babylonrat | 2d952fedf846b7d19e3e75632fa03826b6da922ba04c308283c5ce8110a5e456

Analysis

max time kernel
1047s
max time network
1062s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

troll.pyc
Size

2KB
MD5

f4c02d1f0a86849a1d6cdc0f996036d1
SHA1

0eedd3a627bee8d321553f5d97978216490af2e5
SHA256

a0a969ae358d472a5245fda0cccd062fd6a21e431356da6f6f8b55ccdd7982f8
SHA512

dc11a264125f21932a95f67c89766cdfe8aaa96c027181a8901b58e11c1831332d487317af967786f13ed0a1939128522626cfe3476010b2d18bb4060b7f31be

Score

10^/10

babylonrat modiloader bootkit persistence trojan upx

Malware Config

Signatures

Babylon RAT
Babylon RAT is remote access trojan written in C++.
trojan babylonrat
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 6 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023d3b-779.dat	modiloader_stage2
behavioral2/memory/840-793-0x0000000000400000-0x0000000000CFC000-memory.dmp	modiloader_stage2
behavioral2/memory/840-804-0x0000000000400000-0x0000000000CFC000-memory.dmp	modiloader_stage2
behavioral2/memory/840-818-0x0000000000400000-0x0000000000CFC000-memory.dmp	modiloader_stage2
behavioral2/memory/840-829-0x0000000000400000-0x0000000000CFC000-memory.dmp	modiloader_stage2
behavioral2/memory/840-878-0x0000000000400000-0x0000000000CFC000-memory.dmp	modiloader_stage2

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	Alusinus.exe
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	Babylon-RAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 27 IoCs

pid	Process
5004	MEMZ.exe
3876	Alusinus.exe
4680	Upx.exe
1796	Upx.exe
4588	rat.exe
1328	Server.exe
840	client.exe
2984	logsim.exe
1072	Babylon-RAT.exe
3128	upx.exe
1076	obvious rat niggaaaaaa.exe
1160	.scr.exe
1180	.scr.exe
4744	upx.exe
332	RobloxplAyerInstaller.exe
5724	RobloxplAyerInstaller.exe
5960	MEMZ.exe
5968	MEMZ.exe
6004	MEMZ.exe
6032	MEMZ.exe
6052	MEMZ.exe
6080	MEMZ.exe
2036	upx.exe
2760	gaaaaaaaaaaaar.exe
2164	upx.exe
5308	jyhkhjk.exe
5260	RobloxplAyerInstaller.exe

UPX packed file 39 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000f000000023be1-490.dat	upx
behavioral2/memory/3876-492-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/3876-504-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/3876-514-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/3876-515-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/3876-525-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/3876-538-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/files/0x0008000000023d08-560.dat	upx
behavioral2/memory/4680-567-0x0000000000400000-0x000000000058B000-memory.dmp	upx
behavioral2/memory/4680-574-0x0000000000400000-0x000000000058B000-memory.dmp	upx
behavioral2/files/0x000c000000023d04-575.dat	upx
behavioral2/memory/1796-613-0x0000000000400000-0x000000000058B000-memory.dmp	upx
behavioral2/memory/3876-623-0x0000000000400000-0x0000000000816000-memory.dmp	upx
behavioral2/memory/4588-645-0x0000000000400000-0x0000000000424000-memory.dmp	upx
behavioral2/memory/4588-647-0x0000000000400000-0x0000000000424000-memory.dmp	upx
behavioral2/memory/1328-660-0x0000000000400000-0x0000000000424000-memory.dmp	upx
behavioral2/files/0x0007000000023d46-781.dat	upx
behavioral2/files/0x0007000000023d87-1199.dat	upx
behavioral2/memory/3128-1206-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral2/memory/3128-1214-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral2/files/0x0009000000023d86-1260.dat	upx
behavioral2/memory/1076-1262-0x0000000000210000-0x00000000002D8000-memory.dmp	upx
behavioral2/memory/1076-1269-0x0000000000210000-0x00000000002D8000-memory.dmp	upx
behavioral2/memory/1160-1267-0x00000000006A0000-0x0000000000768000-memory.dmp	upx
behavioral2/memory/1160-1287-0x00000000006A0000-0x0000000000768000-memory.dmp	upx
behavioral2/memory/1180-1297-0x00000000006A0000-0x0000000000768000-memory.dmp	upx
behavioral2/memory/4744-1502-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral2/memory/332-1604-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx
behavioral2/memory/5724-1605-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx
behavioral2/memory/332-1641-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx
behavioral2/memory/5724-1644-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx
behavioral2/memory/2036-1907-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral2/memory/2760-1911-0x0000000000910000-0x00000000009D8000-memory.dmp	upx
behavioral2/files/0x0012000000023b65-2020.dat	upx
behavioral2/memory/2164-2025-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral2/memory/5308-2037-0x00000000005E0000-0x00000000006A8000-memory.dmp	upx
behavioral2/memory/5308-2039-0x00000000005E0000-0x00000000006A8000-memory.dmp	upx
behavioral2/memory/5260-3292-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx
behavioral2/memory/5260-3294-0x0000000000E50000-0x0000000000F58000-memory.dmp	upx

