njrat | ba38db076db9709a7b5e70a9a81ce2b1116800e60951006c4c5f4534fd55f16d

Analysis

max time kernel
72s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2023 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

920-55-0x0000000000150000-0x000000000016C000-memory.exe
Size

112KB
MD5

6bf92ac881f8bcf056d86806f358f2ad
SHA1

f0576d75b587612fb22137757c0486103e05eec1
SHA256

ba38db076db9709a7b5e70a9a81ce2b1116800e60951006c4c5f4534fd55f16d
SHA512

a39557f3359dbd072234de4f22da937687bac992ce2182bdd39ef2cbd3f052d7c238f82ebd908291e24eb54f9937a22be62bbfc20e0e2c9d4213c55fe4da4c04
SSDEEP

768:zY3rETnkpjTMpALPGMtsas88EtNXhU9f1mxCXxrjEtCdnl2pi1Rz4Rk3BsGdpVgM:6E7kVbPGHz88EbE1pjEwzGi1dDRDVgS

Score

10^/10

njrat hacked evasion trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

Zm9ycnV4eC5kZG5zLm5ldAStrikStrik:OTA5MA==

Mutex

30bf20a7c4c21398efee41949036ac7b

Attributes

reg_key
30bf20a7c4c21398efee41949036ac7b
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Modifies Windows Firewall 1 TTPs 3 IoCs

evasion

Modify Existing Service

T1031

pid	Process
1964	netsh.exe
1588	netsh.exe
4032	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	920-55-0x0000000000150000-0x000000000016C000-memory.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	server.exe

Drops startup file 6 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe	server.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe	server.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30bf20a7c4c21398efee41949036ac7bWindows Update.exe	server.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\30bf20a7c4c21398efee41949036ac7bWindows Update.exe	server.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe	server.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe	server.exe

Executes dropped EXE 1 IoCs

pid	Process
2776	server.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\autorun.inf	server.exe
File opened for modification	C:\autorun.inf	server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1132	3516	WerFault.exe	126

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	server.exe

Opens file in notepad (likely ransom note) 5 IoCs

ransomware

pid	Process
4840	NOTEPAD.EXE
4268	NOTEPAD.EXE
6396	NOTEPAD.EXE
6452	NOTEPAD.EXE
5000	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe
2776	server.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2776	server.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe
Token: 33	2776	server.exe
Token: SeIncBasePriorityPrivilege	2776	server.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2776	2152	920-55-0x0000000000150000-0x000000000016C000-memory.exe	86
PID 2152 wrote to memory of 2776	2152	920-55-0x0000000000150000-0x000000000016C000-memory.exe	86
PID 2152 wrote to memory of 2776	2152	920-55-0x0000000000150000-0x000000000016C000-memory.exe	86
PID 2776 wrote to memory of 1964	2776	server.exe	87
PID 2776 wrote to memory of 1964	2776	server.exe	87
PID 2776 wrote to memory of 1964	2776	server.exe	87
PID 2776 wrote to memory of 1588	2776	server.exe	89
PID 2776 wrote to memory of 1588	2776	server.exe	89
PID 2776 wrote to memory of 1588	2776	server.exe	89
PID 2776 wrote to memory of 4032	2776	server.exe	90
PID 2776 wrote to memory of 4032	2776	server.exe	90
PID 2776 wrote to memory of 4032	2776	server.exe	90
PID 2776 wrote to memory of 4108	2776	server.exe	108
PID 2776 wrote to memory of 4108	2776	server.exe	108
PID 2776 wrote to memory of 4108	2776	server.exe	108

C:\Users\Admin\AppData\Local\Temp\920-55-0x0000000000150000-0x000000000016C000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\920-55-0x0000000000150000-0x000000000016C000-memory.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\server.exe
  "C:\Users\Admin\AppData\Local\Temp\server.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Drops autorun.inf file
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:1964
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe"
    3⤵
    - Modifies Windows Firewall
    PID:1588
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\server.exe" "server.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:4032
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\AddRemove.dib"
    3⤵
    PID:4108
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\AddRemove.dib"
    3⤵
    PID:3228
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\AddRemove.dib"
    3⤵
    PID:536
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    3⤵
    PID:5072
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      PID:2652
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:17410 /prefetch:2
        5⤵
        
