66a0cd7e450467aac94e6af624096f01e8b8df211c9bd0d77f4a90be385d8673

Analysis

max time kernel
296s
max time network
444s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

thunder.exe
Size

789KB
MD5

cc51616cd326b6e3d32aa6efea1458cc
SHA1

c1d3825c8aec02784d62bf3ddb7b7205be0f91a0
SHA256

66a0cd7e450467aac94e6af624096f01e8b8df211c9bd0d77f4a90be385d8673
SHA512

64f094a671cad8bd955e9f0413fd557a40b50bd9a1d0080a49125aae382e66a5752cce67f13b16d4ad0190065f255592e4c3400e4e6a92c49dc7fcc531d980f2
SSDEEP

12288:DFUNDaSxK20cBcUyPBHQE6dIIykOHXGVd6TR49SQmVOw:DFOayKGBcUCHFgykOHXE8l4qVOw

Score

10^/10

bootkit evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	svchost.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 14 IoCs

pid	Process
2208	thunder.exe
4824	icsys.icn.exe
4904	thunder.exe
856	explorer.exe
1384	spoolsv.exe
4520	svchost.exe
1808	spoolsv.exe
3188	MEMZ.exe
4912	MEMZ.exe
3320	MEMZ.exe
1520	MEMZ.exe
4164	MEMZ.exe
224	MEMZ.exe
456	MEMZ.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
135	raw.githubusercontent.com
136	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	svchost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe
4904	thunder.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Resources\Themes\icsys.icn.exe	thunder.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	icsys.icn.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\svchost.exe	spoolsv.exe
File opened for modification	C:\Windows\Resources\tjud.exe	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532756972264828"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	calc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
3636	thunder.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
4824	icsys.icn.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
856	explorer.exe
4520	svchost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe
Token: SeShutdownPrivilege	316	chrome.exe
Token: SeCreatePagefilePrivilege	316	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
316	chrome.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3636	thunder.exe
3636	thunder.exe
4824	icsys.icn.exe
4824	icsys.icn.exe
856	explorer.exe
856	explorer.exe
1384	spoolsv.exe
1384	spoolsv.exe
4520	svchost.exe
4520	svchost.exe
1808	spoolsv.exe
1808	spoolsv.exe
4540	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 2208	3636	thunder.exe	87
PID 3636 wrote to memory of 2208	3636	thunder.exe	87
PID 3636 wrote to memory of 4824	3636	thunder.exe	90
PID 3636 wrote to memory of 4824	3636	thunder.exe	90
PID 3636 wrote to memory of 4824	3636	thunder.exe	90
PID 2208 wrote to memory of 4904	2208	thunder.exe	91
PID 2208 wrote to memory of 4904	2208	thunder.exe	91
PID 4904 wrote to memory of 4908	4904	thunder.exe	92
PID 4904 wrote to memory of 4908	4904	thunder.exe	92
PID 4824 wrote to memory of 856	4824	icsys.icn.exe	93
PID 4824 wrote to memory of 856	4824	icsys.icn.exe	93
PID 4824 wrote to memory of 856	4824	icsys.icn.exe	93
PID 856 wrote to memory of 1384	856	explorer.exe	94
PID 856 wrote to memory of 1384	856	explorer.exe	94
PID 856 wrote to memory of 1384	856	explorer.exe	94
PID 1384 wrote to memory of 4520	1384	spoolsv.exe	95
PID 1384 wrote to memory of 4520	1384	spoolsv.exe	95
PID 1384 wrote to memory of 4520	1384	spoolsv.exe	95
PID 4520 wrote to memory of 1808	4520	svchost.exe	96
PID 4520 wrote to memory of 1808	4520	svchost.exe	96
PID 4520 wrote to memory of 1808	4520	svchost.exe	96
PID 4904 wrote to memory of 564	4904	thunder.exe	98
PID 4904 wrote to memory of 564	4904	thunder.exe	98
PID 564 wrote to memory of 700	564	cmd.exe	99
PID 564 wrote to memory of 700	564	cmd.exe	99
PID 564 wrote to memory of 3760	564	cmd.exe	100
PID 564 wrote to memory of 3760	564	cmd.exe	100
PID 564 wrote to memory of 2636	564	cmd.exe	101
PID 564 wrote to memory of 2636	564	cmd.exe	101
PID 4904 wrote to memory of 4620	4904	thunder.exe	104
PID 4904 wrote to memory of 4620	4904	thunder.exe	104
PID 4904 wrote to memory of 2344	4904	thunder.exe	105
PID 4904 wrote to memory of 2344	4904	thunder.exe	105
PID 316 wrote to memory of 1920	316	chrome.exe	108
PID 316 wrote to memory of 1920	316	chrome.exe	108
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111
PID 316 wrote to memory of 3816	316	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\thunder.exe
"C:\Users\Admin\AppData\Local\Temp\thunder.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3636
- \??\c:\users\admin\appdata\local\temp\thunder.exe
  c:\users\admin\appdata\local\temp\thunder.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2208
- - \??\c:\users\admin\appdata\local\temp\thunder.exe
    c:\users\admin\appdata\local\temp\thunder.exe 2208
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of WriteProcessMemory
    PID:4904
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color b
      4⤵
      PID:4908
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "c:\users\admin\appdata\local\temp\thunder.exe " MD5 | find /i /v "md5" | find /i /v "certutil"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:564
    - - C:\Windows\system32\certutil.exe
        
        certutil -hashfile "c:\users\admin\appdata\local\temp\thunder.exe " MD5
        5⤵
        
        PID:700
    - - C:\Windows\system32\find.exe
        
        find /i /v "md5"
        5⤵
        
        PID:3760
    - - C:\Windows\system32\find.exe
        
        find /i /v "certutil"
        5⤵
        
        PID:2636
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2344
- C:\Windows\Resources\Themes\icsys.icn.exe
  C:\Windows\Resources\Themes\icsys.icn.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4824
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:856
  - - \??\c:\windows\resources\spoolsv.exe
      c:\windows\resources\spoolsv.exe SE
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1384
    - - \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        5⤵
        Modifies visiblity of hidden/system files in Explorer
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4520
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9ee1b9758,0x7ff9ee1b9768,0x7ff9ee1b9778
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5248 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3296 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4608 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5580 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2532 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5624 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3212 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3188
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:4912
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:3320
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:1520
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:4164
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:224
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:456
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:4956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
        5⤵
        
        PID:3936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
        5⤵
        
        PID:3440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
        5⤵
        
        PID:1112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
        5⤵
        
        PID:4236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:2928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
        5⤵
        
        PID:4480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
        5⤵
        
        PID:5152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
        5⤵
        
        PID:5464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
        5⤵
        
        PID:5824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
        5⤵
        
        PID:5852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
        5⤵
        
        PID:5424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
        5⤵
        
        PID:948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
        5⤵
        
        PID:6104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
        5⤵
        
        PID:5512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:5560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
        5⤵
        