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Defender = "C:\\ProgramData\\CHmanbaMrbeast\\.scr.exe"	obvious rat niggaaaaaa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Defender = "C:\\ProgramData\\CHmanbaMrbeast\\.scr.exe"	.scr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Defender = "C:\\ProgramData\\CHmanbaMrbeast\\.scr.exe"	.scr.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
139	raw.githubusercontent.com
140	raw.githubusercontent.com
144	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593255672534330"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "8"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Babylon-RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	Babylon-RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "7"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	Babylon-RAT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Babylon-RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 14002e8005398e082303024b98265d99428e115f0000	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000003bdcbe192792da01c5d07b1c2792da015b86b61d2792da0114000000	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	Babylon-RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000000000000200000001000000ffffffff	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Babylon-RAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	Babylon-RAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Pictures"	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 02000000030000000100000000000000ffffffff	Babylon-RAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Babylon-RAT.exe
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	Babylon-RAT.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1088	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
840	client.exe
1072	Babylon-RAT.exe
2648	taskmgr.exe
1160	.scr.exe
332	RobloxplAyerInstaller.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
3560	7zG.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe
3876	Alusinus.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe
2648	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1160	.scr.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
332	RobloxplAyerInstaller.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
1072	Babylon-RAT.exe
6080	MEMZ.exe
6080	MEMZ.exe
6032	MEMZ.exe
6052	MEMZ.exe
6004	MEMZ.exe
5960	MEMZ.exe
6004	MEMZ.exe
5960	MEMZ.exe
6052	MEMZ.exe
6032	MEMZ.exe
6032	MEMZ.exe
6004	MEMZ.exe
6052	MEMZ.exe
5960	MEMZ.exe
5960	MEMZ.exe
6052	MEMZ.exe
6004	MEMZ.exe
6032	MEMZ.exe
6032	MEMZ.exe
6004	MEMZ.exe
5960	MEMZ.exe
6052	MEMZ.exe
6052	MEMZ.exe
5960	MEMZ.exe
6032	MEMZ.exe
6004	MEMZ.exe
6004	MEMZ.exe
6052	MEMZ.exe
6032	MEMZ.exe
5960	MEMZ.exe
6052	MEMZ.exe
6004	MEMZ.exe
5960	MEMZ.exe
6032	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1088	1572	OpenWith.exe	112
PID 1572 wrote to memory of 1088	1572	OpenWith.exe	112
PID 4852 wrote to memory of 1516	4852	chrome.exe	120
PID 4852 wrote to memory of 1516	4852	chrome.exe	120
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 3904	4852	chrome.exe	121
PID 4852 wrote to memory of 4648	4852	chrome.exe	122
PID 4852 wrote to memory of 4648	4852	chrome.exe	122
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123
PID 4852 wrote to memory of 3752	4852	chrome.exe	123

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\troll.pyc
1⤵
- Modifies registry class
PID:3788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\troll.pyc
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd29f1cc40,0x7ffd29f1cc4c,0x7ffd29f1cc58
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4512,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4516,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5004,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4044 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5024,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5224,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5664,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5732,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:3224
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5004
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5960
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    PID:5968
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6004
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6032
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6052
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:6080
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:5608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        5⤵
        
        PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
        5⤵
        
        PID:384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
        5⤵
        
        PID:1244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
        5⤵
        
        PID:2236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:4636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
        5⤵
        
        PID:4536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8
        5⤵
        
        PID:2772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 /prefetch:8
        5⤵
        
        PID:5932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
        5⤵
        
        PID:2016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
        5⤵
        
        PID:392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
        5⤵
        
        PID:4776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
        5⤵
        
        PID:916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
        5⤵
        
        PID:4524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        5⤵
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
        5⤵
        
        PID:4048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
        5⤵
        
        PID:5376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
        5⤵
        
        PID:5840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
        5⤵
        
        PID:5132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
        5⤵
        
        PID:4784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
        5⤵
        
        PID:4760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
        5⤵
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
        5⤵
        
        PID:4316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
        5⤵
        
        PID:4684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
        5⤵
        
        PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
        5⤵
        
        PID:532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
        5⤵
        
        PID:3516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
        5⤵
        
        PID:1560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
        5⤵
        
        PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
        5⤵
        
        PID:6308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
        5⤵
        
        PID:7152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
        5⤵
        
        PID:4316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
        5⤵
        
        PID:464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8056 /prefetch:2
        5⤵
        