        PID:4976
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:17412 /prefetch:2
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:17414 /prefetch:2
        5⤵
        
        PID:2256
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\AddRemove.dib"
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BlockUnblock.html
    3⤵
    PID:544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:4092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2708744776681698583,4152399132150469931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
      4⤵
      PID:5416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2708744776681698583,4152399132150469931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BlockUnblock.html
    3⤵
    PID:448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
      4⤵
      PID:5268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
      4⤵
      PID:5376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:5260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:5932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
      4⤵
      PID:5980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:6612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
      4⤵
      PID:7024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
      4⤵
      PID:7948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
      4⤵
      PID:7936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
      4⤵
      PID:6056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
      4⤵
      PID:7468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
      4⤵
      PID:5284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
      4⤵
      PID:6352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
      4⤵
      PID:8840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
      4⤵
      PID:8252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
      4⤵
      PID:9044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
      4⤵
      PID:9028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
      4⤵
      PID:9124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
      4⤵
      PID:8468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
      4⤵
      PID:8744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      PID:8196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0xec,0x22c,0x7ff75a005460,0x7ff75a005470,0x7ff75a005480
        5⤵
        
        PID:9032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7368 /prefetch:8
      4⤵
      PID:6352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7368 /prefetch:8
      4⤵
      PID:4852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
      4⤵
      PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18404123840137174376,5143692856262395482,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
      4⤵
      PID:7952
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    3⤵
    PID:3272
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      PID:1668
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:17410 /prefetch:2
        5⤵
        
        PID:2120
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
    3⤵
    PID:1136
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
      4⤵
      PID:880
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:17410 /prefetch:2
        5⤵
        
        PID:848
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointBackup.aif"
    3⤵
    PID:3516
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3516 -s 1332
      4⤵
      Program crash
      PID:1132
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointBackup.aif"
    3⤵
    PID:5076
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseUse.rle"
    3⤵
    PID:2624
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseUse.rle"
    3⤵
    PID:1464
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\AddRemove.dib"
    3⤵
    PID:2564
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySplit.rm"
    3⤵
    PID:424
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySplit.rm"
    3⤵
    PID:3880
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desktop.ini
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:4840
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desktop.ini
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:4268
- - C:\Windows\SysWOW64\fontview.exe
    "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\DisconnectComplete.fon
    3⤵
    PID:3460
- - C:\Windows\SysWOW64\fontview.exe
    "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\DisconnectComplete.fon
    3⤵
    PID:2996
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitResume.3gp2"
    3⤵
    PID:4432
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitResume.3gp2"
    3⤵
    PID:5216
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExpandMove.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:5480
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExpandMove.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BlockUnblock.html
    3⤵
    PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:5524
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointBackup.aif"
    3⤵
    PID:5728
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseUse.rle"
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BlockUnblock.html
    3⤵
    PID:5164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\BlockUnblock.html
    3⤵
    PID:6024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:6176
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySplit.rm"
    3⤵
    PID:6252
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointBackup.aif"
    3⤵
    PID:6300
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desktop.ini
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:6396
- - C:\Windows\SysWOW64\fontview.exe
    "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\DisconnectComplete.fon
    3⤵
    PID:6628
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseUse.rle"
    3⤵
    PID:6716
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CloseUse.rle"
    3⤵
    PID:6604
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointBackup.aif"
    3⤵
    PID:6420
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitResume.3gp2"
    3⤵
    PID:7080
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySplit.rm"
    3⤵
    PID:7068
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CopySplit.rm"
    3⤵
    PID:7108
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExpandMove.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:6540
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desktop.ini
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:6452
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desktop.ini
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:5000
- - C:\Windows\SysWOW64\fontview.exe
    "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\DisconnectComplete.fon
    3⤵
    PID:6140
- - C:\Windows\SysWOW64\fontview.exe
    "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\DisconnectComplete.fon
    3⤵
    PID:5960
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitResume.3gp2"
    3⤵
    PID:6952
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExitResume.3gp2"
    3⤵
    PID:3780
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExpandMove.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:6536
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExpandMove.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    PID:6648
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantSelect.avi"
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:7536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:5532
- - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\PopDeny.xltm"
    3⤵
    PID:7472
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantSelect.avi"
    3⤵
    PID:7284
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantSelect.avi"
    3⤵
    PID:7228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:8076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:7776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:7736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:7268
- - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\PopDeny.xltm"
    3⤵
    PID:4768
- - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\PopDeny.xltm"
    3⤵
    PID:8068
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantSelect.avi"
    3⤵
    PID:8832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:8224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:8780
- - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\PopDeny.xltm"
    3⤵
    PID:9136
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantSelect.avi"
    3⤵
    PID:8588
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
    3⤵
    PID:8652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:9168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae47c46f8,0x7ffae47c4708,0x7ffae47c4718
      4⤵
      PID:8600
- - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\PopDeny.xltm"
    3⤵
    PID:6748
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
    3⤵
    PID:5512
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
    3⤵
    PID:9140
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
    3⤵
    PID:8212
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopUninstall.mpv2"
    3⤵
    PID:4560
- - C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ReceiveDismount.odt"
    3⤵
    PID:4752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4272