        PID:6124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
        5⤵
        
        PID:5844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,17081124577126863247,9924860404513970303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
        5⤵
        
        PID:5968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:5756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:5772
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
      4⤵
      PID:5984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:5980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
        5⤵
        
        PID:2780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
        5⤵
        
        PID:1676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:1736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:5948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:5332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
        5⤵
        
        PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
        5⤵
        
        PID:4376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
        5⤵
        
        PID:4036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
        5⤵
        
        PID:5492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
        5⤵
        
        PID:1628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
        5⤵
        
        PID:236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
        5⤵
        
        PID:2968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
        5⤵
        
        PID:5764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
        5⤵
        
        PID:4184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
        5⤵
        
        PID:1612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,15763241188307184415,18316701018367469525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
        5⤵
        
        PID:912
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:4336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:4012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
      4⤵
      PID:3828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:1100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
        5⤵
        
        PID:1208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
        5⤵
        
        PID:3988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        5⤵
        
        PID:4828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:5280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        5⤵
        
        PID:4572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
        5⤵
        
        PID:2176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
        5⤵
        
        PID:4992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
        5⤵
        
        PID:5568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
        5⤵
        
        PID:7108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
        5⤵
        
        PID:7136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
        5⤵
        
        PID:5140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
        5⤵
        
        PID:6340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
        5⤵
        
        PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
        5⤵
        
        PID:3372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
        5⤵
        
        PID:5908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
        5⤵
        
        PID:6388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
        5⤵
        
        PID:6348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9223527613388871751,1459786786227372207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
        5⤵
        
        PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:7020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
      4⤵
      PID:6280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
        5⤵
        
        PID:6248
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 --field-trial-handle=2016,i,1264513695728386432,3480408506313811098,131072 /prefetch:2
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x464
1⤵
PID:3952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc44f4eceh6e9dh41b5h92d4hf7b46548d301
1⤵
PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ff9ed3846f8,0x7ff9ed384708,0x7ff9ed384718
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14102995644866101807,6590315758851488251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14102995644866101807,6590315758851488251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:6344

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
1⤵
PID:6764

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:7008

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:7036

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:6292

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:7124

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3f8b055 /state1:0x41c64e6d
1⤵
PID:5684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$SysReset\Logs\setupact.log

Filesize
110KB

MD5
17f0ed693b00895f358f1efc89e37dc2

SHA1
4c674431e0f26db8ad79a107f18768013b6abccd

SHA256
e02db30087fa439a01c0969936eb5e86aee801367e0e00c423e42c44250de2d5

SHA512
1e524fb3c6bb9a600b07dc4cb68b5a4d184924da3f114929976e3619ddfd19c18964809168c113ae5cca406c2b031a265c46ce51db2cfa8b3b089a0b6245c46e

Download Submit
C:\$SysReset\Logs\setuperr.log

Filesize
749B

MD5
69ab00f6540b8eda3688cc253c1d9524

SHA1
e775f9eec0f15cfcdaada2606dae75d8b2949140

SHA256
44a220fc13acf82a512a2fe9507b92ef7c7e067542bd2ffdb5dcb226b7579ac0

SHA512
e695794fc8699eb787e7174420f346362b1a769dd7c8f2b9a8cda8668bf75f0870a0fdef18a5d9805e610fb95c223ed3ceffa3ae4ae64123696ea635045d47e9

Download Submit
C:\$SysReset\ResetSession.xml

Filesize
7KB

MD5
2c9c47607c2a890448e16c97bbfd4fa8

SHA1
e9ca7cb10c1a52aebba1ac71f56a5c2271a26f21

SHA256
9f9956319d1cf6f5ac94f9cf518d7115570513471b139ce9a63daf6724212b0e

SHA512
2ef9f1b07d9dbf620539671626662f02bce223f5e3b011c2ff52b379e82348c0945e9f6bda9e34a054049d088ba6846035accdef3b20a7a53351039dd66c46ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8455b415baba8c4c04bc5ffe2849eb0c

SHA1
73919d4f1869a812d39eb18fabc32896795c55fa

SHA256
dc1ecd41ef53951e949a03a6c54e410a04b636986163b75ecbc40f99c708631b

SHA512
5900fa3c2f7cb4fe56c2024e75f806686b957c95bb81b68ce64a270e582422e2994e1675524497ca7150d1e5b96f2c136bf0291cb9b2222a0b2608e26a184556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
77c740dcbd95e9e780c40ba7c558cd12

SHA1
9328d0d67cfe0b8dccb9bc0302a335887940ddf1

SHA256
01dea01538f29e9cd55a56711a1557dc31bc8c7e17313ee0af1f91703f8c80f1

SHA512
57a320e47f95433608819743803bc4051d6fa83e2cca0a8de209bfe928d614dd7f0902138744cc9bf4fb78fe2a7c1e85a6c483297792ab37d5624f1b66316a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
418ce88e4dbf4be72f30b99e413ab320

SHA1
2efda5c60a30cdb4c57ec3a1382067de66521bd2

SHA256
ab758410f3c0e460a64b50700ba0198013dafb1341d87ad6f3cc7ec1f9a8f56d

SHA512
ff676bc5ff087fddfb6cd866a9f95429f3789f7ef26795fafcce8a6ec18f0f95f5d53a869118b0035d832e4c4726e16c21dd75c6f8c9a459245dd81d89d4d65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4f0f79511f6afdf25ab9d8a565f2c1f3

SHA1
fc697d075af2981b8e1584126afffd54b04de48c

SHA256
d34268f23fb9c347af4eb0cb8e396d7e624bbb5b49b82804b5b8f7371a6a701f

SHA512
29d9a90fbd7a904a1848bc6f462a3eb23d672de126114987197b531c70101ec0a7b178dfb56679e1e3db413e19f1680e550a7b87eb12de1142303508f23909d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
995001c0b60b8e8a155ef960c716837a

SHA1
35c6f4f73fe7713bf2f94be98ea712b75dc1fd0c

SHA256
6010a314058835af36a61534e350413be40274245721e4700bca64d92d342480

SHA512
98d3d41dd33dcf88e144de4a19a98ff206c195e4fcc4d45234a28862905630a7cb047ad4ab33b0b23a576e6e905f93c001f256ec7749a6bd159bc3b76a9643b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94ee86da25d524d4b560649e26dca973

SHA1
583d7825752bc08761cde7571f17663a4c21e8d0

SHA256
ebdfc1feec97392228881081bcfbeb3ec5de7218ea4346e25b1d44b85a638a3d

SHA512
bc9bd129380eee973f9c28a0ec59b76098fc03d54faa46bcd46ed05f9aa495265f8c645b1e4951d6b53950f1aa4212ccefcfd4f168eb59df6f71a3a7d31b04ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
1acbb8c15b84b716513b56e7883e0197

