755367856c3e356c0627f6d24974b30e8235db63ee1c1b1ce603dac7b53c6874

Analysis

max time kernel
1164s
max time network
1176s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10-04-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

make changes to this map.rbxm
Size

30KB
MD5

ee110695930d2acd744d09b4b86eb9fb
SHA1

0f2cd136079bfae4e71d8826cf20330b360965de
SHA256

755367856c3e356c0627f6d24974b30e8235db63ee1c1b1ce603dac7b53c6874
SHA512

0f8bae2f8b9adf214673697c5799db2afe95ae452e23edf05f2224685529aea4464b9bc5a2cab27ccfcef6fd4bcf8eb2949c76dbb9ab7c258414095068b3dca1
SSDEEP

384:pPr+TqZYnUAN0QyDWHCRfNRCiUrme+zSuL87gLxyXX:p4t7N0mC5CiUrme7uo7BX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 44 IoCs

pid	Process
3848	dismhost.exe
2312	Wave.exe
4876	Wave.exe
3600	Wave.exe
416	Wave.exe
8236	Wave.exe
6556	Wave.exe
5600	Wave.exe
5536	Wave.exe
5464	Wave.exe
4796	Wave.exe
5532	Wave.exe
8964	Wave.exe
6200	Wave.exe
7256	Wave.exe
5240	Wave.exe
9144	Wave.exe
7280	Wave.exe
5760	Wave.exe
1620	Wave.exe
9160	Wave.exe
5604	Wave.exe
3480	Wave.exe
3004	Wave.exe
560	Wave.exe
7884	Wave.exe
2952	Wave.exe
3332	Wave.exe
6216	Wave.exe
8480	Wave.exe
8680	Wave.exe
6780	Wave.exe
7876	Wave.exe
4616	Wave.exe
8264	Wave.exe
5252	Wave.exe
6688	Wave.exe
5972	Wave.exe
6936	Wave.exe
8836	Wave.exe
7756	Wave.exe
7788	Wave.exe
2616	Wave.exe
6708	Wave.exe

Loads dropped DLL 5 IoCs

pid	Process
3848	dismhost.exe
3848	dismhost.exe
3848	dismhost.exe
3848	dismhost.exe
3848	dismhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
34	mediafire.com
36	mediafire.com
37	mediafire.com

Drops file in System32 directory 35 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.003	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.005	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Wifi.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\RtBackup	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Windows Portable Devices	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\SAM	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Scm\SCM.EVM.3	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\CloudExperienceHostOobe.etl.002	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.006	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Scm\SCM.EVM.1	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\LwtNetLog.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\NetCore.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Scm	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Fax	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\CloudExperienceHostOobe.etl.001	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.002	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Microsoft-Windows-Rdp-Graphics-RdpIdd-Trace.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\RadioMgr.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\SpoolerLogger.etl.001	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\SpoolerLogger.etl.002	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Firewall	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\NtfsLog.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.004	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Fax\Outgoing	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Fax\Incoming	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.001	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\ReFSLog.etl	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\Scm\SCM.EVM.2	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\WMI\Diagtrack-Listener.etl.007	cleanmgr.exe
File opened for modification	C:\Windows\System32\LogFiles\CloudFiles	cleanmgr.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\MoSetup	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\MoSetup\DeviceInventory.xml	cleanmgr.exe
File opened for modification	C:\Windows\Logs\WindowsUpdate	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DPX	cleanmgr.exe
File opened for modification	C:\Windows\Logs\MoSetup\ActionList.xml	cleanmgr.exe
File opened for modification	C:\Windows\Logs\MoSetup\UpdateAgent.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\NetSetup\service.0.etl	cleanmgr.exe
File opened for modification	C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20240221.140700.583.1.etl	cleanmgr.exe
File opened for modification	C:\Windows\Logs\NetSetup	cleanmgr.exe
File opened for modification	C:\Windows\Logs\CBS	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\CBS\CBS.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20240221.140700.583.2.etl	cleanmgr.exe
File opened for modification	C:\Windows\Logs\Telephony	cleanmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	cleanmgr.exe

Checks processor information in registry 2 TTPs 19 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572539962507929"	chrome.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	cmd.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WaveTrial.rar:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO0F2C808E\Wave.exe:Zone.Identifier	7zFM.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO0F287521\Wave.exe:Zone.Identifier	7zFM.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2712	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3020	Winword.exe
3020	Winword.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
9212	chrome.exe
9212	chrome.exe
4848	7zFM.exe
4848	7zFM.exe
4848	7zFM.exe
4848	7zFM.exe
4848	7zFM.exe
4848	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2196	cleanmgr.exe
4848	7zFM.exe
5564	OpenWith.exe
5252	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeManageVolumePrivilege	2196	cleanmgr.exe
Token: SeBackupPrivilege	2196	cleanmgr.exe
Token: SeRestorePrivilege	2196	cleanmgr.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
4888	firefox.exe
4888	firefox.exe
4888	firefox.exe
8592	firefox.exe
8592	firefox.exe
8592	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1348	OpenWith.exe
4820	MiniSearchHost.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
5564	OpenWith.exe
3020	Winword.exe
3020	Winword.exe
3020	Winword.exe
3020	Winword.exe
3020	Winword.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe
5252	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 3848	2196	cleanmgr.exe	88
PID 2196 wrote to memory of 3848	2196	cleanmgr.exe	88
PID 432 wrote to memory of 3364	432	chrome.exe	100
PID 432 wrote to memory of 3364	432	chrome.exe	100
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 3000	432	chrome.exe	102
PID 432 wrote to memory of 1772	432	chrome.exe	103
PID 432 wrote to memory of 1772	432	chrome.exe	103
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104
PID 432 wrote to memory of 3368	432	chrome.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\make changes to this map.rbxm"
1⤵
- Modifies registry class
PID:1440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3916

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\DE22DCFC-838D-4A11-BC6B-930B57397F21\dismhost.exe
  C:\Users\Admin\AppData\Local\Temp\DE22DCFC-838D-4A11-BC6B-930B57397F21\dismhost.exe {AC0C6AB0-14DE-4EF8-A4CC-11B280658C58}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:3848

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9935b9758,0x7ff9935b9768,0x7ff9935b9778
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5132 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3420 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3368 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4728 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5900 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5016 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3184 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6036 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6384 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6388 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6552 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6696 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6700 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6836 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7128 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7112 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7644 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7780 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8048 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8488 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7984 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8596 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7532 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6692 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9240 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8756 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8420 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9188 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9672 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9988 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5408 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9888 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10052 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10312 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9660 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10556 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10688 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10564 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10976 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11328 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11336 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11480 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11624 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11768 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10972 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11912 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12332 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12360 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11116 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12756 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12780 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=13048 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13596 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=13616 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4480 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=14060 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=14172 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=10296 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=14820 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9880 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=17176 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8112 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=12760 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11644 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=13980 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=14328 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=17460 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:8768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=3656 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11216 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:8288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11252 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:9080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=4756 --field-trial-handle=1792,i,4216349342997453728,12798651311313850922,131072 /prefetch:1
  2⤵
  PID:7224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4380

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4820

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
PID:5868

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\WaveTrial.rar"
1⤵
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4848
- C:\Users\Admin\AppData\Local\Temp\7zO0F2C808E\Wave.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO0F2C808E\Wave.exe"
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Users\Admin\AppData\Local\Temp\7zO0F287521\Wave.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO0F287521\Wave.exe"
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO0F26C794\version.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2712

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:3600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5564
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\7zO0F237EF2\.text"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5252
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\7zO0F23A652\.text"
  2⤵
  PID:6664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\7zO0F23A652\.text
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SendNotifyMessage
    PID:4888
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.0.2012356783\134364739" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b16163f-2d26-4b2f-96dd-3dc650a46489} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 1872 1a964fd6458 gpu
      4⤵
      PID:8876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.1.814855915\1644400785" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a4aa6f5-791a-4628-ba76-e32a86eb18c0} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2268 1a964efa558 socket
      4⤵
      Checks processor information in registry
      PID:6092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.2.1482583238\2073959640" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2768 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9cf3e13-14d4-43f1-b41e-b5a8fa7ba0c4} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2940 1a96a31fc58 tab
      4⤵
      PID:8356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.3.1985774509\603460292" -childID 2 -isForBrowser -prefsHandle 2788 -prefMapHandle 3148 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f909c1b1-7b6c-4b26-b5ae-76731d8efeb6} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 2784 1a967857258 tab
      4⤵
      PID:4348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.4.1914882448\1908685638" -childID 3 -isForBrowser -prefsHandle 4292 -prefMapHandle 4780 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba1892a-19f6-4db9-a5a4-4dad31d0ce1b} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4808 1a96c774f58 tab
      4⤵
      PID:7832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.5.344282286\1949626674" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4948 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3718fe35-06c1-4ba2-997d-053970d2c071} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 4936 1a96c871258 tab
      4⤵
      PID:7840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4888.6.1983229311\993775384" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5148 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a62d48d-913e-48ef-8d96-eb5f0a7c8fe8} 4888 "\\.\pipe\gecko-crash-server-pipe.4888" 5136 1a96c873058 tab
      4⤵
      PID:7848

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\7zO0F298E03\1"
  2⤵
  PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\7zO0F298E03\1
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SendNotifyMessage
    PID:8592
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.0.1076321119\1205898320" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 20871 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ad9538d-d40d-4243-9c68-be9616ebe284} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 1872 2aa92217c58 gpu
      4⤵
      PID:4972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.1.824020283\1058921651" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2228 -prefsLen 21687 -prefMapSize 233496 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16b1a22d-2584-4d62-acf4-f44ee96c6462} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 2268 2aa90c33558 socket
      4⤵
      Checks processor information in registry
      PID:904
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.2.181626051\1947050422" -childID 1 -isForBrowser -prefsHandle 2828 -prefMapHandle 3056 -prefsLen 21790 -prefMapSize 233496 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9c08a04-c95c-4f68-8c00-b295d3618e49} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 2964 2aa964dae58 tab
      4⤵
      PID:1632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.3.858224232\1428085528" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 26188 -prefMapSize 233496 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac892867-c733-4308-b41e-89fb27f508b3} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 3492 2aa93d58e58 tab
      4⤵
      PID:4936
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.4.2038058466\472686201" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4764 -prefsLen 26247 -prefMapSize 233496 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf7c2752-93bd-4781-b690-9a510fcd1555} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 4804 2aa968d9f58 tab
      4⤵
      PID:5052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.5.288482102\486037785" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26247 -prefMapSize 233496 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adb6bf89-e5cc-4b84-ba47-3ea6a2878579} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 4824 2aa98fc1e58 tab
      4⤵
      PID:3048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8592.6.51036608\107303316" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 4936 -prefsLen 26247 -prefMapSize 233496 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {270258aa-6e9a-495e-973c-b5990f3fc4ef} 8592 "\\.\pipe\gecko-crash-server-pipe.8592" 5004 2aa99198958 tab
      4⤵
      PID:5820