        PID:6744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
        5⤵
        
        PID:7040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
        5⤵
        
        PID:2024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
        5⤵
        
        PID:3584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
        5⤵
        
        PID:6716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
        5⤵
        
        PID:4312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5426264459156902630,468046249852110777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
        5⤵
        
        PID:5776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:1476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:5564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
      4⤵
      PID:6072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      PID:5356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:2512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:7000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:7020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:7028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:7160
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:3020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
        5⤵
        
        PID:5696
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:6828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5760,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5740,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2664,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4552,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5524,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5824,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=864 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6000,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4044,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3436,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5420,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3168,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5484,i,3374459489043389536,17354268006337623413,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:3280

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3488

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Alusinus RAT v0.9\" -spe -an -ai#7zMap28542:94:7zEvent27830
1⤵
- Suspicious use of FindShellTrayWindow
PID:3560

C:\Users\Admin\Downloads\Alusinus RAT v0.9\Alusinus.exe
"C:\Users\Admin\Downloads\Alusinus RAT v0.9\Alusinus.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:3876
- C:\Users\Admin\Downloads\Alusinus RAT v0.9\Upx.exe
  "C:\Users\Admin\Downloads\Alusinus RAT v0.9\Upx.exe" -9 "C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe"
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Users\Admin\Downloads\Alusinus RAT v0.9\Upx.exe
  "C:\Users\Admin\Downloads\Alusinus RAT v0.9\Upx.exe" -9 "C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe"
  2⤵
  - Executes dropped EXE
  PID:1796

C:\Users\Admin\Downloads\Alusinus RAT v0.9\rat.exe
"C:\Users\Admin\Downloads\Alusinus RAT v0.9\rat.exe"
1⤵
- Executes dropped EXE
PID:4588

C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe
"C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe"
1⤵
- Executes dropped EXE
PID:1328

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\" -spe -an -ai#7zMap12126:98:7zEvent27460
1⤵
PID:3236

C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\client.exe
"C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:840
- C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\Tools\logsim.exe
  "C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\Tools\logsim.exe"
  2⤵
  - Executes dropped EXE
  PID:2984

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2648

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\" -spe -an -ai#7zMap14381:100:7zEvent7642
1⤵
PID:1728

C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\Babylon-RAT.exe
"C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\Babylon-RAT.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1072
- C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe
  "C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe" "C:\Users\Admin\Downloads\robux.exe"
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crypter.to/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd285a46f8,0x7ffd285a4708,0x7ffd285a4718
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
    3⤵
    PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16692766892924269082,49578822015825945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
    3⤵
    PID:5284
- C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe
  "C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe" "C:\Users\Admin\Downloads\wwwwwwwwwww.exe"
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe
  "C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe" "C:\Users\Admin\Downloads\gaaaaaaaaaaaar.exe"
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe
  "C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe" "C:\Users\Admin\Downloads\jyhkhjk.exe"
  2⤵
  - Executes dropped EXE
  PID:2164

C:\Users\Admin\Downloads\obvious rat niggaaaaaa.exe
"C:\Users\Admin\Downloads\obvious rat niggaaaaaa.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1076
- C:\ProgramData\CHmanbaMrbeast\.scr.exe
  "C:\ProgramData\CHmanbaMrbeast\.scr.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1160
- - C:\ProgramData\CHmanbaMrbeast\.scr.exe
    "C:\ProgramData\CHmanbaMrbeast\.scr.exe" 1160
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe
"C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:332
- C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe" 332
  2⤵
  - Executes dropped EXE
  PID:5724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Users\Admin\Downloads\gaaaaaaaaaaaar.exe
"C:\Users\Admin\Downloads\gaaaaaaaaaaaar.exe"
1⤵
- Executes dropped EXE
PID:2760

C:\Users\Admin\Downloads\jyhkhjk.exe
"C:\Users\Admin\Downloads\jyhkhjk.exe"
1⤵
- Executes dropped EXE
PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x150
1⤵
PID:7092

C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe
"C:\Users\Admin\Downloads\RobloxplAyerInstaller.exe"
1⤵
- Executes dropped EXE
PID:5260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0265e4dd-595e-4279-90eb-6ced3aa0bb8f.tmp

Filesize
11KB

MD5
af34bba87735e7b5fc22da56fbbe667b

SHA1
86a2fa0e455291a8ddbe61418553193f9d884e37

SHA256
af6983039ef187c634c664b37b490d73aa0a9779f5d8e8c124f95c55ed26b80c

SHA512
81a931c3742f66f2c7fac971e985d7e2eeb4ffbfe0d3da240c1175a6d642fd05c245eec8fbf6a5fd9a9aaf33a72184ac330d29d97ddc5dc66494f61fd019fae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b126fb83f330e247dc891bca2f0fcfde