SHA1
7d37f3d82e03fc9ec4b56cfb9bdd05850b3510a8

SHA256
76ba1b5d556282e6c791a72e877559f4d5591c90cfe3ca2eedf80210a0f4b33c

SHA512
07b7af04960d21ee5a391334b9f5760f8c363b16835ace79ed39e853af9ad51814aa41d9dedee4364d3734f4e860da1420bafe1297daaa26928f08fd61d1f99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dacd0bdeed8fb4133ee9afbc85ff4c25

SHA1
fe2f4632c2d8aa1a038fb67e3d4ea7a89fba9703

SHA256
24c8f86a296be62d93ea2cb167e2a6452f121831c8025c8c3f7a0ffdafe86e87

SHA512
a93cf1a5cfdb4a21c77bb40a42a5d05c011300ae5d296fa4d318e0dbb070966d706127c044c3033d3a922167507db1359f783825036d51c696f52a35f7ee6dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
44e581df3c667372b0d5450f182548e8

SHA1
f39e0e568d3995fda7a6635124332235db17e2bc

SHA256
12c03edfc7f2645bc110e4c44d9cde8c4cc3cf1b1d7cb221df4bb1d2590e5734

SHA512
040bd14164d6961726e5a2bdfa1508709b1df869ecc2ab07bb0d66797d8bfe907f99b68beb32102a01723f0db05c634774368ee24ce92aab6e319f03b5b938be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c421d05ab35cd5ccaedacdebd94eaed9

SHA1
e2f6813db6874ea76293d696bb02cf68fed6fb87

SHA256
5e2a014862f7210aca27e7922e226ee19e3d39cc116ffd0568d15b10955b353f

SHA512
b94473f73d4a778c2d85ad8e6432ee4ba9526b4577dcac831760c70c50b4194f98820558a2a63d31187260e8d36c5080416e654266b11aae5a5d7f87cb67f6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f04732e3f8a2686e2adfb6f1eb88a3e9

SHA1
a5cb3db65224bb6a115b8fb0bcaafa9d8f840578

SHA256
2f365144b55ba1b9e05a67491f78895506b1cb1a2c8419de8c7b9da9126fa596

SHA512
9ff34b44f556bbf54e1ef3fbc2f1a60d4c28b9946132e0ef7ab0c55241ab2f63aabf55d416206cd08bebb7433675084d1a6753feb83ec0f36ba80d3fb1d71f14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8a8375ceebe08e700eb99cf3a2a267e1

SHA1
b637bd0ad9fc0a0413b44406829cf2eb95492edb

SHA256
f921684dfb75fc09d6bb550664d653b73ef3bef4ccab6c242fa83ae5ee386788

SHA512
e5a56bbfc80663ec76e2c93eba96ba4d48cccf87d7689fe5eda50b8b3b1340deebaa6d2b16ad926311d866f56c14145d1343b146c0548c2d71746e74a6664298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
170c4dd3d5ce17b1e862b5bcabb70ef9

SHA1
e7f26e44bec57f0f49371db13233d1256eedcf04

SHA256
a54b6931ea0bf59d6f5cfbc0b95b21a8d807f4b0a9f4ea600118418eb42aa982

SHA512
6d702568954eb1f823999168cada654755e1890225319f86dc187364899f6f9186422daec76ca31d40545363a3425673f350bfbc9944d8adfcb54d3bbd8a7080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fd015c41ce4df2323f90c28d498489ba

SHA1
7811221e1055ecb73c284eb821a5fbbdac05a1b8

SHA256
4b0d35178b877ef61b87a51faac601eeb63ca475d81a13ca0255f8d7c9aee353

SHA512
cbfe7d8073d585f01b776e8f4112bcfda6b25f6ef53256428dd938fedbe7f842149086b0413ddc2d908ead67c451515d365b3a432e63161dc414a20cbec5a033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f4e8bd75847658a86b2e864bdd1c6e7

SHA1
59acfdfe677ef552356a03155d3c56d97f29abf4

SHA256
2f646f3b56fc30fba72e586902df90a99622fa62a451d75725dc715dd9f8ab87

SHA512
9e5b6f816ea7a11399469261503827011035d3dec11e75f93e7e4880dafa91a2a6a0489cf4d181f6865335af933bab9ced435a81d884c488b5582f04758d5763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a29543f76f08dd4b39bfb6e9dcdfa4ae

SHA1
faab7245e5ddac4f561f514565bdedd3b4d5d628

SHA256
e149f83417895e104a2598efaf3d0616313fe1bb173ce9ecc948bc4f205dfd0b

SHA512
21807d57314160a6dc838314a2aaa595d7d567dd0d5bb3d484ceaf64dd51efe67ceb999672776cf3965a237fe3be227cb4b26ca1bafb00611b7839b0c15617e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d8d45b4675b7396dd0e1d7c49471eed

SHA1
80fedf33928b7ff8f56ddf3baa08e5143386261f

SHA256
39da8eb55709ea814f344b421f918cac751253b608e08249483b80d6d77a8a13

SHA512
b2334afd532d7e0ade4c31c18ae7a5aae60d3480dbd3fd874c9ba2303384bc2e814b4de3dfe1a9160101b5410210ecea09e7e865a67f5fbf6272f3465da100b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
503af855fb7b42aff68db7a85879ca72

SHA1
74d2e8d31e5732c027ab0fd81f94cd987af8a494

SHA256
de565d181b235a05aa41201a5944c4a69c73b8632a03e6ecbbc2ca0fa7dc31d3

SHA512
c03d674080d4672480a2c6565be5c6586ad7ffe7df8ba32377b9618d8e8b12d96a95d9e93dd0ccb8cba9fe5421770932126dfe596493babedbb7a280ced9223a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e869936c8fdcc5dd2bd5f6ee81446076

SHA1
de664ec10d252c77449ffa0787003f7df97bf1c5

SHA256
5c4394873128e1ab83409327ae163b17a385ae01e79188bee4a800f012557ead

SHA512
9c55cde5ec3eda31dab9cd26b50e5ae67bdfeade7b40a7c9156b263959e944c36564da0f60e5b0fdc2ec4f1eabbf5e5c634adbab6747dee26001ffc87a3cc18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
dd6dd4f48b511a92cf4dc5ddff85ffe7

SHA1
341d747100255ea93b88ec4d5cd3f1fcd493e526

SHA256
929eced0f0e7cef6eb5ac6b04d9a28f8aca3996c19bd63fb4a9fb55eba1ef17f

SHA512
751a634b6d3296696c282a38682bd3ad21507ab04e82250efdfe1073f167301e85747c43ffb7b9bde90e73609d459fc27289da2993b25864ce4c83d0b989998b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ca5c5eaa02bb6f348c5ac11e588c7e7d

SHA1
68219a937b6c763ba6ada6789e768431cc08bc41

SHA256
e0bb455de02ca1feef912e7c22ae8047fc04a064cf293d46a29cc5c6f0da8e2a

SHA512
3c07d9434d378d2abf678e085e05e33e3d51960c713410489e00b99230b573927145cd57762f9f3d30b0d2f3a94a6bf0b116530ab23a22d8d3f236f1cd28ea5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
98c8c1879f4e9338e371dfd722ffdaf1