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:416

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8236

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6556

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5600

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5536

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5464

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:4796

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5532

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8964

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6200

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7256

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5240

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:9144

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7280

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5760

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:1620

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:9160

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5604

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:3480

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:3004

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:560

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7884

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:2952

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:3332

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6216

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8480

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8680

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6780

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7876

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:4616

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8264

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5252

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6688

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:5972

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6936

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:8836

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7756

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:7788

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Executes dropped EXE
PID:6708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f1aff188e1b01d5075a1d50053ecf508

SHA1
fec58a34364da385ccc4923c015152dde4012318

SHA256
87e7b07fac75868cc2008256b8d8491be63fdab07b3b61ec87caefd100ac20e6

SHA512
436e7ad36b57beb3657aa0f827d27415e7e751ddf1177ebfd8e2c2fe7d2fb3501fcb5a8f4fc16afaa0d8e9e2756585f1e9059cf24cca24272ffa95fd0f85a623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
54KB

MD5
bcd140792a4934762c6034da0680b73d

SHA1
ea77262e2b72fda3409ee848f7fb6e24fa66cdda

SHA256
9308d28bfcf063742f96461076daae95c2b44b71b8ca7a13658ed3d562f9a68c

SHA512
b112b8975c17c0d49da6a48af80a066e478814a81ba72925be7b136e0ae27cf74962e8d4252d6d6cb79ae53569c4947830e4e599c78151516f247e553f08fce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
28KB

MD5
a69ba5fb68ab609d80c17365000b58f0

SHA1
e71bd892f128aeedffdd9671bc765458a4a023ba

SHA256
2bcfff5006b95192b71075f6512b65b2203a31755fe0bb47226c77d328e83822

SHA512
df0eb52c9383736e855adbdacf4b8690087800714f5248549d5fbe822086df42fb5274eca20705a005469fb822faff2a69beff6edeb3383e2f6f4f2d09fd84ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
19KB

MD5
9d43bb045f7444664c73333b4fc58220

SHA1
bdcf0fc36256f6893fc367dac9e4e439a78cd370

SHA256
f9034ce9158cc96e9733081513717b58b14f843d82bc6b06e89e8e421f68f7da

SHA512
fd886e47eb0ba8401db2f8a8fca40a3d046922e6825f200f6cbebed7f8a79d09f8f8f65cbb9a3e8d2eb7e36470bac0f8c185898084cecdde59b4997ac1ac41af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
24KB

MD5
ade7c67086ec296894094a74fd918d7f

SHA1
a047100b5de0521c2667591d11d090dc1a34b9c4

SHA256
d60b1a53615a2728d7e5cd29ca5c7e3ed981b67a6a48a2f97541df1079778d9e

SHA512
2deb11aae78f63cd8f481c2cceecf5dd5dec1a840bd4f151cdb7475df4124fcd8d68981df6fdd253c0f937e98db1a1bde95ef0428e30b3626909aa262b54f4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
18KB

MD5
0ceb759015a6df090ad355231fdb39f1

SHA1
b947749baab5bfa0bee35d31e5a5050d4beefe9b

SHA256
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

SHA512
48a93841b147af84f9419154fb43e23adf7c0afb9328a4427450d82c07220a4f55b08991361bd8cd12a1372de8333ed21a8911bfe372e90973d3a8c166b1e4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
18KB

MD5
f9b6356e32a9b93ae0f1c23aa537f2a1

SHA1
0cc73519d7b7fb4e4268727490205df48bd570f6

SHA256
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

SHA512
b0f81aaed7ae3345c66d39a184b7311b60ec65b08fbd1340e8094407bbc5cf4979ee8ca56436b219dd286e62f03c04e2f58df297cf916f865d8827412d1be2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
17KB

MD5
9ab23eca2a83f0ab5f26b07d51e7f35a

SHA1
2765a911991fc9481f5903112644bd3366d01ed7

SHA256
7219c2a8c9bfeb5203539577d0c5e9661a30f3bfd8b7aefcfccaf22570254075

SHA512
ed5f2f2a2e9c82fbef81bd75c6f6e9cef6efcf3442d3b9f82157a427b1b14273feb2ad2d149dd2e78d40ae10734fe1b99f32a70a288466a5722cb7ee3131fb65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
23KB

MD5
4a1b048127c7eb464883f37fa7b8c44d

SHA1
9f5b89a54b2126609841690e1948c4eafe9fef92

SHA256
d0dfc2fb87a4e0df6f159aea912ea1bb100805439ec654e0e6190e2e6e8b38fb

SHA512
a5911e30f5b149766fb94fdfb0cbc74f316799c7316833a11cd2fa866105823768fc3082e51d0ba9785861f3146b1cd1a1819cf78800f33a38f852b49e894a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b22e39e65cee43b_0

Filesize
277B

MD5
d21b7d07a5dc7f493fc9efe2469f4444

SHA1
f37292d79703500d838a37443964c9c7e8ba7c16

SHA256
afb148b5dbf55e1e7c8d758c230a2ece61c3aba7936ea7afd229d383940e8fb1

SHA512
290b3a31334c529eae419bd623804eac493644a15f0d237e3e5a44f60dbfbae7aa87bb46e8390cbfbc561a2480c0ff2c2fac99ba5ab6bd3427ce19d842e9f448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0fce6ca8f2eba679_0

Filesize
269B

MD5
ca127f6dfec59a6bc8406377c5aafcbb

SHA1
8bd1150f66a618b809de5b458d47f730dddc7dc1

SHA256
0ffdb9be3c0885c3945c9def8b8a0ded4ba57dc6fb98ef20cda48a903cf78ccc

SHA512
c709513000cf973bf2dd5245c0481387967f9b257fd5cfb16eda142e7f796bd6d19ae5917167246cdbfe4a7f346c3900c2c054310cefd336476af84b91d2f86c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\48b5510c4dcd29e6_0

Filesize
139KB

MD5
2685c4fba159fc2e1c55f2fe3a8397b3

SHA1
c3ef879460ffdac074747ea46ea6eb2de06daff3

SHA256
3db82769f7a7a2507ac288652f8c6c885ad1bcee6020f768d37b4c31ee945092

SHA512
884db05d5a6f951866bae40dd6b8d812dacce099ede8dafff1255c9476ff9ef7375e91caec0a4049be23f3a7129ab1145a0bcb3afb0f6324cd400d8c51e1f77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4f2a4fc53fe37c8a_0

Filesize
16KB

MD5
957efd57a09aefe03f67b5d89c386ebb

SHA1
ca57d17467eba0828678c8f386b4134e66e826b2

SHA256
7b1f69a7c41b45a013bee63e5dbebc935523d2770f2a8a02c12a0db512f27c1b

SHA512
a59b9234d73ddeeb809fe4ad62d9c74fc33451804badc59abb9c4a6bf371dbba105a5f0a7ccc5ff21a00df2d30ef264897e4a69909b6d6791bc8ce676d6aecce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8481a75c438ab6a2_0

Filesize
11KB

MD5
6734a3f7fb2ad8617577e02907873314

SHA1
a70a7344e3d49c17a111c0a5b413f179b9f00d38

SHA256
19cbc3009771d90d1e5154e4f370ce10fddc81a44e29b8eef4caabc6782eb385

SHA512
1d27c3eaf050c4185f979bf62d4595e935c9892af9772b51a9416b7eb306aa72fee50d171b081aac0d5a79174f8f2238ee6e029b871941eff53e028f51dab4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9fe964344494aa5a_0

Filesize
274B

MD5
605ef6575240ecc602f13b45b70a464b

SHA1
37cfa24560574c9bcc12d9e8795b4bf7f08250f0

SHA256
1f2793ed0f61b7990121b842a77b2e982346e6cf5eb45aeb4f9461129378f5c2

SHA512
39fae1e5635b5737bd290fd30baab1628377cb1a45a5555f6b07d96802a5c879f1c8a5d9da14be96bdb80f1e34d238fde8d7179e8f6168144524368f227eec6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4a0e6873711cdb2_0

Filesize
46KB

MD5
a49500a177064f4f8c40e74539ac8a05

SHA1
3b70a32ecfbb388cb0c4395306de8e54c636a95e

SHA256
fa6ba3a775a780fa85830e1a75dde2cfddff44b7ccb16cda392b3c3b214e17ef

SHA512
b7292737bebc0d3d57fa2ac56de2ae9567daffda952c37c1c2ca9c7de835ef9c6c803422f5c90700a53d544fc4a0d62c7c4d25babcfb4eb0851e5a4882612eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b3ada8719cb25f86_0

Filesize
280KB

MD5
c2ec61541e60b1ad455e55aa1e57d291

SHA1
607e28326e8f9a8f3668118b572870b1cfa95ea2

SHA256
208673cec86c165e0f26a1baf7bb14e0d6cb3c7e14f787419f92b3efe55fb737

SHA512
b7aa63e359a037ed2697a52c653bf917f5be536a9bcfd065ace11f3e944365db09ae7f069b6b98d0f745a92723d28ea60e828b5817a34ba383c65c6939814344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ebcb174312803eeb_0

Filesize
279B

MD5
9248e96294fddf2577e35477167efba5

SHA1
d1a0d4def102104859c1de7b0cdb48bec9050b46

SHA256
cd07d989a110a8a86af0b6b842039fada3e63d82d39f0d5817f6e593eb483a3e

SHA512
eb2a98424ea5aff9f0293d1b7a1e1b560ba48723ec9200ff58dd0d645a6bdd9afc3ffda85b3c586a192e9710093b6e76d29c878369e332c3398af37ae5368b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
302df139fdd46e91d120e02ae1d9748a

