512
c081534b38fddcf72f37ac0ade0cb7d7b4a96878f30ffb97da3288d052b6273aae54f52a134a57def46ebf05198721afb7c5456954f35da0cec31015c5b38838

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs.js

Filesize
10KB

MD5
69ff9db48783602836aff54183549942

SHA1
11800c739691f9a7f8772526d1bbfbe0674a8c83

SHA256
e5c4345053771644b550a441d574028612531292911fcb9362e612a5f9463237

SHA512
b43b588e1066b6ba2eb9a42333a7e11c365179a496f7447e94e48da8897bde838dabaf6e36fa94315c187240727c2ca5b99426144dab1bf4c081a5e73de58c6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs.js

Filesize
10KB

MD5
953e64d357eea75a942373d805b5bb42

SHA1
c7320212430f5c5e3ce9aa1e07f8c71e9395475e

SHA256
1bc3f455033b300757c50da7b6caf1bc92673ccf3591bd459acfcdcc088491bf

SHA512
60f960f9068fb5242a3df42eb6535ca3c6314824fa86ba3cf6101e4bac157c0c2405f34bdb7ffe4e4a02016ff0ba205026773c72670a3df29608eecf9991db4b

Download Submit
C:\Users\Admin\Downloads\Melissa.doc

Filesize
40KB

MD5
4b68fdec8e89b3983ceb5190a2924003

SHA1
45588547dc335d87ea5768512b9f3fc72ffd84a3

SHA256
554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

SHA512
b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

Download Submit
C:\Users\Admin\Downloads\Monoxide.zip

Filesize
200KB

MD5
e77bca3013a7cdd34871d734a294d60b

SHA1
697b1f62007b9b9fbe6f1e98aede0e5800a6a6f7

SHA256
0d1c5ead44e729aa9b25547bad1f128759d144b8ecdec25bb28d67d694a5b3e0

SHA512
d9ff6c0fdc7cc2378b3de99abce734b6248c8c91fe78cd6c68cd5e84c6400beb0c5192eb9aa28fd22f60744e8c26d29fa5b6dad79296a1c84f0d2275a30628e2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 465793.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 696635.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 902522.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
memory/4688-1274-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1273-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1269-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1268-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1267-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1279-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1278-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1277-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1276-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/4688-1275-0x0000025998660000-0x0000025998661000-memory.dmp

Filesize
4KB

Download
memory/5056-1283-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1399-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1284-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1400-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1281-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1282-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1285-0x00007FFD439C0000-0x00007FFD439D0000-memory.dmp

Filesize
64KB

Download
memory/5056-1286-0x00007FFD439C0000-0x00007FFD439D0000-memory.dmp

Filesize
64KB

Download
memory/5056-1398-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1280-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5056-1401-0x00007FFD462D0000-0x00007FFD462E0000-memory.dmp

Filesize
64KB

Download
memory/5364-2366-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5364-2367-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5364-2368-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5364-2363-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5364-2364-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5364-2365-0x0000000004F70000-0x0000000004F80000-memory.dmp

Filesize
64KB

Download
memory/5824-744-0x000002C45F3D0000-0x000002C45F3D1000-memory.dmp

Filesize
4KB

Download
memory/5824-724-0x000002C456F40000-0x000002C456F50000-memory.dmp

Filesize
64KB

Download
memory/5824-708-0x000002C456E40000-0x000002C456E50000-memory.dmp

Filesize
64KB

Download
memory/5824-742-0x000002C45F2C0000-0x000002C45F2C1000-memory.dmp

Filesize
4KB

Download
memory/5824-740-0x000002C45F290000-0x000002C45F291000-memory.dmp

Filesize
4KB

Download
memory/5824-743-0x000002C45F2C0000-0x000002C45F2C1000-memory.dmp

Filesize
4KB

Download