SHA1
0be50de444d2d28f0b16343060dd654f9d1fa308

SHA256
bde06e37736c16b41103ac5d5160538e760f54c5ac6e980fb9d60841b266fd80

SHA512
44243a5e911372dfe893fd32a7f1d0642fd1d1965c91ff7a61e031d78439d6b2b640d11a7de769e449b15e1c92c610f4b80692d04711aa3013a9e3a94c3e8aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595c7e.TMP

Filesize
98KB

MD5
c7ca067246126ca4d010a37673d84ce4

SHA1
f38f1d5694b6e6683778653733877bfc56454212

SHA256
0b50066271cd192585dfce09c5a1e715909f06c11dee3c27c3b187526befd6fe

SHA512
63b0a53262c630865b709c60ba70a6ebcb3ea1287ffe5fc0f6d95ba21af33c97c0447d8b27ee7dff0540696501278a182205f1a4283d8ea4cdf9e65de3177e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d829a75e48d99afb0040a2391dfbf7eb

SHA1
6739a4bb4932b0c8f5302e9c9c6512e0d65f13bf

SHA256
0d03e8287092be3377d4135da02f84ab5016e7a4cbddc670f8e6ebc008b93712

SHA512
3bd66452adebea5c5c3441418ec0c9acbd58e9a13b2777c051f8c576df6adc7224ef85aaac93cccc86b473b9fa78e2010da88cdafa2c7e919a7ffbcf954ba021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3624cfcb355c6c7888cfb022b59a03b3

SHA1
8269bb7265487ced0f15c3705188714640d1df3f

SHA256
28abe3d6f18ebac6166dc8dc601f6672a609bbf3d857d4fb1d9e8f6564ae172d

SHA512
70b3510103bbd50779bb464806d7e15e5d3044269edaa863313fa5ea5cc9dd5fcc3d3e000a4b5f2c4b3fde604c84a89b85a1a12ae17797ce3ab80a23f61fe802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1004b2ebce52fb0cbb07fbe5676d80fa

SHA1
3630670cd9a134b58a6e4cc920c0d7a5021ad1f8

SHA256
283be1599176aa0682f928e9528d4c47578bb8f2d9d572501985bb1e114076fa

SHA512
c85db792ecbe31f2318310e3f964c9c56e48758c6da8bccfe7f513c64d87070f4f4c886a0d45271acd1ce48d7780c62ef4d489c9210ddd08b061e3e0ef1c4e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
52c9050caa4268b72f327940724096d5

SHA1
3dd8eca3d80a32f509e215c06773ee86efbf3581

SHA256
161b19993280a6f3ca4dd51905afd27a42776919037d6021dfe2d61a2cd3a404

SHA512
ac1f6b5ead3e6c1ddbdff6b78ac64e5fe762e2ffb200ae66a4b438a24d41d3858e70917e515dabe276fe2db97963b8275e8a4b20df1bd9486a930c714d6b7fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0964defd-4c71-4cd8-8165-4ed85a343dcc.tmp

Filesize
8KB

MD5
a19d73bebc0b1f8700e8a4670bf6523e

SHA1
e12bb1014cd45642f893e025af2b09037f0c3b27

SHA256
735a8b141f0e4864d55731784c0cd51d581db153758885216bf50df053608b2c

SHA512
28c3db4cc179f8452db378a21bbdcf5b3c1bce4504642045fb9663e5e3d375d9d723a6993a4a1f9b3d4407a8b0e5758de01e7cd5a5e37fe7beb5cc8602fe40b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\83038a6f-0100-4fe5-ad71-638e5194d440.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
129KB

MD5
5d832928c9d4c5c3312614207a44920e

SHA1
564ea7000c7d3570a30a80ed5e85eeda1e5b3484

SHA256
554d197c25a7a0f0225ae35e029306ea29faedab1292e49c37a46106a3bc8ef6

SHA512
1ac09db571314867578bcc9a2ecf74e4ff7ea35b0acedb783236ffbde9bdbaec8ceba9026e345449493bb5e0e7d679a3219499315774a3c49e3de831661def06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
184KB

MD5
5c22dcfe9ddada9e00f399debe74c587

SHA1
f4cd8bf5d514a48c8be81ed0727316cc5c3cf2f5

SHA256
89791dbcfedae6f4ffb64f576504247b813c48ff3c6043b19977fce30d8657f5

SHA512
0a606e167a0dc87ce793ff6d90be83311426b1321f6c0f3c70986bbd20feb7edc166449e509558cfdbf634ba5d8e1f8c417a3c5daf712206f2a6637d8eb060b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
126KB

MD5
d96719a9ada112d80f265308ed3f0fd2

SHA1
c05994ece71a55f771e65cd473f915084731f786

SHA256
72bc29abe2511a070b66a800aed496f29e3748bf9f3b33a6c644fdd0c163c45c

SHA512
680e93191bfe76490fcfe029e90ca321e9bae0175e272cae5727e590a0a1e78d6d56a52c0422cd4bc2ef90504480d4e969bdd362dd6f238eac2ffbb019f03389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4345ffe82385ac8db5522a9c12141d5

SHA1
5c081e266311920a5e6b591a705618e4444f7f83

SHA256
b05cc31659081300dc2a46e71f70cc9e6816c4a308eeb8ca9aaecc362e77733f

SHA512
0cc0b09bd937bc7183805b088c4fcc95662095c2ac1368b7db5115acbac0dfe59bbf0301decab8f3534f60911ac7dcdd9a91c949172f398f12e16c7c63521f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cb4e11ba4ac57576e8d34530748f8d7c

SHA1
e7060d66ada1ce17eed4d32a2a7fe995cc452766

SHA256
06f45b038c44865e04138207b8a67e6e38c7c16408655ae44e642a38c4240dc2

SHA512
c820bcfdfbc6f33a9f2f97b35152a100c02ec598af64bd0be262ca424b44104993e134ae35566c7991c033fadd61fefbb8d59db77749ae8c4cbab0f35c68414f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
3b90f4f1d87dee6d68fca5b3d3b4048a

SHA1
0d033ec896dfe51e11c44e4d0bf92f731268df01

SHA256
dbbd1c198d91e580ec12b5d8e055ca78a9dc4cab9b054e905547538da2ce7492

SHA512
ef23c0fec9731b957a3cf54a4c35b0db1b6c0b2f37203f8785f734f4d6004727897b3865fab1e7392c98f16f1d740acb50c253644791707ca0091f66f42be945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1148d10edc18461293a559fd5a71ab5a

SHA1
b59720885eeb26f48b8f668e613343dadb2c8b99

SHA256
d9b245513ab5138a1a3dff83801580cc75f1905483fc8ad01943d1025eaa8577

SHA512
a728b620bdfb89cc719d6763eb9323dc2d953f8c2ed0a7eccc2a6818572b230e092f149e11546843eecb5acc5d41bf394f593ee5be9a6f5e437dbafb17f54685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
924cb5ffa17e89656cfcbe5abeb40cc7