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3516 -ip 3516
1⤵
PID:1804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8332

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5324

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4932

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
PID:6436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
471B

MD5
f405f88bb3eb133681a2f69ef63d07a4

SHA1
b9575849c6e57abc41f94c2f7f33d8e16f2016d5

SHA256
fc600a40743642de2ffacd298e14f030ceeb069923d1853f21f86d56ab90ccc4

SHA512
328f5b4ccc9e5fcdaee7f6873db3e0f0c15ee0ab975774563610f988bf4ffca2f80bd6e92419b3f97cc1e9d2ad7899144dcc3eb096a18f5effa37689905680aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
412B

MD5
b9488a500a69c0fdea7e7acd43cd177e

SHA1
6d2f507704bdf40853eb91740f3bee7def9002ae

SHA256
4ffaaf91f4f8a23a8995b7156847dcb9b34984895dd4db23764d225ae37fbe8f

SHA512
90a9aff7e0d74d3c0eba5fef9445ddaddee55c9798b67d39d698a983d48cbed25dffdea9e74868709a7df2c4fbb07e60c2af756282970f8fae3c44d2e9cafd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38d0a7fd90722cff0a5890485a66ef2d

SHA1
ed5b99f7f8ba3e06e3c4b55ee67010f40bdb2d7a

SHA256
1e85245a812a8d7fa0e4fbbac2cc37f091df8c895fc7b27d217817d4f1066c85

SHA512
805450fbb9b83c810d98c32bbe6514ca3fa802a886f082a8ec42094fe3e45e6314bff3f9ca83b11c74e46a6f2b7f43a62385efc8784643acd54d033f72b4d18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
e947e09df80521892af00941a907b67a

SHA1
2ef91b8359e88520c3901fb8298aa9d12b9ca63c

SHA256
7434d90a2f3caaab9342ac0c7a0aae0d4ab7630069c00229eb9549398419e409

SHA512
25106b5ec77821127cf1e8c975d6a6306e70b0216657067d44aa1ec32d0b682e3fd74d5e3ce577ec5173c0e217b20ebd045f716b2bcd8273d0929d6a57abf70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
c0e91e092af9b91ed39de2fc711958e2

SHA1
8183ad8ee39f69e4a32c2edcf2f2b2a85c312dae

SHA256
693c6d86efa03b9e70067e8cf1fedef71cf1300e28f5216d16664405ae6b702d

SHA512
8646069cba7efc7d646ca898a5912c11ece9a5e172b0d051d02b2e722e35fbebb9d989ce154f70c4d29855093802977e125765cae79aec909b21b056f38afcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69c6c6e3ad062837771b29cf188c9789