SHA1
c09518010384775cda4847c8b1856db684ac1e5a

SHA256
972a8c30e972478e85fd6dc78b39f8ace799586a2ffd798ab5eef459fec509af

SHA512
79a489c7d82a1bc2b8ea04164f81922f215b4567a7ffdb0b254ca1dd0af8866f100e9b45fe9c3407476632bb7fbe950454e925b5e8b8c082a21d0f0e7bb1db63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6deea63ce665484edafdf8f95417deef

SHA1
afde692560eb2d4b00561bad5b3d184fc949b5c3

SHA256
cd93a36e0b38a86e5348fb0775e5e2790d40bae61d0d2522178ef0c8b543edad

SHA512
fdf0c955a77004720862d60c90141211aede7a7a008efa9f4c87ee50303b6bf1e4190e10f4748d479f94a19548ed1fae76cfd635ce7c58e7206c211a455ad463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
f97c9d62c0ef0018c24abd0b2f1b6b7b

SHA1
b9198f7e18098f64e993de8e839796db614c671c

SHA256
36d205edd4eac4d14182775dbfb1396a184fb433149f3039ac1386ce2c9d0137

SHA512
25126964e4322dd6261cdc163081ccbfefa8da6c160e1640bf0055b4f01c1c3bf2fe507329a209307d47dc24f33f35bcb0a22238703264333fcf2854f7b4367f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
24afd73b84818de998bc7a5e9c0e5e00

SHA1
f071eb8317065535fcbacba93558a5d4c3a1d335

SHA256
37b8f26bc1eec7994f5259ae4f3f7cb8c77351da197e53d9bafa7c4bab32aa3e

SHA512
3ea6bffb0ced1e325b36eccc13b50ba7390a5d7d63e6f15659a28aa5f40aca8c8168e1740c3413845e1158bd9b05a4a000e1726862cdab074f58fd29a710b734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
c491f9c37b0d9fd696f26156f4b8ab5e

SHA1
271aa1090649d3f618acbfe7a8d117c4e4c48867

SHA256
6ce170e179c15b1089ff06ff29558f03044196381a360e9b9eb2d0de68b5662d

SHA512
c1925c2abfd576e6f0c78838cbc6223bc8554d6f2b52079bb302f80c41ef06a90851f0f8512ec343b5b73211f0f9f31c5e55e8d9a66eb50edb65f041ad2ba897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
131ab3ebf08f80967ae80edabfaea614

SHA1
286271fc4f30f0a63e223b9a822a11e75995e39a

SHA256
f1121dc537cd53035307f773a29efd957b28f57ea86058ab470b490668bb87f3

SHA512
8d51610acda7c0b5fede3757c9821e7de57f093794b9733c697978d88b5f74366a14bb0ee75ec9a696843e9f39431bfd5395413dd24d92ad4062a874a3097c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
03b438cdc53484195323c2c96de550a1

SHA1
1198f7ceac211cb0696f4fc9635c461227a44070

SHA256
0a96a08ed2ae446f8466324e8b75bc63f1cdcc789b287e2b1d2da91da3654b3d

SHA512
178675e69fe104ce8699ad31e5d7beeb950a754d779b036ae8688b0df1ea9952ca6849bbcb0ce8f627e3a11b8a9d686b4c8ee02502abf8ff63c144fa574c396a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
37aefb45bf8c392b9903591e8e4a56de

SHA1
5f865d566de3c26ce531832b7324cc68dded375e

SHA256
87f9e058235b7b54c2d8593988b138dfe9ba1d1a1dd1639be43a59e91db0270a

SHA512
bf7a185f067133e1ebcd4f2d66a4989e8e9b7b1e820a0fb65e8541dd25c91f375ea8d98c27e351e99092c457fd4fcdbd8c27f452817ff60a6a458f4080131f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
41bfb305ca1f7aee88a23be2902b2c60

SHA1
d7d8c1aaf5203b6ee5a8177fc8bec9c4b364a379

SHA256
d0a9631d0a825289bf825191c78600687a90590d0936f889a6a96663aba0f669

SHA512
bf8d4a5a023d96997735c45bda00118fe49051fc69f54a905451fbe65fe9e5db23903a164b331c654590940c3a1fc17ea493c88863ed2ebbbdbf0de87098ac2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1578028af26680428e87093dd8647681

SHA1
d0fba7a9616e13b45bffce41b8136403c1ceede5

SHA256
79056d157ae7d20e3bc20b391340451d3b9710cb5e6e47f90aae69812888807b

SHA512
b2b8f390795fe1a5d0ecd118a63684c722a47800f990b018ee28b98196a21190718e1313d43faefe0b0f600a32477f3cea9a73c2bf83fecf8fec245b6dbb81a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
fc70db35720e80aa6c55bc2b0e7bfc59

SHA1
725dfd10fce654f2ccf4ec8d6e575e601850018f

SHA256
8584763ffe66fe1d3a5827c0d65e90e3ce4138bdd85858ef4b182b6ffe0bb5b3

SHA512
6e7b5f65097e9d6f9a17f21062da84b1cf78db8d3fc0030d24cf19cbbb8425951d9c9f7aade926c1659fea936d6bb760d9fd79e4f5a35be8ccb18767428276db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2efd0c43c76db8327558372b44229e59

SHA1
bb8bf8334ba36f6720eb838bf2de382433c23af5

SHA256
6bca4d3219f0f54b904c36170aeb6c1e00d90e45796bfebd7cbc88fdeeee08c2

SHA512
47b5c211efdfa33b8e5dffa10568dd1a37b703b9614e14548c76120a4e630bee5ff25be1da9b77d18e5744ab39f8318a2c00394fada599ab5ad0955258d11b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a13109c4cf062532c4aee96d1911df69

SHA1
762fe397d5e4a5acfb20734de7bd938800cbd5f2

SHA256
28b41162132a32f22e200f2e928e4a2d66ce28229795bcd1dea6dda13643bc93

SHA512
4251e4cf940b1fc015ef5475f98284cec19b200c8b8d6905cc5f4ad2ddc126c48b6b3c9ea03897a00151fb507c0c80eab8677ee26af281177217abe50e49cf5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
882f67d964f781d625221f3829d5aa46

SHA1
ddfc25eafe8bbe0289fca4806c7f4ce533dac611

SHA256
e01eb121a289161236194acef2e03097c68d183d2511d160b78cb0f3c1daf339

SHA512
8c6bf585d5d7f02e4fed7487a33852ee43651de89f787eff42e18752f3a6331913ea87f557aa8613ef3d5a0f8ee3456c63ae97a9a554ff1e841305f690d6be76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f8b0a00d42df6869d2eea524873c7a86

SHA1
eb9d11559585a6fbd81cb227209477933973de49

SHA256
92c6f7e231758bfc8f2fccedef8ecbbe6c438cf2a674f4b82771a8457a0480b7

SHA512
f12ec30f85444d578faf2b8435fc91af35cbf0619868d7cb418ffa4d0a79a78b444aa269b51b83f50048ba7c4a246ef857c5567a2f5c2ff054dde009489122a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a825cf85d87cfdb946fc5e638820712

SHA1
ba9a6ff6a5cd03f53612a857d793dbddd2316687

SHA256
be5cc519fdddd4d37c19f204769d302186e253acc0b4f6ba7912c60baebb95da

SHA512
0a891adddbacd9d0a7b3da698d75b06249f71f137fcc970130ea16ecabf5c969f34d72563c3aba3ce14ce35238e0df12b2d45bb8bd976b31c118f0031bac4971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3e52857bbb059dae2a449095772b9016

SHA1
73d3b00ad14f8ea49c598f98d4a3cf44078e065e

SHA256
8b7304a23deeff4c763b524b8d0ed135b430418aa322a36265bf93dbf86421f0

SHA512
5bd3d702300918501928967bd1d653dbc5a12d21c1f6c64dc3ab847be57b60a5bb17c74e62d4f483d124c08a92f0f8f50ef2c697687d4f9756c5e8689c2e835f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b6619a87f5bf08e0b447e81b60484b27

SHA1
3c8d891d31d23f25c2e5215e98f3b4467776c6fc

SHA256
d154b18aa344d54814db82e2f6172e1fef4840b1d99afd5d887c68f8e7d22319

SHA512
35cac854fad1f47486ec9daca15ad24a47c5f5ccbad4861a7d5491a8c58d1c6f3f129a32d8137c63608534e71ed05cef4258bd3a3e8cf982db3cf2fd60d702a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8dcbea1eefb4efbecf82531fbd106f5a

SHA1
052f7f9aced79cf83d046b761a9290c4d74af876

SHA256
a8b419e089d3e8e10490c36dea9ee4a3bee6269e321eee129d0ef7a09f193ced

SHA512
934042dee3b4ea04accbbb054784c60c1a2a0924154ec3ef97524257afce6d8427c39e92e5713ed5340eb1954d5f8f362e84ecc26b851a95c4e0b0bcf5baca83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abe949ade9c74a119df68dda42890e9f

SHA1
565771db31602593879ad8f777bae7f8e6b5a4e5

SHA256
649e450b110472195be8ce9206709595d491cb65f4f91519a85b2ad4c22543d6

SHA512
94e34f80c6cd4bb92ace50867c6a9c34dd8a24b97e582900d6e0056a4ae6a19ad7a0f1d1856d6d1370772b6f434606702a707abda5b10db106e9ed3561204c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f10afba93576f8f535dfdb667686da9f

SHA1
147db0c4cd43902d260f093cf54676c069775eb1

SHA256
31688cf2680b48be25234bd64e9800ee313ed464affdd24ef687de7563674caf

SHA512
734ba8c26f4f2c0eaa832ebc5c97c0d485a9f4c2afa9f4efb8a68fed350eb99fdeadac5210665d6cc4be372207c317d2ce1a4fcc3611cd6780a27c8d0102400f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
477a6423212ab1ae989f900661dedbf2

SHA1
646845e5fac0aabcb5fd2ea07ae54fa87739a03c

SHA256
3c27cb666a39c2aabbe9002b82b223a61427c8fbe4f95355715aa68c3e148fb4

SHA512
0352419a4050db8f859d4fcc740b26aa0e43667e0dd02ff574332132500ab7011585a04b1b63d85a15c8f16c8baff162e01479d44d48ff35b326a13fe81fbb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a0b0d.TMP