SHA1
15593d90f850d489ca7f885fd4eedca54eb302db

SHA256
226c04c7e236c27b84b9491871ea885ac4d33983701d8d4b30c0bdc8d263c1bd

SHA512
1110c027ea141dd6300acea3e955f225947e8a03021ddd56522e11aeffeba52f14cb9897982433a7603e8fca4686e5d2aef14f357cb7ab270ff5346225905021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
873608ad703805cdaee33f4cf2336e7c

SHA1
859701dcd41a6cab54a3a6a1e7bb27454b7a4c5c

SHA256
e662fdd5af2940f4c9e7771f4395d354e0364ca20537348134f1013c055931fc

SHA512
5f2113a76021d802018f1f8e3ce310805e14c8d133d71d2536cd3aa32fa26fc30169ff910aa86166d5296eacc6c8b10c68b95ba1ced33fa5b95660a51486b162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c4f31b59463589112991d70c54cac046

SHA1
8282c8fac7602971c96f9882bf71934e5838283b

SHA256
cc6b2279de517e0f5d7a78d0849579102bc6030d7cecff39bff74587ad8b6d95

SHA512
7e79e7c451a08680a79f571b13506f6ca4dd99ca2202d2c08017ec6dad8859b1116a3252da71a64dc82c2302870d625897014e7aca0f92f1e955aead86626f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
74705a99bef1d0bb2554ff353914992f

SHA1
1ec995e142503ec4dc6d5bab006d2f5dc1761304

SHA256
119a251b7fba3b0fea470a880c5344885249cf9e659664ce80c6385596cef3d3

SHA512
be328840fc1c533df5842a758e21bc1402fad51dd3619807b8d0a29bbe704eb7b47af958f999a096b0718a0a7c83c8419690375558200145fff354db4e329811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
bf3aeb69d888e0fa04b7804a4bc8f0c5

SHA1
d7e74c5e7858458e88a011a36ac406d6636a559b

SHA256
672bb7537bc8bae61f2285e240fcbb49e335a8c025ddf8a50e6297edd8b2d5aa

SHA512
b29175839273c9457e774efd42360adab55dc4f4e31639357c14210a955434620c393372330c35b07b6abf2d31f4788c75a1603e37925ecd1bdfdb675ff886d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8910c88717f8d941448d8bd252dee4af

SHA1
d222d2f83a9eaa08110b9698d27a6a383071f363

SHA256
8ed64d4cc97aeef61c9b5c68d7254a58a77ce72643c1625ba8321fb6988817fb

SHA512
28af9a269d96a372074bfe35d6c83d288558a080fca99902ef8913c45cfb8dc5da5dbfd6fe763078eef66165dc7af6c940149e9c41250d66c952e61d181702b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e5aa9bf4c7681001941b8c77926ded1a

SHA1
2876ae1999878ef1257d6605a271c0c318686756

SHA256
3b0c77f1234c08d3b11acccd0e4f78ea0e9b8186dd355151a60b745e985787ac

SHA512
7fc093c9fbc9521abbaad3288863577823275f3fc577644bd95a1233b4193ab0129b3581b31d9edc2114cec7167bce14771a4bbdc1bee656f8fce13e153882d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7d32903d5de7539ab58eac4106e15cd2

SHA1
7b9e027d08875089e7a6c2f0762590b990349e0b

SHA256
e46184170d8171670ae9eb5dc0b626428bd1d726cab4530b04b7df1e40e26a6d

SHA512
80c9c6f264d0cbfdb3ced23b50724b5a71da827081722ca397aa0e553fb9cd51ab2dd3e96d6380f96bb8f7f2260c1f096c42f5671f8260eb7a40482f60caaae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb2a27e0fc2a0304f1cc62db5fa8edec

SHA1
bb7132e86b1183b796f4c1a85763d8d25a48f854

SHA256
7ae65e6e935e1dfac97d07f2b7045abbf01514cc1f90c3ec74ef28a824867b12

SHA512
4b34a410b11db84756c02cefbd3931670888459c9097b6d25d595a838cf58fe9ef6d152da551f316532db9dbd93d4fadf9826ac7b9bcad78b986b7ac7a9d6204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6066d376bf5710a58d124cd8bdbb9c3

SHA1
037653b93ba017ac3dc06579cfe66b75e87c6785

SHA256
dbf4aae6cd4ef751aa5c1777b0426c26c630550cd88c9b64795ba79eaffa99ae

SHA512
b2960d0517537cae7a50aaef68a433bf30bf7ab542b83df1a25d10e2a66b4ebc57f5ed2e3849d1329e783c36c7dbc17fa780be72c00ee054bda598246d7587f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8cd489dd212955b9bc110afa2c3ec7e5

SHA1
f72dfbe69df53307cf2dc7949baff83a80d74d9b

SHA256
f4d7fc3697bc41378b27a2315c9bb19776f39ea89bbb23f539507a141e09616b

SHA512
079ac7d59d6081c629d9cdec1762b319ca8a3c536cbde1ccc6ee333d491bfad27ca3221c99e6b0ddbd813c0e5c335eb703f93692d48b882348206cb73f720920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8b6b82fe6edad8a9f6154624a28a412

SHA1
b31e30c0266b300bfc9ac02612c2c6ad6837039b

SHA256
a05af621ec57a3b6a0ca00b72869d3038fe57b9d98772789e681b5bab71c8998

SHA512
9af4c4258e37385397624ba0576235c088c5ece6494a0dd63986977b7ad44c7d8d7aec790cdd7ec0f5add6664034ace0dc6a5e4423af0c61a64421a47e0bcadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fadfdaa4599bfbe830abdc668cc2e60c

SHA1
e723139770b0dcc6c544d20e9e30a866f4d5d5fc

SHA256
6b9e34bf75861ddafcd967cce8b5cbb8957ed69c8591e0278afd6e7814b0cec5

SHA512
1e39a6ed8a226361d92788a89b2f3d496be8baf9a50cfb95daf373d8e4a8a554b6a3aa339a63c020cd060dedd0bb3cba9ed46a93de953f664df433408fd909cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bce180610c012560c728e6880c9a83e1

SHA1
44dcce6b9d4f8a76b51cf20317feb1585829bb63

SHA256
bd5e7dffae947d732f6f41a06556e6edea9901bd817766e680346516843f78a4

SHA512
1e8afe4723f88ae731e4a2aa024a58306e0aa9b4c4723f1a19edb6f3be358ac0d11b64fa877f65a7dbaa57ca1a422f006f008b72d43a9c2ca82df15ff78d2921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
254b607b37dea0340697bde2d46e7ef3