SHA1
f61ac36adbbd137800b7c4b909c200b5b4e91781

SHA256
20e8c3409d068b9240bb913082c2555b26f069fe6cbca3c20d326c1a5d5996cd

SHA512
8f3ba1d284c1ea2bf4e4d9c3dcde2b230cd75ee15eb8d94af38472a571d03330af76873244ab68687da8fdfce6414f7e2fa83fb6d59476342f1c298bd40ce34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0566305a428f04275ef37428d2b94c5

SHA1
ff502d2a5d90c05e8e8e02119a43dccd3955cbcd

SHA256
9bc6d55fff991789ec1e477fa36d77765f9be41e984a1df1a985fd95bde909e3

SHA512
7a4c62706cbc9fe9c4cd0be4290977cbe0349c443fc991c9728ea2722cda67d7447b76c17c046e48be2876931b370b732b6cc41f27e707def2dd42b3af386bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8e1229ebd31706b1b1dffaec9cde468

SHA1
7283fd94338a0f217db4c7f6dce4ef694ce5e0d9

SHA256
47aacd1370161154e29e4b5a111d9bc3fe26f235073cdebf52b4758fb96aaac1

SHA512
2c0e30b2175e073a8b7631bd550b06ab211e6d0919dba5147d19e87d3bb0d3d0dfc250f7e11e79cb599a8e649a3c1a460ee13d4db7c0ad81b030841af984755d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bed3d59d6a36e4cb59bebd6523290b84

SHA1
6989102e366b1d2788dcc7c0b89a050e3fc80af4

SHA256
f6a33828d69dbab70d96b367fb29be32c673d02e3276aa263c696a325e28b6bb

SHA512
068556a7a9938747c160ee8e08db28bda33e31f87d1b02632ff7e14d2d090af3fead3f7bd030af0465d6350e1a2619fcc9bc9e72af785ff7a8f5ad784de1d75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5dc5806aa1ec5774f6e014e88d7876e9

SHA1
3c358b7cb64b29a1befffdd331947d13ea5e7898

SHA256
53d870b57945278ed96f9921b8626abddf54c092618fd0bbed3226c7bdb55aec

SHA512
dfe13cc12e3e40c9e615d91407841c4701410a7d7d0c1f49585cfa62d04479f3ff7420b81ff15dcbb8a46a40671a024bd998e6dda16634ce955ee54fd650bc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5dc5806aa1ec5774f6e014e88d7876e9

SHA1
3c358b7cb64b29a1befffdd331947d13ea5e7898

SHA256
53d870b57945278ed96f9921b8626abddf54c092618fd0bbed3226c7bdb55aec

SHA512
dfe13cc12e3e40c9e615d91407841c4701410a7d7d0c1f49585cfa62d04479f3ff7420b81ff15dcbb8a46a40671a024bd998e6dda16634ce955ee54fd650bc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
4ef46c86156fe87a85bd53f520260a46

SHA1
336f5b58bf9ee35601b1f2b81f8512dd66f58347

SHA256
ff47992a71b33fd536ab1cbb035ed0e9ea0d73daeff0e5cd567b085bb9c69a1e

SHA512
c28420be436b6d719855d148afed7436cc772807dbc584d17c86d4f3a19bfb918fd36b9c49368ef3b546c5d87f84cbbb8d1a82d976761a8164908487595f852a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f091e60e6d8745b0b86ed0e7b2f32f92

SHA1
4c7a47b52e3be093cdb11fafd637d80da4fb6494

SHA256
61e30bbc2bd8640e51c929df88a2d943c9a5b6a0e9ffa3aed0be7fa1a83786fe

SHA512
683aa23e992451bb2149a9f7f74638a429eefe094c4a590b03ddf101edf8ae3fccf203c764e192d99f42345aab3c1db6bd5b7faea0fb128be4779ec02718f275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CE63140-C464-11ED-8227-7E7F627BF915}.dat