Filesize
120B

MD5
a2d3609cc85c00fb915881253efc80aa

SHA1
7e8a38e4102bfe64421cc77b7d11f1752fd56cd0

SHA256
c77819fb519c6629d4c5b3c19b70683f969160b20f2924ee036cfc2aea918ea0

SHA512
f7550da7a1f091c96c53f0ed2f184ad22406669a7292462be4f65961859f89ece309330bd0d5e5b9d0fef7a7eb257575bd7b5b86a4f013b8e2044f5a5cd17205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
9964326f953bc42cc9cb2869dd850755

SHA1
68fb08323acd630e66a3b2f09e170077d734fc20

SHA256
d1c913fca368f4df4ff2b1f35ea36628e328b607e298226be498382e41ac8510

SHA512
5e5fc01b178ae332eed82f20f85d02cbd7bb3a02846bc13df99f0d49e80386f1cc52b7abf864e3038f394a442f83e84d8ef3574b75a92f5da995b80415e79cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
17d9396cca385add95d58d5da902fc96

SHA1
60d6ec32d21a4341b93108129da236648e03460e

SHA256
600213e433cd7c94014a86446a73be6510754f43802e63e63bc49c7baa9b7a2e

SHA512
f5a85b478779779bd72f8c383b4a35f07e429d0ccec4b0e1d6967533f1fae0d7e7ba84523f1031a16ab925908df5f020c6158b34eeea6f773b70d72a01165447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
36528ace1291897870811853a05ee88f

SHA1
25c071a2f99fd3596cd7b355eb00a431f1dfa1f3

SHA256
079a0cf8be5eee32452943ee12eb13716b1585a79927fb00d08731c913c8f8cb

SHA512
efddea21131d809e8250f8386ca1f8a57756d3bde8b0c9cdc01bd21f5d3c624f4dca5d08a842a43d5af368482d131019d09fea53f193314104fc8318ef094d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
c367b0abb0ee1d26971aa594844bb751

SHA1
a64925f1847f4dd777244aedb1710483ab19df9f

SHA256
18e6cdcd943696798580f4c3c5ae843d8dcccb6451baf16923f5717480226a5e

SHA512
b1fac54f8ae5e0560c9a3ff0d1c2e0bffa66e11f319ac4d5e1d5cd46702886825945843f402d95b536a68fe65ef0ace30b0095dd8eebb8abcfb7e5ab53ca78e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
8d0c46e56aa64343053a181d9f27d170

SHA1
cf4c0275db310bd3a9c559a275291ca96eec130f

SHA256
2787de73d296d0223e72737292f5ac07d073017c4e42b74785589e0b9a71d050

SHA512
5fea7a9b0c245c7c5ec810304deb89189fcaae3c0328bd9adde6a49a9b9119737dce7f6c9ca274f778b40a644631052885fc4766172754c561740fda200854c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5aa598.TMP

Filesize
89KB

MD5
216500df7b790dd84dd2a68aac256957

SHA1
f29675a10a4f46f72ecd36aa61e9e6a7511e5bb3

SHA256
79cf0ff8b67f94ef8b1bc879bf428b0ebf3db19ebd543fea2397cdca8e321b24

SHA512
f6791d3bf8b27a0db0d66750d4ce2eac7d14068e63cb48dd3f1010c9967ba9b74e551cda17a275ad7dffcf16e71510629e076196d46ff8b64fb1a5896ff6ecc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0F2C808E\Wave.exe

Filesize
7.0MB

MD5
a8bd4a6b2f1d00928e61870a5688c13d

SHA1
e17646d5279534f2e3eb0e0cfc8b6c536bc0c095

SHA256
2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

SHA512
6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0F2C808E\Wave.exe:Zone.Identifier

Filesize
315B

MD5
6ea1c2754d04f80df7c1d89dec3c689e

SHA1
7d0418f9434946a7d3bfa970e0d80eaef9fb607b

SHA256
f874adbdef656c7eb33a01bbf3249c5a0be2c9d7b58ccccc33bd7031e084b4ed

SHA512
11737f8dd481b5bebbf35ef041e189e3bb04aca55f549f047aad34e3b32e33314ee655b20022cd53d2ad85f0958f8a71d0998bf635e819987b31e6082354d3ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
384bbe393a14675b7a4bd6e244bb5d97

SHA1
8417beead5d83deaf472f2f60688f737982ef7c3

SHA256
304c8c0dc68eb809ad7d43de10a5fc8381fcea29d6062670b3adb532e86c6366

SHA512
bd58727f7686917a169afec597d665c12cabb51879c37f8d00d959ad7459058e72167c9c3636899cbab136bc4246ea892813a64227140fb9e124cb5d78d44c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\db\data.safe.bin

Filesize
11KB

MD5
d395ff684079a09eee8df5feb7343fab

SHA1
2c913c6896b5373943d4edac8ff2df28e460e0c3

SHA256
9c730a946020c8a58468f1a32f570479b23ee3b15c97549c156c8faaaa2cc1e1

SHA512
6f82e295024eadff2a66cd3d3e2f7b7c2b115cd33add443000c13d9ce445b96af8aeb00443f0d01f24be2187555460bd3af5299396ccdb375ecd3442a1df77d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\47687470-f77e-4781-ac2f-d8aaea1eb4c5

Filesize
657B

MD5
65e0c04747e56484d2266436c4f7e871

SHA1
04ae7861e7b975278576ae297646bba892b5f92a

SHA256
2f5071f99ccc90e7a1e8a957602c5fa5100e65b95e2df15a7e29b1ee6f790906

SHA512
effc2dfeb49b42c4df39077c4a48dd5452d8a028a23cb333f4ad75a9e0542269733de509ea4180a3d8dac8cd981c9b3b6a3088eefea7e6852c4da3add2386044

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\b2ceb5b2-6fcd-464b-9d38-9bf4f450f801

Filesize
11KB

MD5
d54600e48e6be963714c825c5f58a779

SHA1
3e2b889269f00167eeece47c7088c04ed1992627

SHA256
a48921eed8eb6c3519c3bb23c13275666bf65e9db577ae4fcf5c9b5fd1d00ead

SHA512
4f084ec826ba9345c3a99f8b385a903fdf7a73a312e00a43e143c2e273687d6f2f0d9761645aba973c6b09c30f3f1d3611538504a343507ee8deea11bc3d5370

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\datareporting\glean\pending_pings\f556746d-3291-4127-81be-971ddf36939d

Filesize
746B

MD5
a6626649424ad5690ea612f033573572

SHA1
5c041071a8befaeb0b11bf830fd7c440dd01b1c9

SHA256
55b225a9041c4de2bc8f9dfa8bda7c0453ea685247e53379cb4223a9c43f5e7b

SHA512
5fd15864203a731087ccf4bfaee7305af54c0f87dede85e6e404dcf9223b5e6982f69d073b9ac2788273808faedac2dee2e5f8619c99c702d24105a495d4f41e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs-1.js

Filesize
6KB

MD5
f09019aa6e57c6f101534d35fb26978e

SHA1
693a72ea53a5d1704898e87f8296b20b8210db46

SHA256
b50826d33591b068fa749050093314ad1f40750e5c008a41f2cc2f02d943e422

SHA512
013e72823176e87d3e47814ad46185ebab4cea6b1740607ba130f5b66948f831dbde7bde2603cc056449482f6ce6c2f283e1fea3037d19da87d9f2e67aeb1d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
c5630e69459a4e5729c35649bbb06aa1

SHA1
e0dc29cfae94031861ea951d7d9100f4aadb54d6

SHA256
aa10e3dc71e4afa18b8ddfe743499d7ee932ade4d282f7c3cca221094a7777a8

SHA512
19b5270fb38d1a64427fd2c46ab7185d9e9a3cc0f77dc36797ffec7793df215e4b92f1edad16f4457900588c07e06c206b15199cae174f0206326628a32dd97a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\prefs.js

Filesize
6KB

MD5
c421af96cffa8b50018caaeaa469f484

SHA1
54b8b542ece54180b88f776caa896fb729eaec7b

SHA256
94e8a2305f47ab6ecfb870552028b9d9e4e5cf12f0630d1e06463e7c4a2e8088

SHA512
3a2782fe9e0b762c5416ee4eabfaf9fb1d79b91e6d78145ea8c5c5534bcf552753b4b4a0ced690ff1542c05436b527297ca62a79f102d22803651c4bd9a1475a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
e08ef355498ae2c73e75f5a7e60eada5

SHA1
c98b5ab80782513f6e72d95ab070e1ed7626c576

SHA256
d1a98a30522d1bf882574df5ed2793bba5c4fdf0381788babea0846f6946745c

SHA512
a0550e83ecd1cf632b4e54bf43744ee9f7c0a8dfcf9a043e018c00d4ca0bba606cfcaaa469b204e7c9dffec1f79b91e16cd4f1c94ff512c45d3dd25b7174e859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
212B

MD5
29ce37dc02c78bbe2e5284d350fae004

SHA1
bab97d5908ea6592aef6b46cee1ded6f34693fa2

SHA256
1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

SHA512
53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore.jsonlz4

Filesize
916B

MD5
e921f36982c5d99ad4d04ff2d0979acb

SHA1
01c7cc12cc4286aaed5395e020009b2285618534

SHA256
0e88bf9b85845f1d4218da05ae12d769cfb54ef95a6611775a0ad372b94f69bc

SHA512
656ec080d1a84be944cdab43c566afbc0d4e8641bdcd1c5d1076d4de9385b5969c5be3f21def6f51a54fe4c6c169311a4aa0982f808b360652dfc2714494fa07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\sessionstore.jsonlz4

Filesize
945B

MD5
43d6afbd48636d31fcf5ec8d9d7e087e

SHA1
7b0e5b8ff760bdfffa893f43b6c1fc5c9eebcd76

SHA256
b6b9d325ae1cb0953541427a2d17d877a49db2877068d00320bb397f84b9f83c

SHA512
95a2fe31448b7206f6ea31fa13c3fcee505295af2e7c4635558c78184d6a8d78e48c9358cc4126d85f5da9ff447506f97c44f842103af212e185a439026bcb8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zs0352kg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
d4bf0a4f79582addaa24aee9e1acf9b6