SHA1
b2f0e9d732d8d83b267ef9ab26085442a72f5156

SHA256
2abbcb74e6610a0bf562b747d12c6456f3a915a741539447a4a1a6b43250e519

SHA512
600be84d135659133645a22a73a33fdc64d8328221a7e594a3115d23c038f963256578de958f75e577300d33cc52e689cf5b4ba587562749ca128822d7019d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
038640b3db40193437a811e961130600

SHA1
cebc0c2859f30b9682b1ae4408d55109311943af

SHA256
991ffe4bf9fde4d710cc4d37e5605cfee7c30c861ae0b0a07b946f513e95d61b

SHA512
d5f67ec34940419e640bd7c307b1d5359d93c2b2bc5dcf46bc2b5b58d5d605edda077212613c6a0e6e58fff6859fdfa03c42fc812678ed1604fd2aed8b39e3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38bbdd58046dd7cc5471ed0ff82d5255

SHA1
e9b4ceca39423507bb1638f9c57509c7e6eae207

SHA256
96cba880fc8a9aef20c4cd44b867d43df5810361cdb4ddf6eb790aee9a5fcab1

SHA512
77eba70d0046412dab29f45487d1652effbc13760e20a1903053705002075d5e4a0feb0258b86f4cc1ce81f1e478fc2634d600eba0fe4ac8de91f073c4a3b9af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
46438ff5f91b6a0d7b220809db29de43

SHA1
aede654ab7eefe1b3db72facbb7bdbf2351a233a

SHA256
1d22edf076c35cbca0d79b0c833ab9dbb5b7d4fa8de0cb26351bb5dff358dfd1

SHA512
054ee95af979f2049a330276221658240334c2ad27df7545baef01792dbcd91a7b88cba57032da049d340ee24efd04909e00106c0c4e1215a50747d094627c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
60b74e917ef006b51ee5468199290471

SHA1
bc9cd3ca34e1c5a5e2da66f04a6039f3c413d504

SHA256
4825f148e00b2cf55672fdd19b43dce78df34947b66d61fbdbb5c6688d1e84fa

SHA512
0a7708f3dd46db62140d023e1aa8b30cf8dec2aad3136393e241a1063d6027f1bae3d7c958e7584c7ae525f788b5e14d5b7db80ee0479a3e220aab60c3e88386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
450d0e2d94a02cc95fd00ae5813752d5

SHA1
6fe1e2e8e3aa0be4bb9d0df9b9153cede6ec43dd

SHA256
db1addadb4d51c6c877f0c8504baca7c7825cb31ec4b6ddd820de1d32c7c2363

SHA512
c2e60fd1f8548dbe1f664b5953e60d4f816c58fc046059c13174873f8e2e65a2dfe37e69edc217a586572041457b88c91330ac9c5f9b02d781d1a32b965b2fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2eb0efd2c998cd8878f8da23f5b0ae7

SHA1
f8500e18799f29d8d5d1f886ffc57a8b3977f4c6

SHA256
a42382570af18bbf2dfb0ba2a748965af67981f9d9f2a53e2e26c0746683d62a

SHA512
6e007f53ef1ce24d1ac61249dd6440f823b36347d189972395a7ea15f071a946003dd6f356bd31ea03ee317e17e28c74f60f30fed92d28442f0e4479fc4de310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df47af2652cd4f76d334a69a901c32b4

SHA1
4a5bd9c71301278200a337c69986c6f501b6ddf5

SHA256
01217ff374bd365e1b24d98c16c213339c784bd7b02cb2d79fd0486004c9f5f6

SHA512
25214f54224507afb83f2ceb5a027b25f5644ab66f5d590ce2e76b825c4889e4f9e6390fce70faee4e7342a8b43b6c08f2ab6d41e1165bf7fea5ff5629371af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a42eb911a16b4bfdff1eaa4f88ffed6

SHA1
e37d6dd124b38ad66f3f8489154214c5595f81e4

SHA256
a3ba5d4620325b62434becdd29c91190c4f1539d478a4017f64f9ef255846a80

SHA512
8b7de8f2ffb1dbad17004470b3b2f8f3dfe60e6fa17baca28531bab56cac3bfba86949b1641d5a816552ddfebe5d8a68d9371ff35280b5861ffce63aee558bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca0cd2d9ef418a32bb1cbef22e70dccc

SHA1
2b7f263660fa958c0f735ecd3061cb4c38055a51

SHA256
db3c56c8eee76f7bf3ee868aec4e4a03dc2938b60741b03e31f1c122324a7c91

SHA512
61ed9ebaf52b79deab6c762c9c5ae87808d869991a5df940c38f952d44e542557e5ee812c7bfe02107d361a093db9f602c99b462e548a5597f86c7af1d1209d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0c5691cb83b15ace72d45067702e892

SHA1
feb9eb8f0fff0b02799d57b85e10f2e4793e2fa1

SHA256
fd75dca6fcc265aee5b5373a135dceb5bfb0fe4a4186d991d311977940aa20f2

SHA512
44af084675cc642ad49af9374a98a2b8d1567f545b5cc2af0aaeb4a544744de062959e9b2a4e3c4ed638b003d2dec6d8b0f046d0cbb90f70063b3bc8e6399f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7b3c6b14079355adeef4e97e838ff59

SHA1
48b54cc7078346a7b58b20f93f92b1ea8bf99117

SHA256
35e7fd1a5b9dd3b44533bdfc4d0d7a7255fef0d9e6bec01d185c8acdf801d023

SHA512
e376f093719826c76ec2ffa4cf49a1ebb9edcec05218538b33d516e211e29e52a5d21e381fbf6ee6fa77e432d29ae6a309bc8c6228f80646682f8a44639eeea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b5b7a.TMP

Filesize
1KB

MD5
100fafe313ba21e0d62adc0f45f24693

SHA1
90dec51df64df1c9d976c0f1f477960c977b089f

SHA256
279b66d1d6e801b9876dd309622ca3270634316ac9db659f3c1e421a3bf0b6f3

SHA512
6e427700529cb9ccb5b17d2cc3c72417ef66b827881b6e276437107664a74f4bdb952abc156360629021db287609f44d515274959b66cafeeb29d03efe0e6fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4b536b0-a6f4-4875-9b96-af55b42f69eb.tmp

Filesize
2KB

MD5
a14611d0d3be1ba83f5ec26a46f1cad1

SHA1
6d1790aa1da16c11b4baf204dc597c782075b390

SHA256
03fb8bddd44ec0a4ea591434980a7a16d656be65e7fb5e912df198503817b0fe

SHA512
16f23e0addf04e61872d2bcd09d8c8ceadc6c4be86b293d72ab3c1940185f24a83aa2b43c43b546f5351da08d8c1a9d1ae2877fb9456eba6d37fc0b6173c991e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd5a28ef53c7caa05e4bbbaba20d9ff1