Filesize
5KB

MD5
67286337b9fadad58e503c98a9a4d824

SHA1
2fa1a46d99fd3a14cd760ba3bb6c19bad1b2aebb

SHA256
a06dc284679919dcce6c8c1996d8a40ce87e65c9ebb7d90df1cabbd6b367121f

SHA512
390139d48d609b7b49958dee535f4c805e9eb03ce2350fd7b06531d3e5921eeb07304f0a6d827d75c9bc0949c752331e93322b81e174e8db1e2adff346dc9f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4CE88FB2-C464-11ED-8227-7E7F627BF915}.dat

Filesize
5KB

MD5
16aa9dbf2a672a27c015b07403146d84

SHA1
d066daf6851f857b24cd8e0796da31ae4e61f89d

SHA256
e39e14ef04e8eac7634320ee052a9fe2b8b6a6937c3fac3c5e8b92e1f4f1479f

SHA512
ccdc01352e9672d31b3ead2945a82a23a7e1e6c04a813d90eec3466adc0f70b26c9ce682e224e748d6053a13ea480b61d85d38f515c9ff936b87c0a709e8cf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver148D.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7A4F74E2-0CA6-4F94-92D4-D136697680FF

Filesize
152KB

MD5
74368fdf0c04f9cc4317397f90d7ad86

SHA1
64bc2385fbb58b12b764b09925ae301d477dbb96

SHA256
4fb7bf0702e02d98b87f7cd0b01cb05cdc70c7c3a2b4dc785ec52c20103b8d23

SHA512
ccaae11eb271466846e74bc3bf8de99f8044d9f6003be42b220f247cc2e829d433cd85277b836938879c44bc1d9c3003b4715cdc759af94c8405ec6802698340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8C071A53-24CF-43DE-BE81-B9258DD20D09

Filesize
152KB

MD5
cfc8a8d08c8b821668f2a1c219d21107

SHA1
02411fdd37e26e68a59d3b44730f83af2cb0cf05

SHA256
9a41e8595fac5891ceb6d85662c933466c588529b70007d2737f122166d70f7e

SHA512
a3d8cdb02c3b5572993f0978de7e3cb4e06c0a111e6621bedc805dffa69db3043a4ffc27ba0c035bb1b936b40ec68262e8f7d50b0bc6d6d4afd96a7e1ef922e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db

Filesize
4KB

MD5
f138a66469c10d5761c6cbb36f2163c3

SHA1
eea136206474280549586923b7a4a3c6d5db1e25

SHA256
c712d6c7a60f170a0c6c5ec768d962c58b1f59a2d417e98c7c528a037c427ab6

SHA512
9d25f943b6137dd2981ee75d57baf3a9e0ee27eea2df19591d580f02ec8520d837b8e419a8b1eb7197614a3c6d8793c56ebc848c38295ada23c31273daa302d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
99a11b6e25defa10ee8728778c197328

SHA1
f60d2363d7a35c1296e8848d16f2873a74af1518

SHA256
6dc1b3172b53abde5411c14ca15d6c14d6e7f87cb819a77dedeb70a1ae768b38

SHA512
1c178ba4e447cb117d53d80fd02cac9902a624d153688a7762adf534ea3136cee43b19d6c1e0f7be150f7e900531d40b053113d89dd0959aa528c61464f5f826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
52KB

MD5
99a11b6e25defa10ee8728778c197328

SHA1
f60d2363d7a35c1296e8848d16f2873a74af1518

SHA256
6dc1b3172b53abde5411c14ca15d6c14d6e7f87cb819a77dedeb70a1ae768b38

SHA512
1c178ba4e447cb117d53d80fd02cac9902a624d153688a7762adf534ea3136cee43b19d6c1e0f7be150f7e900531d40b053113d89dd0959aa528c61464f5f826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
56KB