SHA1
e924f7653637d452a71d6fde9d1dbaa582dd04c3

SHA256
8a67af92e856680cc7a1940c025337bc3a6574171147e0d16edbea6078126df8

SHA512
e2cc61e15391168c9cd91c16951892e496968a8d2b9ebbfd28a5afea8cb1f04b28d21aa35fbeaa59274fd875923f5883bf8b0a5f0e01d18d4dc27c2104f522e3

Download Submit
C:\Users\Admin\Desktop\AddPublish.TS

Filesize
1.3MB

MD5
b8ff79dfaa586744fac9bc18edcda3f8

SHA1
46765715c748d9005a75655c648ee57cbdb5eea1

SHA256
ad8a5e15e75fc41d6bb1907162ad4373961e6d2019e7437fc7a2d3162a03ea01

SHA512
ce0784b497156db999b77c0fdafdbde2ffb71c4fc6d99cc98c9e1c23d4625c327823d1b153fd3f96dc8bc9486da2bf64a1b48e3f19194a2dc88cdd1d1b35e229

Download Submit
C:\Users\Admin\Desktop\ConvertFromOpen.mpa

Filesize
352KB

MD5
059a008ba248f27172760ce3b3b21a62

SHA1
ab5fbc0863fda5fdb98de67f7489e582874ff908

SHA256
2eed0f84b1d6935d010f3fbac7ed86b4ef381506d105ad1475b8883014b93bdf

SHA512
37b4c9514597056f3d3f80529ff473bc2cc11c067100b3e60ba2eb139d927989656ba09ea867682cc7ef1128b97fa717e9f2cf78b333d00526984288efb03c58

Download Submit
C:\Users\Admin\Desktop\ConvertPublish.jpg

Filesize
869KB

MD5
41e4ffd1e6a168afd6b43bfd9f142695

SHA1
10d26af4dcfe835aba835522a2c0a7bafb206d74

SHA256
753f22d77a4589b58920427aa51f8bb6daf488ca99cb5f9ee511cf76863dc848

SHA512
2a1577b7b02a83f1416b89b620eea5fd9bd48a478d53ec0a03a94c5cc0040a443f006c35465020f6a97e6fad5cb1c42f1fee14dbae650403b86e97e61a9abb2a

Download Submit
C:\Users\Admin\Desktop\DisableRevoke.svg

Filesize
564KB

MD5
44527767d46797cd96189d6183b7ad8e

SHA1
e5959e4877c5d75e7b8d246a72b66cb889e69f13

SHA256
dd240a560ca5ee64388cc1d1bf2d92b84b17f739a3200944d3696606618794e8

SHA512
573e3dd44f47e3084f430a1e84a5a330d3c4ad620320b1790a6d32208706416084fca73f6c67d59320f352df41ee14720bc6052a21d3f54118697a6bc1215737

Download Submit
C:\Users\Admin\Desktop\DismountBlock.vdw

Filesize
634KB

MD5
0df4f3278388f870af5098cba2562bc7

SHA1
efcf83835f18ec44a0d4cd0c9b3688893d332a92

SHA256
60389684a24da8e7e591e445deb92563ee262aad3e501cddd4c228d4efc1314b

SHA512
f8b77cd9f92431e54400378b98fcb48bd7aef593b7f59f03d885a5cb15b2dc2447c580b2f865f724c041f702877b39e48d21f608f88bb92fc48cd9ca6a3f5f4a

Download Submit
C:\Users\Admin\Desktop\EditSplit.css

Filesize
799KB

MD5
0e4de1aae701d66414c1aaaa27dc0106

SHA1
ee0a5bb70eaa21b2662dc94ae213e352522bb927

SHA256
89305336d1dd5dad466a403dad3edb505a0fff8987361d933409c7c6685c2c21

SHA512
ba8afe212240bb4b94b344e54cbeebee7a6f3852c549a99d98f4d23db36b19324e4730a0670562a785fdf19a0ea70eaf8d0f533f0c431233d6594e892dd0099f

Download Submit
C:\Users\Admin\Desktop\EnableUnregister.pptm

Filesize
540KB

MD5
07ec3c39a9f52b5ccf345ba29cc656b4

SHA1
2e3d622bdb2c5ef3779cb20f2fca8b928b64524d

SHA256
d980c6fdaefa8b54c1ac5d6d3eb0c359418dab012b2df0a18ead773739739016

SHA512
e9b2d57cd60dd66a6422a10b5eee3cfaa0e200ae6c9881b481bff37c761c952dc81c9863a618cfd8388351d570125de1beb287a80e8d4b9794f7f2ff24bb60eb

Download Submit
C:\Users\Admin\Desktop\ExportGroup.sql

Filesize
517KB

MD5
ae9a618b1bf7dea1c0c82a636dbea8d7

SHA1
589bbc888c500eae1c72c786656752adabefbee5

SHA256
46bf2b06a88031b555441a87f6f92cc3111f6a3770013328325036946d117171

SHA512
9308d188340173a20e21f8d55185067f5c9e08e909a6cf986ea920c986ade598811d1383402549721c0c9ed761a4e8258fa5932305c7548fd7dfa4c082f2e1a6

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
9a26a4a3493113650c205b517c3fb7e5

SHA1
936a4c3c46246cf81017470416d85ec5ed82b926

SHA256
3e88df6dd0f38dc72deb1d2b93203ca8ff5ae468f07e0d34f913654044d9de91

SHA512
284a3361a87fa178c1bcdd46458b3a1f7464c0315d7fc1244244a446bfe1f993abb4ea41bf4a727a17c43788dd65a193761d90b881e5bc66eb867262c3277443

Download Submit
C:\Users\Admin\Desktop\MountApprove.wpl

Filesize
376KB

MD5
46f76f630e50f8673bb6dafa55d2be60

SHA1
a64ca7459814b39fdee5bf7b5969bdaa4855b791

SHA256
234198aede43515704ce5cb00c7bae52dfe81b443427cb7394ad0a2806fb9d02

SHA512
70959ec623a491acf13a10a092cfb4d1909722de2cdafa43f700478e935ca1cc1c6e96e9934257041983f43adc37fa5a28091eadba480deed4f9dd52b4278b05

Download Submit
C:\Users\Admin\Desktop\NewConvertFrom.ppsm

Filesize
423KB

MD5
39e978b8a2d78e878bae4f6aec9d56b3

SHA1
cb50c05e8cf8cad4e1da635069594d84b534bb45

SHA256
2192c5d466963d0d662c1e4a06e21ad0fb510a6caa99f32e39f66eb66c72644a

SHA512
cfd193e7c2b91013f227233451302c7bfd62ce34e2a46dbd9ec7442bd44c62dced1e7482419920b2819fbefed3b0a43d71c7d45d887589c9209a421dd876e222

Download Submit
C:\Users\Admin\Desktop\OutEdit.bat

Filesize
752KB

MD5
eb8ddb9e4e41e1de98e1bf8b13bb2feb

SHA1
8b448920f7584f595125bd4cf1987c8a81165919

SHA256
dc5cf618bb04128dc3ba33cf7396e4d3ce7abe952e0e53de6781b1aed8d7814b

SHA512
7f64a2ab39a8a903a27e1e98b5567959b566bed1338ef65d5f33f04e3d31e87bcb385ae07ef476d875730a3deceb96f960f4b76a44a7fb5b256734a69496c536

Download Submit
C:\Users\Admin\Desktop\ReceiveSubmit.exe

Filesize
681KB

MD5
0649493a56a140838a3ef2304366f15c

SHA1
671f7e0613f31dd2afcf11b1bc5024d136c84d67

SHA256
f7baca6b92c040da9e2248f6310cf5aa38399f6eddaac7980ebf750355b98429

SHA512
cb124a83f59813822f82efb7f9e2f4f72da4ba5df5afeabcfeed8729840fb54840e4e4b35cbca6337f537ee2dec3ff18d610fa9d151827deff7814a9c8d0e6fe

Download Submit
C:\Users\Admin\Desktop\RequestUnlock.xlsm

Filesize
329KB

MD5
554a7cc19afc144f632aa0efd00261fb

SHA1
85db129470a08b4a2d6be31881fe5df630ff7091

SHA256
c0d2008005e897eab5e329c5c3925a8b494243cab633c32fde891348e3eec809

SHA512
c7c17215fbc013967f9f6f81bbcd79cfe53844ef5bfc2f05c50491630cee66e7275fa6455af11adbf7a087a50d018ea804755639c28fd39b043bd0701db1b89b

Download Submit
C:\Users\Admin\Desktop\ResetOpen.wav

Filesize
611KB

MD5
a0652db35a55a1bb6897d760144c716d

SHA1
db4be62d4c3a4bf40738ee0fc843d8139c33d791

SHA256
346d17049a0c74a0984fd58f2e124692d87d0390e0d17e2bd7c72e278b063804

SHA512
38c876f584c0a5c0db11721f119fecc37e8c24228c0961142124380f4d3ea624d32f917033d89dc9d5d7e371eef8c11711e1b84e3b7d85dbcd3b452ab8452163

Download Submit
C:\Users\Admin\Desktop\ResizeUnlock.dll

Filesize
399KB

MD5
1f9374c8d2a91645b88c1c88dbc9d32d

SHA1
d6f9fb7300cf523c1c4313b47ca3a0303e31f7e4

SHA256
fa2aa0f9ce1b3ffc4ec4395a0190cf5e6885f2819890c5d2ab19c42e076eedb1

SHA512
e896575a18c608f8c19efbb7c6146e4057784803bea45288523f9a2d4352e2edb6015b762f75b6207d88667f6efdbf5ccd12bc88483dc9d80989256ed8aee257

Download Submit
C:\Users\Admin\Desktop\ResolveExport.M2V

Filesize
728KB

MD5
f4cb3dc024681e8f79045bfbf0c0b7ce

SHA1
72f8985660db47b11b7ee1b3ec78618ca734614f

SHA256
9ae63dd7e3303d073733b602b79d57577b06cc100c0f359932aeca215488bceb

SHA512
fee4389cddeb2aaa35d79a327fd5c45c824c27546864d8f9850e0f440ad9ac4209918b1333d10b31b561348988a813e692bbfca18cef667d747226fa5d4b2858