SHA1
b6012fac96bab3d4ff7392c43daf6a2eac9a61b2

SHA256
a2e14ae8e6db1a4107354547a86850e8ce9fd19a1139113902d124d02c02892b

SHA512
6ce4adae2f0a32cdf32bdbcbc8624d58703b60af42c9d315de5b77582f89c4057ae3aa179c822a38214a786ed716782bf3c884fdef6588c3a40aa6283a7bd761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3da4e27762f904f7384e9b9e3db4edae

SHA1
c8a8665c50f9dca2011ee61cd3147a7781a04bc1

SHA256
ef26b06e506bbb8d596c8ef5d3af6821531405a5e8335234830dfb93955e5e4b

SHA512
6765d13d1aa53b25438a54a018b63fef2c4dffa4ca484e4d3d659328002b9865dbc982ac912a0b0632e3cb3b505a2e2595b8c2665baed652b58f15e19be57378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
edfa2e76ebd7af29ef111ea18d0aaeb9

SHA1
b0433313f3459c7f07dc89956ea80bef76524763

SHA256
a92565583774157cf89c8c57c69f633467320721f522e3cf82bf92c62724367c

SHA512
ed50b66b7583aa179ae9ead333c5c0e5f7465a22709f2c0ce6f8aa2cd6f61268343d2c46c539a85e5f50f66c2a168bf31c96b37312c3afc863774f9fd5a36ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b7a2b26ac80033b611ea79adbeeecb33

SHA1
fe6d9ebabad317f6e6f3b18e629d687b4b30629b

SHA256
71cc7cfa6ed8aec7f1efd2f035fdaa9a237dc76f1af2ea99244fb7f355bf0698

SHA512
c796983b5ecbeaad78277b370fe6cac56b658e61ed3f264c4a4a25abc4b164ed82e5af18ee8439fa6d8f5bfe64d34cdd19274abbf6c405a968a7d60b4b8756ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ae6635ff8b080b101a3c6cac18f2f80a

SHA1
2959dd29279fda51fd5950902af472f90bdb1d58

SHA256
54ba291a9b62f17ef8ab3b1d72243571b9296ca67b8281c7c4aac362b72eebb4

SHA512
988cbc6e93ade4c65dbed7ec7a5c7378d2094eaf3062ec9631b62c2b397788cf5c572d3862e680dccc7ed47e769d55646284dd45894c9c216022d3a647e17313

Download Submit
C:\Users\Admin\AppData\Local\Temp\thunder.exe

Filesize
649KB

MD5
de255e5e8178ecefda9ac0617a621606

SHA1
450e2f448e54f6dae8fadaaeb11f20dff0df9ebe

SHA256
eead021690a43a1d5e7d7148000c3ab9339cb0d81708ae44ef82fbbe3d7dbff7

SHA512
3642f2cf1e5771b9d93585d9a308a8e3f316f14aa41e80ae9fb48da1f6f835a22f30c4a6a05640e8649aeec19d709f869b5cafc707cf9498ed96ba0eb19fa67f

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Windows\Logs\PBR\SessionID.xml

Filesize
106B

MD5
9665f6dcc1578e02bec166244316289a

SHA1
41dacc825c0c1d9bd04ae14e593349c2678fc9a4

SHA256
6a820e77fc22faba9da887f09b3b62ab137d1525c1b17d5b592cd1b583884f06

SHA512
327a564746ae304e57b48cece974ac4a558810d4a8bb476243f2036940b1746e43f5cc6ecb6e79f15c69f017d69d82f8a7d58cacc2849f12c12fa88572b47616

Download Submit
C:\Windows\Logs\PBR\Timestamp.xml

Filesize
42B

MD5
be643d1cf9b3145d6de51dfeb35dd618

SHA1
71fdc73ed7418f095717bb305b05992cd95b9878

SHA256
ef3fe593b24863aeda89334653d99225da03cabd2cbfb0a3ad85e37da455524a

SHA512
dafad86a15b9b2b8d049a10f7fbb98b0c6250d0d922dc0e93dadad650f97c6370643490c8bfa81c6cad8568fd33e00b780548606a687eba78dc68c9d29c47533

Download Submit
C:\Windows\Logs\PBR\WinRE\bootstat.dat

Filesize
66KB

MD5
3c08dea20e350ea34f7309e856576428

SHA1
d7a048ccc07b4d16afc4d778d5601a067fb151b9

SHA256
b7bbc3f2463000f52eadcce2e262512dc79bbbb3355c62c734f18db57e0fba82

SHA512
1c1cdd554cbf98dcb7358808cfa2682bd09a596e24a3708ab73e379e5f8ae7dc394b8e88824589327e2f67487ca19dacba9e3288993e2e92463dc32aaef67f9d

Download Submit
C:\Windows\Panther\UnattendGC\diagerr.xml

Filesize
9KB

MD5
2583b2eb3dbf7bb47bc8790f6e233a4f

SHA1
7b3512070eb076f26f52ddd8e3b521d18b16741a

SHA256
589bf8286173e0815247f46c647061f712876247ee934616d3fb027a85055670

SHA512
4a02d2f0849710b6856f081d44eda6aeaaefc961e0d48f09784bde4aa99b3eb29d66bcda1b37b1a93f8ddb4239e49065636561d9744df7b535fb0b7633fdee75

Download Submit
C:\Windows\Panther\UnattendGC\diagwrn.xml

Filesize
13KB

MD5
fc3bbb2f85117d9e8973eacb8a891ed8

SHA1
7a28968d58b22c446e6978e7ca6ec7113c3c75ab

SHA256
9d34385ea58ab7761cd58216b111d304722c84b22f12056b848b853310688e54

SHA512
ec2f2c311521d45cc9b37ce12173dd46b913926358b50e3ed5116252cf632c7c887890276ff8b0927880d930f6226dc00120cedd3e2ceb1708dd729b82792e18

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
139KB

MD5
5466beb39b756d93037bcff97cef9138

SHA1
574b94080219b09b250d3b8b9c0497015f7393cf

SHA256
5062dfcf5c4e90af42ba7c260d312174218463b9dad110ac551de648e8134f44

SHA512
d8ad9d5c6608b54a390d14590030c8c0f671966c2d589a0347472b631553070e84865e2c8323712a6509ce9042fba5629d1e3aa3d79ce67329294e73dc2bb2b8

Download Submit
C:\Windows\Resources\Themes\icsys.icn.exe

Filesize
139KB

MD5
bb5bd3b253252da7def924718baae20d

SHA1
8de9b4cc14771bcc0514a0e720a9f40313b59c7a

SHA256
22befb35b20ae37a33b06112481367c7a705945c8e633d760d9d43ef7c451efe

SHA512
6208be7c17e217ef5cc509150ab2106417a605c05f1579dc77a013ff92183ffc04f2b07c445dcf94795abbf03c8e1e8d881057136168be04dcdc70d60fd72b98