MD5
685cf8b0f736e622c3d9719186317766

SHA1
e6c2488e94c6d7d2662349bed18e310ffb9a6830

SHA256
ed7dc78b12eff9d517df0f9d31540e2b96e6bf9a012b3062313368e3ea33ddbb

SHA512
41445f9ce692b2f5466c7d8b08dfe0d6e6db5b6ca768959355d2c032a5502759fd02d392a30b358baa5245516c4fa3bb481d725a652cd81eb9c6cca45eb9ae82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Filesize
60KB

MD5
3fc3decb3fbf3dc654996a8e992c30c2

SHA1
511bd2a0005bfe8c7f92e5d0df176ae4398d3f73

SHA256
21628ddb7f146d18e61e59720c943f6f1560ecb8975b764b8027fd0ea298e087

SHA512
3c725ed34e6dc450ec30e5face7f8704f9a5e9f2089ee3eb845632bef4819ddcac938e3a86f7505db3b826b7fefac3cd54a57190a1c4c57c256a216104c76ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.exe

Filesize
112KB

MD5
6bf92ac881f8bcf056d86806f358f2ad

SHA1
f0576d75b587612fb22137757c0486103e05eec1

SHA256
ba38db076db9709a7b5e70a9a81ce2b1116800e60951006c4c5f4534fd55f16d

SHA512
a39557f3359dbd072234de4f22da937687bac992ce2182bdd39ef2cbd3f052d7c238f82ebd908291e24eb54f9937a22be62bbfc20e0e2c9d4213c55fe4da4c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.exe

Filesize
112KB

MD5
6bf92ac881f8bcf056d86806f358f2ad

SHA1
f0576d75b587612fb22137757c0486103e05eec1

SHA256
ba38db076db9709a7b5e70a9a81ce2b1116800e60951006c4c5f4534fd55f16d

SHA512
a39557f3359dbd072234de4f22da937687bac992ce2182bdd39ef2cbd3f052d7c238f82ebd908291e24eb54f9937a22be62bbfc20e0e2c9d4213c55fe4da4c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.exe

Filesize
112KB

MD5
6bf92ac881f8bcf056d86806f358f2ad

SHA1
f0576d75b587612fb22137757c0486103e05eec1

SHA256
ba38db076db9709a7b5e70a9a81ce2b1116800e60951006c4c5f4534fd55f16d

SHA512
a39557f3359dbd072234de4f22da937687bac992ce2182bdd39ef2cbd3f052d7c238f82ebd908291e24eb54f9937a22be62bbfc20e0e2c9d4213c55fe4da4c04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f2f012d34b7de3b569ca3480273691e5

SHA1
7ee8b8af34be3bcd7f5b849404408d669465bc98

SHA256
41b45d3f911effc387b2fd2e6167b3a551b49459882987aee70cabb386177102

SHA512
05a56d55d64a30a3737c62b5063ec00c68aab0f4fce8e3c19ca2f0817086ca84ed5800fe0587f6195b08eb5b78d2737740fad2b56c5680acb0daa8da154e0d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
020dedb37d5b6ba0de0d9a7be1f07ef9

SHA1
a3b51d365af81f2883a1b2fca00a627c50e563ac

SHA256
f5f1bb42503a03862a37c5f787eb781c77a89208fa62b276d6ec0e3fd65e664c

SHA512
41ad3d02ea63205b72a283b2144b995fc3c048fd2efb7fdad19549dc9e0e7b486798a5e13381e65c90640c7bcf40615da793b3db1820d0cfac0fc34594571d85

Download Submit
C:\Users\Admin\AppData\Roaming\app

Filesize
5B

MD5
69cf10399d0d1350c3698099796624cb

SHA1
d0b58b76ff065f51172971853a7da414286d9ea7

SHA256
a7bff94c7cdef50b67a3bab142ebcec4d360491e339581c41f433fec6d002f48

SHA512
5e1c9745b2b529c026e51fbff7fd4e1e0bd208c705b7da830459758d28c01b32b9bc93caa7ad60228d3e785784023d8a739fda0dab62d3c76770ea84c257f1f7