Download Submit
C:\Users\Admin\Desktop\ResolveSubmit.TTS

Filesize
587KB

MD5
155b2b178b818d9d1540fc0cfa0bb2da

SHA1
a591d1efdb2bab5c2613c9b82bd481f1513f614f

SHA256
565971fccf323234826a4df23455ca44be426fa460c7c2dd0ec2b01543cb2961

SHA512
823b70a4f2165799a8b3cbef86184d8310f368a8376cbed5d9d2121ad279f483d7dc971a79768e569f975cb751eede60ffe63b83df2a072df2840c61ba854fe1

Download Submit
C:\Users\Admin\Desktop\RestartNew.vbs

Filesize
916KB

MD5
6b304b8cae75c63b336fc09181ace427

SHA1
1af767ad97c779d703c247cab7f132ae220fd48a

SHA256
57ae5508dbea6539d32ab604d1abefcba40f9e60093e689d8774953a390ef63c

SHA512
2a6a05e4fe31e3a4daceb9ccf2a2d9910a7107c3e83afdeee38ed885202fbe62f4f2252b9b324534e091b72c88ca1774bed3870a0d76d89be83019ac5ce687c0

Download Submit
C:\Users\Admin\Desktop\RestoreRename.dib

Filesize
658KB

MD5
f3c67306eb4fcd7dd05344be1c2eefc7

SHA1
30016dbbc7b0a4aa5cecec648c19e08590516249

SHA256
67d17fe61dcf18feb03dae221d5d531a25f04127de5f6b66495644c8fe7793e9

SHA512
6909e437e04357cb9c592f19dda824de1b05144d3e049a518bbc1f466df5b104e9f13942b733052ecb978e293852994944160279658658885e600b09231225cb

Download Submit
C:\Users\Admin\Desktop\SetRepair.htm

Filesize
940KB

MD5
28bb696776943731d541d63721affea8

SHA1
bd430176d2095b994250cf0547cb9ecd93573d13

SHA256
94b97561df934417e1555b9d34410c7919aaff1e41df0adef5b4f4e916ce9eb2

SHA512
c82662eae567d0d2d0a079068de025f712d0e199959129a73066963d961bc95dd4ea91ff51099c5d5788a116163e513ea6b3df53643340f91c74407a4c1d30db

Download Submit
C:\Users\Admin\Desktop\SubmitTrace.bmp

Filesize
446KB

MD5
2a94a2cfd72aa5c8c4fbb40bda866563

SHA1
59a58464bc4083c8b3af8f428c0771e23e39c8bf

SHA256
a44a93f4a9d8d2352407027b804702d2e97c973fd1340de636b0a8c730b1fb2f

SHA512
bf32fe49bbc4e8236ea83e44eff4d267f6ccf7a35852670cc8dbf340d51628bc8fa1bd7b55ecbdb2483f9528049b05571c4d630ac70f8f3859bd29da53f135c0

Download Submit
C:\Users\Admin\Desktop\SwitchSearch.3gp2

Filesize
470KB

MD5
a790acd41e05928a7fa110abf34c36ab

SHA1
39c82fca503a3e99c99087cb28bcb92b58a6cf84

SHA256
42fa97c7ef8eb72e233b977c201656dcc0d97b2eea7a0630be69c8c29fa2eb65

SHA512
fc2aae4d04363b073ea4c94ca4e9490aeb0ad6c801d0beabae0e2de1cd2fe0787dab927ec7cc9398e6817a86e8447d32815ca5b8edf03f8e044caa3f56d955e4

Download Submit
C:\Users\Admin\Desktop\TraceSave.mid

Filesize
822KB

MD5
6da9e3d67f6eb5cb45362670c36ea1cb

SHA1
c74338c3b7a784b3368efc8b306bccc927a1cd46

SHA256
ce6abd20aaddd3dfbdbfd5902524cd97e1badbbf875abc1d0fb89679caf11697

SHA512
8202e0af56444ff20b19dc9171723a87f5f719f3547ad154c1065198404dd29b3dba998c20f27a2bfdf8c36c387e64acfe48f11cf7d709abc71f1d86ac5681a6

Download Submit
C:\Users\Admin\Desktop\UninstallUnblock.au3

Filesize
705KB

MD5
29cbd2d35074c02c9ff90a580bd2a037

SHA1
0fe53d947bc1795693f8d96d22282be64c626406

SHA256
71a06e2d69e10ee4862e216abb52058da4815e66bce759171a2e7dff96c9f9fc

SHA512
4c3440096c0e568206b06face36fc5917f41ee13851a894ec81f07c3adf054e96bcda72f76d647970aa36a8eb7f669387fa3c336fa23cc068c8a7e93b2f3f09e

Download Submit
C:\Users\Admin\Desktop\UnlockUnregister.mhtml

Filesize
493KB

MD5
4111b569ee9a30cdf4185365f87396eb

SHA1
e0466a9520c9b2b6e587e79698aae1921e458a9b

SHA256
930f4db8b3d09fea8d2852a252f12a2fab35dd0b8337c8a4013052c80641a780

SHA512
dd0735c7cb728edf492b5039f3a6cccc62d619fc16c652343672ee3fd939c5d171ce3c99c2ea9771a5c7b9b9da078b6b120d241d7abeb144068e4fca5d2f9a25

Download Submit
C:\Users\Admin\Desktop\UnprotectBlock.aifc

Filesize
893KB

MD5
0b3f3f1562a914e7b9db8ed423e26de5

SHA1
e39ce2488d56e43f6dd1e0002f962487a02e9a86

SHA256
4b13583c6e17d55716eae696f1e4b61e2fcc5ae265983cf1d719ba38e108f242

SHA512
6245c6998fb4982df0743643772ae7696215bd602baed2c88e5a0c6ba7f586b7d3db920d3637aaf69dc14837e04ef7490c52cd9083739950a5f3282551f74f62

Download Submit
C:\Users\Admin\Desktop\UpdateClose.bmp

Filesize
846KB

MD5
d93a5644a3021fdcf98b99f7411988de

SHA1
cb30f2837e479a8cdecbcd47374e79ddcc775b26

SHA256
1e8656b5460428f31529a63befc204526ec2dea390ef5346e92601e4b561d584

SHA512
d197212594c229c8e7f01192b9cb8cae8720653a13fc557f0588337fcb7418c0445cdd63caea62aefc2a0f47fdf44e84ef5f9cb9f49568187e280b774aee15e1

Download Submit
C:\Users\Admin\Desktop\UseNew.wma

Filesize
775KB

MD5
fa3406ddd573d3bbfee7e20bf97a3e3f

SHA1
f564423c78882c9c79f8ad79a8cd8675df95e810

SHA256
db164845078e4e250884edae21eff22106a232225ad8db840fd4af1eb0b14ebf

SHA512
8710b244d0c5560df39f3bf832f9f048b770b56435cbe105031432bfb253995214c453680c900a409b1a9d3f83c73c5720779d26f869889de39351d03a73f775

Download Submit
C:\Users\Admin\Downloads\CompareReceive.mht

Filesize
546KB

MD5
1080ff8d16ca1c5c414744948e6fd05b

SHA1
95cb3780f229433e5149860499b550060e6eca63

SHA256
d46f326f458fc9c0feea0fd0f8947955ef8a8db3309fd9b4254e481037e7af52

SHA512
f28884ef28cfc8f6cf6d715d10ef879ea8f5123cb48f3447c4a2e2b51f3f971cd10ed5c49021dd4de59b8759240c4e01f2f1324a373a88279f4e028113c7421e

Download Submit
C:\Users\Admin\Downloads\CompleteRegister.vbs

Filesize
770KB

MD5
7f493ed53989d6ce7ea46f735409074a

SHA1
688d07d14297f013014d751fb03992310d8fb6b7

SHA256
e2efba1492e8e73a4c0bc74ed3c891dc753ba60ff38be84135f98e6e80081198

SHA512
255c68d73e98483a6131ae71effa5ca2b442453f80b8ff99410848891aa7d64c685fe4fa56fddb429de33c085093f3062ae014889120a5ddde004b002b3860b9

Download Submit
C:\Users\Admin\Downloads\DebugResize.mht

Filesize
785KB

MD5
046d9a8a096eaf761c7c523f08a9e9f1

SHA1
91c724bc3305009f38fcef2cf5e4887d0c22bd23

SHA256
cf09045ddf261a8b6966261bb993711359e34676f83cbfd3d10bbc70f59543fa

SHA512
929e74c5ba1704223f7ed32045473353a85c04b9063bb2535d95fc5630c5bce407fc18edc2b7b1a5be9fbb21a3bbda5b99580e9119b552f84e8a7ce6c381163f

Download Submit
C:\Users\Admin\Downloads\DenyWatch.cr2

Filesize
740KB

MD5
d3673b87505ccf37b06da9435dcb2434

SHA1
0cb57f78ca1e156b26f14d329746106afb759fc5

SHA256
cd71ddb2cfc831223663c547fd58330b217c3dfd45f0223594ae109b5a5d2b37

SHA512
920ae328ab35c4421021e972133f106223dbcd71f5ce53c58131b1120d6602e57fd3ebc19c7fd9af490a71002f6b712fc3520c95cafeb327c453cd3addf67913

Download Submit
C:\Users\Admin\Downloads\EnterSet.tif

Filesize
531KB

MD5
c459c4ac1e927d681b96a7b6ee48034a

SHA1
56cbc7fc4422b126c058c20d339d63cc300bb6a5

SHA256
e45f6e98baaccd69c7f6eb6d6c132c571fe20bf9711e93d968b530c1d6013113

SHA512
abee6bb950ac62c0acc0d9827c8d3d71f8dba41a66ca480b7c7830815c189928240619796560fdc8309f73968361f8f064cceb23afa39744122160cd4b28346d

Download Submit
C:\Users\Admin\Downloads\FindSave.ppt

Filesize
650KB

MD5
9cbeaddf24047dd5d6e20ea11e2ee936

SHA1
5f4d7161546fee5f528b8e14bd6b946055fc5652

SHA256
89832523b18746a7f347bd41f49dcf619e1333970ddfad20278cd95471ccc905

SHA512
d263cd600bc18c3c4f13980f95c20b5ec7cc1de11dc769bc35b7c28e0c524597fc081f7dd3a7b4c44135f739b0662c7029c335e87185d892fc90acd3d2a4a70c