Download Submit
C:\Windows\Resources\spoolsv.exe

Filesize
139KB

MD5
85f59c3c0fbd5221ef9193b6fbfef2e4

SHA1
6b937fcd580ea6b3d36d039b7a303be654d77a06

SHA256
e705aa60bc5206ae481c2c1ba2c7563457a36b66af2504b4e5b03047ed222df4

SHA512
a4d3e49781a77d98eacdc9ef7eb1be81e3ac3f253be57ffcf9809fb7d486491517ac747551a8d3b07fe9b7314ed08e741c54f8037faa5605771069a9bf2a53b4

Download Submit
C:\Windows\Resources\svchost.exe

Filesize
139KB

MD5
8de718ba5e81f1874a2f0e900145ff08

SHA1
65fe9bdcc2b965054dc73b66de1be2bd32a5be9b

SHA256
52a53aacb4653d9b61968b2095ec131ea4ef4795a9ce225d84e9fda2db26e71f

SHA512
fcd0353b2f74bbe03ec895500fb2daa029874141ad29fdb30ca919d8a6529af8754008339c90183ccc5f2d279b9d92ab965e8685767b67c2da89f2d1d60a529a

Download Submit
C:\Windows\System32\Recovery\ReAgent.xml

Filesize
1KB

MD5
d1a397ee346d209360f48cc0a1a745ac

SHA1
b607b3ba228a74de235b377aa7da720fdcc4e925

SHA256
6d229239bc8bc4aa494cf82dce59e0d35cc667e96e872e110caa6700fae55123

SHA512
74dfa65550ce7700f87caeec50124a6d5203b2a561fcb591f7a06ed62f9e41957189c5dd38cec5c333ed6cb7a6739c853e04ca248ed9acab18b982d23932837e

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
4f5e9584784c86cd22604a937ca3ae19

SHA1
0eb0c2795bfc5fd31a4a9de635c80393a81d4fb8

SHA256
1f7eaa59996412023ebacda41049f2bea76c212a21abde3e163f6d8fb547a8cd

SHA512
804ec929963b187cd0415855a607106aa50c100a78a43970af1b88d54560039a45874ea723bf1a08e17ed1d98f0b22f26a6a7c2a4cf9aa4703f02c0dbb6e2627

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
46709d9a1eece117d4af904aca656af9

SHA1
6fe15c3dcadf9b3cecd2770474b8ee7ffd9d2171

SHA256
953a852b31a060d456903413de39b1dc3f07e557a966d9fceeb03b855958b454

SHA512
eb194a0a617e84e50fe8c36abcd389be88986c9dad8da0602112e0f0f5109e377f1ca251ff14c1b95d2a00508b7c932a07bc3a2036d23a12177604649a36aeb2

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
0750f5f1a61874926f0ed1c9c73e3557

SHA1
e320b755f613305c8694ea6547cf289cc68ddc15

SHA256
75603ab714a6b300e4da90e02fc418177eb45fe81ba5977799249627c4eb9eea

SHA512
e4c137efe289095616ac25a49147f353465c91dbba23f0ed7d7c90f6c918e66632cf830eb6daefd8e90ac35fcbeea08a6961f880549f5ce81ea956716aaf9101

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
7fcf958834068d73c74a5139a34ff3a2

SHA1
027784e0cd0dda8552024e36bccab3b0022365d3

SHA256
aef920dda7b6d117681fcadc9faf22595ba5ed61045c5c9811179cf057772bd3

SHA512
5f4d79a0f50a3419b354f842c91800a501a0035c3dbb2ee144da8021d8f7b8771b487498c446b6fbb5adfad31ea1069b02561f70ed82279a803aa6b76e14c2bb

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
ed9a565de6ee49dc2eba0817e902584a

SHA1
42e4651bd410c531a8e816339c483048a63d6b55

SHA256
d782342d543a21f1f5f9691197e9f6c632e3f1788783ab93dc589862ad455d23

SHA512
8e00fff2ed008d9c2ada9b7268afaf3318e58c44db01f7071f489e89523fbdcb9015ba626f6242853f08f9f5a3aa7f34845dc7039b14088a13e23d873ba0ef4e

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
3b9e63ad4827b8ee4237ea9cba8c3fe5

SHA1
2416fecf9ce96cb6a73f3c878f4ab44c1faf1faf

SHA256
739f8093b2ee899652c2424cd9a9e87aeae0f1f0bf2b7ae36c0ab1f6bdf1cfe2

SHA512
d9a41f0034cc8e3a1ceac5cff19b6eb455da89eb60a6b67db5f6e537d9a10abc6d0bf033f89158cc1fc2a755f6df6a5e165e58ff6cd8b571214a7b78ac1c973f

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
527f8e22481f226f0f8333b388eaae15

SHA1
237e074a673b9d93d42113e4ddce1ce9c75c9298

SHA256
1d7b2debd232a922e228e4a43abdc68aeed7f0fead1d21a601a71516dcd782e3

SHA512
9010d787c5e70aaab1686831467d2347796ee27570a91b9c2624afb65fbf9cbe536b926b1458ab42629b81633d8bc5edafb4c1e670ceff26ab5ae15fdeea3384

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
187359c62add25d419785e4cc2b465d6

SHA1
f5e73b7fb6f5c1e96e7016a0aea9ec54c930575f

SHA256
3ec45114f2084da83a629377f6bebf857356539eba4b08900dfea8ed38686eb7

SHA512
f9f52f96ddc50a6cf1a484186c268c0fbbb7c5bd2d46f49ab1e5de62c61ce5100b0ab6502aea6a91e511855c5898068bd38ef136541429b782f4857e59bd945c

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
050ff966f1b78706f0355081f394f7b3

SHA1
0e9242126a45c9a22a0e571b9e4a300bea1f1aca

SHA256
652529082c68f8bc2a8ba2458f1fb8718cac16bf36a654deeec2f51770a50c5e

SHA512
2bf83033c936f51ab386896d9051ab2350c615156ef8572417aaf3595809853ac09d5214aa4deb79345b0b1db1cbb5c2adaa5f5e0ea4f268bc8785eac698d1c0

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
64341c4caf66ea92411cb287b1e5b1eb

SHA1
eea4bae0101ce7df3e47253234cc21fdba1cc579

SHA256
ae1ff47d0b8ca6f8fbd02057e264ed879fe854076ebb693a3dd14fa981f27b17

SHA512
9822518e3c187c09967980d1d4107d806e58f89cf20bd5e745ff58dd9078d0e061f771d14b3c800f3dde5fc0f969d609fecfecb4368c41e9e0d54e2fd4bd05ab

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
51e0383416a5cee332503e5dd09a1dd1

SHA1
62385ad0b4c6b12dffec5593c9da917bec9aeb92

SHA256
515a49a0e85c2e12f67718b5da7cf8d633f529544b69bb3f59506c3b8678356b

SHA512
ea890e22404a6ba6d218f6768f330869e50cc55a74f01b722b34f3f4836138e22f57974ed5e0a734d6cc58d098918a501c7e2865c87735572e58c66636d9e043

Download Submit
memory/856-752-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1384-46-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1808-45-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3636-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3636-47-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4520-755-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4824-11-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4824-48-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download