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
1KB

MD5
6b8853363431302831a2fb45d8fda14f

SHA1
14ea4c0a5eda688f21d53a060a2e84a1e75f6452

SHA256
7ecf57fe24edcb68995cee6ba731b1d0d687639667b0df44034bb399dc2c0d84

SHA512
6fa857defb0f83b7ce1d2a1aa01a9111d9efdad41225e174ac3d0125c1d2e3a96aae692a3eb20bbb8a60ffbf9c7c90f4376065a90b0102213ef1eeed59c1071c

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
2KB

MD5
7fde8419aada61f35d31e7f88b94f7e6

SHA1
86ccec8fc32da34f66f442f22d328ca319a184a0

SHA256
07981b961a77fef62510a237ef7b90b9fd1a307a9e9a1e1a5a3a416f041c0aae

SHA512
b94d65183bf0178b9fe89bd95001a7a0353bac0dd3a5d89e1f461766afcce042484e78cd27977862b800bdf2feb7ff690058ffff270a690d1d0adbcdc152565a

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
4KB

MD5
3a99ef733851e5434ecaf4354e2f3700

SHA1
246301cc62f1db432cd3e443f2341d4e189d55a4

SHA256
9c87eebaf8dea6c3e963211d8f2e74ccca3551563c4b7a32a800aa38db844d59

SHA512
1d5c94ce76e970bc7a221fd8e4b6517da7e7cb9db561c02a262df9637224febc738b973d93fab5e058f1acbc8e3b720df2545ef4e09e649556bb46ee7dba9973

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
5KB

MD5
601c6ae8ea964fbeead9be5468c7b02d

SHA1
b2da74f60c11c00bf0899470610d7a6adba8b206

SHA256
e81a57278a5dda5052253c2404aa4bb93e77171672725a40d4d1aac3823f3575

SHA512
b18cae7ae60ddc4a2ccc4a0007bdfbd451efd5072f71ed19ca23adda27dde86dd6a5337c552c82c19bbbe5349e7a77fd136c16b3c6d8c83eefd049fdd91ec229

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
10KB

MD5
c9e3aab2ca5884da5684d624963bbe2c

SHA1
ee683a65e630d3ea1a1dc8bcfa7ff98819d02779

SHA256
f5cf8ddc1260d5b70544319551b57e47479f9cabb7b2d8c30142957369e20999

SHA512
11fe6795d0da9ad6bc626abb29ac6500dc6fe52af34e952981fe6f30ec712a5ebbaaffeeac7465d4c3b27a2678ee34972982f0bce9e3d851913bfde3aeecf2d8

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
11KB

MD5
5b3e3e44b8bc634845ae38bf997a0096

SHA1
5798b9c28ae39428c7948c1022c60945bf6cd770

SHA256
684e3346c9b084a8e673090495d54cce24a0087ee750e560e8924d2265de59aa

SHA512
d95815b27ce65ef86f5dc1b2e207ab83b4f094ab9f583eddc3f3e163572d06331f6657073b9ed7aa6660a68f92e8bbe24258e8e5be365cd7ca722faa5c58ba09

Download Submit
memory/424-181-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download
memory/424-189-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/424-198-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/424-196-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/424-194-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/424-178-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/2152-133-0x00000000017A0000-0x00000000017B0000-memory.dmp

Filesize
64KB

Download
memory/2776-661-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-163-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/2776-833-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-819-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-816-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-793-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-776-0x0000000005590000-0x00000000055D0000-memory.dmp

Filesize
256KB

Download
memory/2776-771-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-769-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-755-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-751-0x00000000077B0000-0x00000000077C0000-memory.dmp

Filesize
64KB

Download
memory/2776-723-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-681-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-674-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-671-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-663-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-642-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2776-608-0x0000000005590000-0x00000000055D0000-memory.dmp