Download Submit
C:\Users\Admin\Downloads\GetWrite.mov

Filesize
605KB

MD5
c29f4a66b7e868d0f4524b620d648fb5

SHA1
3e37fe58c689650bb1aeb96708b43b5ea9ab3432

SHA256
b656227a2b9e063467ef9ec9f01630acedc713391e816b2df42072937599d222

SHA512
b88f15c7b2834e1f0a7bffeac3127f3d5bb330831b9c955f22e29e8ebd50119d7747966e1d851d13e3a807cd36efc6cc9749f5b9f9dfb40893d04bb60295b841

Download Submit
C:\Users\Admin\Downloads\HideRedo.mpe

Filesize
396KB

MD5
0ce35323bbac4bf668869131e3d37c0f

SHA1
98ebdaa10be94f234ce8b75c1dffd9f5840427ba

SHA256
04544cadfe8f92b7fd37b28ff90fb3fc924e7e3bdca8648c353086500bc7e6df

SHA512
7b1cd407fd711c0ea33e396bc8308681009135a5254b232dda0c5f1fafcdd3e94cc987f8bb4257d9c3b57e3cc2faea241dd85984139a64aa3cbdc18fd94df5da

Download Submit
C:\Users\Admin\Downloads\JoinRedo.bin

Filesize
635KB

MD5
e7f7e2a4167faf5a02b3cc09fa13bb7c

SHA1
7daf829a83a7604369ac2c365895a4bc7dde7175

SHA256
698b74843abcc154f0a4ea01bf207825f37a937dd63b8c8a61d1512f8c61d7c3

SHA512
411b5afb33726e6d1ded43e5abc7da8a3603c1281ccd0700a8d1a80819a8c5661c87b3ab249df2cd0462082cd5d019ac0ca7d513d1ee22f08f6d2defb109c3e8

Download Submit
C:\Users\Admin\Downloads\MeasureExport.dib

Filesize
695KB

MD5
0cc0d77e67b07ac8d7ea91a1eff5dae6

SHA1
ce82b3f453033a6093d9f8cc6cdbc2cf65112645

SHA256
74fcd4e677e24c01bee2dfd363e7194d92376e01ff90d5a93ab1b4807114d858

SHA512
24e3a7fe72c05720bcd73cd0c8649d8203a8fceb3f838c561e5e9d8ee4348e8893e045f1e78061dbf21ae55da1e9d7632b399e6405120dcd5c5931bb2af3bf95

Download Submit
C:\Users\Admin\Downloads\MeasureUninstall.ocx

Filesize
441KB

MD5
cba651b96ac96187904d72dbd7927157

SHA1
06458dbdc558da476a79f1cbb59c01a5af186cf7

SHA256
0d84931610cd8568805750fbc8fde9455531cfdf8bae57b730743e91ee62e318

SHA512
62458ce7b50f68a1bab4fbf28d42c281af7fecc909add935a7d433ad8fcc1da374c2efc0b199c3434e6d805e4e7bebb1ec57cc996fcf8905a9ba5f1dc58c4322

Download Submit
C:\Users\Admin\Downloads\MergeCheckpoint.cmd

Filesize
560KB

MD5
8af230a7d969179618cd698a05ddb998

SHA1
e64f5cdfbc3dce4e008df96bfc4103988b1e690f

SHA256
e76f7b5e68dd746ae636d91472f8970d3b48ac11659d5f9f700b8b42dffe9988

SHA512
5b23cffc8746222ba7d7027b60a14312ca5c4a95143eafa48df68e8479bb91f4a775b081c37afcff4881cda25e9c563e84bbb653aa05da3a67c50bb6a3ffe91a

Download Submit
C:\Users\Admin\Downloads\OpenBlock.pot

Filesize
680KB

MD5
a7746ed034c0145005b03da71eb5ffca

SHA1
7315f1f81ee8452e329446ea201ac34a45d3e69a

SHA256
307c3d353b2b012acb2a26cc4d29f550c51bf4bd05ad5140299dd7e85b4dc9b6

SHA512
126874209e2bd836e26da8cbaf79a516bab2dc537b3292c980c1c6e7278b60c5efb70e6a391bf2e7cb7cef5c72fefcb68c7e93ec3cd07bcd9033cfafc1d56346

Download Submit
C:\Users\Admin\Downloads\PingClose.iso

Filesize
276KB

MD5
bf7a09f55ec5e72fc047211e6f634fdd

SHA1
37ad452a909a90c79260dc8fb0438c97651329e7

SHA256
0098d54e6e9387672a31b2ccc63f1245b64e298c9a6e10f58779de610191972b

SHA512
78e2f6bf07e9afc4f14c3e03c5b5d11603d66f76c62422814bd665f0cc0468590126ae20d5eab67672ee66c40ec462d2ecbfb26c72f472210c4caf00e7bc6e17

Download Submit
C:\Users\Admin\Downloads\PingReset.m4v

Filesize
321KB

MD5
321051163884fe0fb1d7d361b326f4f9

SHA1
33458c6ad7de158462691d0a44ce78ce9016df31

SHA256
cac663494dc80b162d4ba25619416880f7ae45d70c4b4c2d429671eccfbcaf62

SHA512
7b19ad3833a18606eefef5b96fc41086e65a64bbc5c06c656192e780ed78a3564600c1b8a2eb4d12b28e1840f0b679594708edd0c2996860e2d81cd7b77cfc5a

Download Submit
C:\Users\Admin\Downloads\PopShow.scf

Filesize
351KB

MD5
c978e53141a18d15e26d16a699adfedd

SHA1
f3997b009fb0d4ebf73c8b42170578337e022f2b

SHA256
59bbb6d7fd4defeac119d223ccc3e674355a1a10382543b92db8e3d0063df721

SHA512
aeeaa99a5a279e819da76b8419d528930695d89fbf4f9ed49bfaa86e75bedbeb049d6538a578036fc1fdb7b2fd68171d83133e58d1510a6856acd5a7247fec7f

Download Submit
C:\Users\Admin\Downloads\PublishMove.lnk

Filesize
471KB

MD5
45dc0afe53e416c94a8811795200d3ab

SHA1
b6671281812989ca2a5298ea391f109f61bfb3e2

SHA256
bae1f7319fad434a472b7f39082ae45facc66d511f753f7f22ceca3c42aa4acd

SHA512
90f45682e9ac7037cb1fb21e687a4899ff717ac89e21f2edbe42e3f7f7926dcd413f88a58307586693484a5fadfd6661a4c1b5f230dd75a907e338331db59af6

Download Submit
C:\Users\Admin\Downloads\ReadHide.WTV

Filesize
590KB

MD5
5bb555781d6e6a3c3825a1ad17aad362

SHA1
0221400cb1ffe3e93cecf277e55219719f8563da

SHA256
1f45383a6507aa289ef308124f2ab8d310a1421ade204947f50f669f478c97fe

SHA512
835c551743b8e47f0fb0d229aab455718c787bb20db2e8ba02e5a49c21d8a8e7b35adb5579902ff3362ef74767d9d7afbcbbe321e8aa45bb8bed2a2d1f57f867

Download Submit
C:\Users\Admin\Downloads\RepairOpen.potm

Filesize
456KB

MD5
810b086c96b17330eb334c23100fd060

SHA1
1d18070a95d345300f2681c07d418313f14e2a91

SHA256
942c7d0512b245f5b06997b80c20425e47f439396685da0dd4f6af0a14fcc630

SHA512
f911c166dc53a3f2968dbc6be5362ff60842b860c5fce1e29325f9bb76521c71e29af0fa9c3dc7b1513af70c40e7b1d85b46d907ea5a1c1639e3ff2677a400d1

Download Submit
C:\Users\Admin\Downloads\ResizeTest.odt

Filesize
411KB

MD5
3d13c0100975cea2889453f5951b221d

SHA1
98539917f2f496abf05d286c53817b72d13ad856

SHA256
6a0c908f01b39fb39f339baa7483595ae858013e19ae5b5c93e777529b40d93f

SHA512
b14621cb2d5ebf5147191a41340a77e7afb16cbd217bcedb5c0751295851616bdd833ca02c809dbc61f9126ee0013945056e900938f840c2b3b647d61412b65f

Download Submit
C:\Users\Admin\Downloads\RestorePop.xht

Filesize
1.1MB

MD5
f0941ea9b5ff4bf9918045955916295e

SHA1
22d4e22f1e1816aad1fa1e13feb18587c03aea20

SHA256
81d4492a92b21a51ed9bee772e3054219fffc742a12ce3b730b5e13c118003ad

SHA512
252f23c2946919e2e97d0e515b0cfc335a1d2a41a172092607d61aeaccc6f0ef68a9fe26e285fd709cdb775af882188a45c866b4c8c5dca781ed36a1547c2293

Download Submit
C:\Users\Admin\Downloads\RevokeFormat.easmx

Filesize
336KB

MD5
525ba5fee37747ef251bdb8d7f3f6487

SHA1
bfc936eb41e236c5b060c14bf020534812512547

SHA256
b03e3a1e038711e41b3a6ec39d98172975ac01fd007e00ec1ce5c7774e1b4562

SHA512
8df3192cf962a6f511543a841132f6b0611a02df2083f233d4a1f63c90e943e89f6b79f40b8e4c2795e4666afdf67cf033091adbc7de48d47688b8da14b616f5

Download Submit
C:\Users\Admin\Downloads\SelectConvertFrom.edrwx

Filesize
800KB

MD5
093db2de3ed76beca40d89107cc50657

SHA1
6c12e588678204429ca25fe5069b14c556ff9520

SHA256
5314db3ef7224335946ee439f0d5f085c2a324da72cc3085b401feaae403ef21

SHA512
4160e5400a22121a0637862e546159d129f39b54eac762fe94d67f33fc54e1b6b918c65bf6bb0b4d24e98698bacdfa567f3877fe1131d56a29eed305dd329c80

Download Submit
C:\Users\Admin\Downloads\ShowRegister.mp2

Filesize
291KB

MD5
8def4070b52e2123bcc8d642e8334e61

SHA1
56e16c2b5580dacba5dc5b84e8bf74a21a704a19

SHA256
8f631c66bf2034e731d07f0853ba3b927bca641c8000df05da3dc75e1d5845c5

SHA512
c4f267c113ce5f6b9e55cc2f08a0bfec226336cfe173b4d7117669c3b24c58fc057a38b2a57ae630191c765e31165e58bdd21e86ca8b3195ac540e7ac03c0b98

Download Submit
C:\Users\Admin\Downloads\TestMeasure.mpeg2

Filesize
366KB

MD5
89bb3d315c15d2bec497696fa80e168c

SHA1
961a8552e58716c6fff6858a009339d017cc4bec

SHA256
762279da015a97709f8a509df746a72ed46b0bbf45da28cce803ad1f3d67c6a5

SHA512
501ec2bb444aad943e65f5cb88ed14963e40ebe4f56da84c81861e907d0af969433a747c450d798354f7da0f6f475c920dff034896cc3dfa6ca17dbb0ef13674

Download Submit
C:\Users\Admin\Downloads\TestUse.mp4

Filesize
486KB

MD5
15f49f2a2f9b53e5a7aa96a72d36dd1b

SHA1
a9773cf95ee53a2247f7a80603aea34d5258271a

SHA256
5afd3d2b8f8e002961753e25218ba5097d5caae35bf09f718c8e3dfa470b451b

SHA512
04f92561c252a62e4c2496d173d9fead12e8acd857bac73930faa479bea5250432068e3f4da436e58bbead771964f17453324a5079f030561be3b733cdd2e103

Download Submit
C:\Users\Admin\Downloads\UnblockConvertTo.scf

Filesize
620KB

MD5
88017d62569ee5b8d258afceec5aae10

SHA1
654dc3e6c977ddfda5bc268747400bac95bec5d1

SHA256
b5ee04fc566a9b864f0eb2692d83ffa1230d91ae490e82965ce52d67cf17dbf3

SHA512
a07effdae7641c14a9562dece1a0b70006456dd09e86e9f4387dca1fa3b9a5374ef26642b73001da99380c7e6448bade0dcfc882174a3e0a5356f44e3216d87f

Download Submit
C:\Users\Admin\Downloads\UnblockSet.dwg

Filesize
575KB

MD5
76b4df573ed665340ffafb7bac9edc4b

SHA1
90f3d9693391134167d447ee75944c3300d8119a

SHA256
f52f8a4674d136d935f305a27bbb9e28819a25f5f4b71b1fc4cc74588bb1f852

SHA512
47b7dadcd995108ee9f2a90f0467b36d8434a01f9b6811302620b378a4f52ac7010b51d30e4656ad4ef7e02edc59ec0107dc41cb99d3ceb7ea4f42c01281b708

Download Submit
C:\Users\Admin\Downloads\UnlockSearch.TTS

Filesize
306KB

MD5
36a5b41d66e69df7d73c137359c90232

SHA1
33af16fb5d1c38e28202cfa4111b39a976edaee5

SHA256
34a0948a1b2283d95d127866bdfba40d64863b7f36154888ba6098de189d6bc4

SHA512
f74cbf1eccb4e5f17856fcc02bf3a59b91ebc060c3b8761367e1a588cdc12774415212ce315e4af2b59f69c175e663db7f4ad50689eb55f8babf9525f66663d4

Download Submit
C:\Users\Admin\Downloads\UnprotectAdd.xltm

Filesize
426KB

MD5
4c354c4409d4960f2272c6e9f34fdb7c

SHA1
7b4a501375f9d14988133f23a6c58c44e964e69b

SHA256
37a251eb68da1f0ef769c9d11015771bcc9b5dae0fb129f2fc381818b8052943

SHA512
99fa880072ea6326f1f222fdf4a604d9a4f0491a3a4a410ae272dee4d4878e8551b1ded6671a3c60ba3a16aa4a58edd502621b8dfad0fe081e0ef621f63f22f8

Download Submit
C:\Users\Admin\Downloads\UpdateGrant.css

Filesize
381KB

MD5
5362fb0bfee15ee46dd68ef8c9b87fcb

SHA1
cc1dff8772858a648156910e25bc55f7217f010f

SHA256
639cdc73f66f6f3c76098387eee8bf0763fd1896d2bedd620b1e10d16fc626dc

SHA512
768a1cad80ed2526b580d1beb8a4f96998d2fb865c68ae11d0ce97f4d846fe3c4ee0442ce5f08c39d151a05bb76b07022ec18e53d3a559c8427686d806c98cd7

Download Submit
C:\Users\Admin\Downloads\WaitConnect.gif

Filesize
710KB

MD5
14375f4ce2a9e9aa1659012f5e4f0e67

SHA1
711b29abd36ecae120be031c4a195f2d2d3ba1a0

SHA256
340bb9c34f54e74156cf46d5cf0c00e2b0227ab183429bc211a7e8eef8883b4e

SHA512
3c24bfc6112df6bb972699c12344a9bbb4c5f7c0249b8cdbce78419e82745b8c88906db051b89634257a45f9a7a1363cbc97728641baf5bb1c65c287b1d7e5ba

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
0eec5f52baa8a1d0c340a8d736575fed

SHA1
882abe6d97e13ba504b84182a8eb3d8c05b7541f

SHA256
863142eb5a5ee50392255e94a4e907ace667ca51ae6c9f7b984e6933547c2601

SHA512
6c0925d8fce88f02ae7ac63c30f1f3e69bca227d8cd781077f99ef28529eae67346016c8ad20e2e2c58820d9386bc6b609a75af20fb8e91f736f4f49ea9bee12

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
f661d7754af3879997ea1e709bacea12

SHA1
0d6a25697dde5a75816ca4068b10af2ccf3391da

SHA256
14e255ad6141a4c641d36220d00d82e9345089523c9f112c15cef76bd14f4ffe

SHA512
593afd680e6e35ca53ddd47632a3854632b47720d4df608f20e39fb89027efc14dceb6c96bdfb00d380973179a79195f7c3d94b5cf2b90f4ae49ef48a2b71692

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
082ef5e3a4f03d7a15c7a7384ab3e04f

SHA1
e3c0d92eafbf6c5ded6c5fa886ba113c34de4eaf

SHA256
bade7ff3a56121e978ad6f80163182bc71a70487b7fc2c54ba8d02f5121c61d9

SHA512
7489042b7ede8159a5744ffbfe318cd1689cb551ada6d544cda79c812d4544f91abf227669d2abe825fd664d85d8974c3ac77ff67b8b10cf64edce34b72bca91

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
22KB

MD5
564dd09f1cc66908ae4cb7646ed70d96

SHA1
0626bdbdb11208625cfcd676fd81a73b5aaaf111

SHA256
ad4a625c314aa28dbb011100844d823a8b0c6610c6ba8ba2ef74e148d573a139

SHA512
56504a1b488915e4d7ce0c15c5cd76fcea7aa22f9dd3f27eab1d8ba739f6844b211e0fabbb698b3abf93b7eac8f488ed5044b9d983453e0fd175999ce6b9b2eb

Download Submit
memory/416-1559-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/416-1560-0x00000188CF0C0000-0x00000188CF0D0000-memory.dmp

Filesize
64KB

Download
memory/416-1561-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/560-1588-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/1620-1579-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/2312-1182-0x000002BDBA840000-0x000002BDBAF48000-memory.dmp

Filesize
7.0MB

Download
memory/2312-1184-0x000002BDD5700000-0x000002BDD5710000-memory.dmp

Filesize
64KB

Download
memory/2312-1183-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/2312-1185-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/2952-1590-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/3020-1220-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1219-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1233-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1234-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1235-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1236-0x00007FF9B1AB0000-0x00007FF9B1B6D000-memory.dmp

Filesize
756KB

Download
memory/3020-1237-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1256-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1257-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1258-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1259-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1260-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1261-0x00007FF9B1AB0000-0x00007FF9B1B6D000-memory.dmp

Filesize
756KB

Download
memory/3020-1230-0x00007FF970F30000-0x00007FF970F40000-memory.dmp

Filesize
64KB

Download
memory/3020-1231-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1229-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1223-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1228-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1227-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1226-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1224-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1225-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1222-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1221-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1218-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1232-0x00007FF970F30000-0x00007FF970F40000-memory.dmp

Filesize
64KB

Download
memory/3020-1216-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3020-1217-0x00007FF9B3A40000-0x00007FF9B3C49000-memory.dmp

Filesize
2.0MB

Download
memory/3020-1215-0x00007FF973AD0000-0x00007FF973AE0000-memory.dmp

Filesize
64KB

Download
memory/3480-1587-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/3600-1211-0x000001A59DB50000-0x000001A59DB60000-memory.dmp

Filesize
64KB

Download
memory/3600-1210-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/3600-1212-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/4796-1571-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/4876-1207-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/4876-1206-0x000001A91C370000-0x000001A91C380000-memory.dmp

Filesize
64KB

Download
memory/4876-1205-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5240-1574-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5464-1569-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5464-1567-0x000001E37DF80000-0x000001E37DF90000-memory.dmp

Filesize
64KB

Download
memory/5532-1575-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5536-1566-0x000001EE4FCF0000-0x000001EE4FD00000-memory.dmp

Filesize
64KB

Download
memory/5536-1564-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5600-1565-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5604-1586-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5760-1584-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/5972-1578-0x00000292B3170000-0x00000292B3180000-memory.dmp

Filesize
64KB

Download
memory/6200-1572-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/6200-1570-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/6216-1591-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/6556-1563-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/7256-1576-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/7280-1582-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/7280-1594-0x000002D575690000-0x000002D5756A0000-memory.dmp

Filesize
64KB

Download
memory/7884-1580-0x000001967D9E0000-0x000001967D9F0000-memory.dmp

Filesize
64KB

Download
memory/7884-1589-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/8236-1573-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/8236-1562-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/8480-1592-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/8680-1593-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/8680-1585-0x00000287C5540000-0x00000287C5550000-memory.dmp

Filesize
64KB

Download
memory/8836-1577-0x000001EFBEAF0000-0x000001EFBEB00000-memory.dmp

Filesize
64KB

Download
memory/8964-1568-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/9144-1581-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download
memory/9160-1583-0x00007FF991700000-0x00007FF9921C2000-memory.dmp

Filesize
10.8MB

Download