Filesize
256KB

Download
memory/2776-566-0x00000000077B0000-0x00000000077C0000-memory.dmp

Filesize
64KB

Download
memory/2776-146-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/2776-538-0x00000000077B0000-0x00000000077C0000-memory.dmp

Filesize
64KB

Download
memory/2776-161-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/2776-162-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/3516-309-0x00007FFAE3430000-0x00007FFAE3630000-memory.dmp

Filesize
2.0MB

Download
memory/3516-364-0x00007FFAE30F0000-0x00007FFAE3114000-memory.dmp

Filesize
144KB

Download
memory/3516-303-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/3516-336-0x00007FFAE3340000-0x00007FFAE3351000-memory.dmp

Filesize
68KB

Download
memory/3516-292-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/3516-306-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/3516-308-0x00007FFAE3630000-0x00007FFAE3641000-memory.dmp

Filesize
68KB

Download
memory/3516-313-0x00007FFAE33F0000-0x00007FFAE342F000-memory.dmp

Filesize
252KB

Download
memory/3516-335-0x00007FFAE3360000-0x00007FFAE3371000-memory.dmp

Filesize
68KB

Download
memory/3516-295-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download
memory/3516-307-0x00007FFAE3650000-0x00007FFAE3667000-memory.dmp

Filesize
92KB

Download
memory/3516-323-0x00007FFAE33C0000-0x00007FFAE33E1000-memory.dmp

Filesize
132KB

Download
memory/3516-337-0x00007FFAE3320000-0x00007FFAE333B000-memory.dmp

Filesize
108KB

Download
memory/3516-301-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/3516-343-0x00007FFAE32E0000-0x00007FFAE32F8000-memory.dmp

Filesize
96KB

Download
memory/3516-324-0x00007FFAE33A0000-0x00007FFAE33B8000-memory.dmp

Filesize
96KB

Download
memory/3516-345-0x00007FFAE32B0000-0x00007FFAE32E0000-memory.dmp

Filesize
192KB

Download
memory/3516-340-0x00007FFAE3300000-0x00007FFAE3311000-memory.dmp

Filesize
68KB

Download
memory/3516-348-0x00007FFAE3240000-0x00007FFAE32A7000-memory.dmp

Filesize
412KB

Download
memory/3516-356-0x00007FFAE31D0000-0x00007FFAE323F000-memory.dmp

Filesize
444KB

Download
memory/3516-334-0x00007FFAE3380000-0x00007FFAE3391000-memory.dmp

Filesize
68KB

Download
memory/3516-358-0x00007FFAE31B0000-0x00007FFAE31C1000-memory.dmp

Filesize
68KB

Download
memory/3516-362-0x00007FFAE3120000-0x00007FFAE3148000-memory.dmp

Filesize
160KB

Download
memory/3516-360-0x00007FFAE3150000-0x00007FFAE31A6000-memory.dmp

Filesize
344KB

Download
memory/3516-302-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/3880-193-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/3880-195-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/3880-190-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/3880-179-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/3880-197-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/3880-187-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download
memory/4432-260-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/4432-282-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/4432-291-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/4432-294-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/4432-299-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/4432-281-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download
memory/5076-180-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/5076-170-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/5076-171-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download
memory/5076-188-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/5076-191-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/5076-177-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/5216-293-0x00007FFAE4670000-0x00007FFAE4688000-memory.dmp

Filesize
96KB

Download
memory/5216-280-0x00007FF667170000-0x00007FF667268000-memory.dmp

Filesize
992KB

Download
memory/5216-298-0x00007FFAE3690000-0x00007FFAE36A7000-memory.dmp

Filesize
92KB

Download
memory/5216-300-0x00007FFAE3670000-0x00007FFAE3681000-memory.dmp

Filesize
68KB

Download
memory/5216-285-0x00007FFAE36B0000-0x00007FFAE3964000-memory.dmp

Filesize
2.7MB

Download
memory/5216-283-0x00007FFAE4990000-0x00007FFAE49C4000-memory.dmp

Filesize
208KB

Download