SHA1
026049a46c86dc1335c499360a04bd4a1551de39

SHA256
1203e364ec569afc23c62c9697d028cd5bbf42b66f3115e8d2ca94b69dd12d59

SHA512
cddf3d68337b2d9bd95a2a08c6f5ad5988aca03f542b4e9d903ee410e03ee1f65b786e1c453e5d18c3ffd6dd8872f4450ce1c61ed3793a5ae615b652a6f27ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1510964ad42046c36ea1d928ed4fa854

SHA1
be568f5d239017025e7308f64e626e63507ce62d

SHA256
33491e1b229c98a671749b4f86111e06c166f3e4afdf3d18fafe3200d08ee6ae

SHA512
a08786cb21d75c9257ee48dfe2b43f8aab89ae0bfafe5e1a8cea1b3a4c80273629ba130b79c11383fa20b75010a73e2deeb55bb13f14100d974d9930480fd50c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b9e70adf1e0017f0ee0f62fbb3f111e0

SHA1
b1094fc51a711fc42173af449b966b21db09e95f

SHA256
ebbb4d9755a6d69220ddaa9179361f77e94af297d3d62b431fe73496b7f48482

SHA512
47d6440880920549b5792e3b96bd3a8348c8c9142d05fab6e0bcedae4c74c0fa4bf4bd383d267af113fc5dc9036b732f4430737be27a56a549395b27dad842c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b7c15e228933d0cf484660df173745b

SHA1
7a73022104e2c4419f464e0697c0a95548ada8e2

SHA256
48b9d72f1be9eaf8c006179856efe805e14e6cfdfa75844e591f820308041caa

SHA512
cdf6dd67a5c69ced7a14b654752d2801c63e6fd0dcf2ca2bd47dae2860e720dfc8635f41bf62abfe92933cbe1b9bfd6d257454d8233592f6a2818750904ef3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fab7e022c5d3c2e124cde5f9eff9fea6

SHA1
cd4e5f13632a7d0e8b324ffbbdd1504a122fa33e

SHA256
7c229dd2e75a35fcbff77cf4b703d3bd2cf275f0ec8e7480a2037bd69e76f2ac

SHA512
1be9fa95d375d959777fe0aae2e2fce833b98c49ae658ca7d20dc9a25313d8e97ae3963770d6aa6efdea5dab46e464497cda189a60ac3b111a702e5f9a2d88d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a0a703ccbfe219732420b22123038bf6

SHA1
34e929b9ded150f433085591d028ee4b6c2cdd9c

SHA256
1477548b5be9e25bd7eb1635198748889e2dd4084e487cdf56deca2c4318fce9

SHA512
e688f9526f8ca1ce689711bbf457953659ef58b8481d86af28ad7d374be06959516dc7df540ba40bbfdd2eb8bb23cc32e9ea0b75399ec6c72b48f3f3f760d6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba177def5e877a70282259d2d1486b80

SHA1
168c6ba3d648ddfd11cdf14a77aec94f617131dc

SHA256
b0ddb9bbbbcb8d1e0a8e799bbb90f9a1541f482682890b202c691647f3444a2f

SHA512
c187444d3477b2739ae960a3f4c962a47848b2d96b033cf1954629389276f6e9bd9290eb536a6d91ce4b52ae3e3e0e485ce0d5df3e5fe7d9c16c6d4f54481673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
564ff39b7b901cf2dc70c9eaeb328591

SHA1
27b5540b8f52aea2b2cea440d795fbd2705a428b

SHA256
9e0cd33f855e1738b5bf387e5952f97041bb2aeffc5eed3f042e41e33e038b5d

SHA512
f11b41310eaa8d1fed3855479b8d6106869f83a3f5d9980f2e3937b40c7d7ef28be7dc8d4f0f409fd2215d288b845136d8225aed6434b0982bf7b8033a11cc1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
223d256edb1cebe2876e5cf171da566e

SHA1
00031ea55ba35a380298b025494edb8d58d10561

SHA256
ebfd791ec1ca53e7b2125b863422ca972e10819e3e168900a5f441a876f9e4ba

SHA512
eefb0c2c650a2115aae82e9c0e5ab6e8ec769251f75ea093903d7174ad81d653a0c5ae0cadca2909b92e76fc1722455956c64c07a03d241efc1504f28c40f1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9b54ef69b584c2670ffd50febe2d28f

SHA1
6f6e37109e7ded3afff9a7bba0246527767d0259

SHA256
f4707610536eb93524e24ce8484b988f6fc701bf60774a6d0d4760242f4ea300

SHA512
90e2f09beac70798dc088547b9f62f7eedc65742456f4c4be2ef6fd56dd70c0d8979dd7fc4871db37a3d4a48452dda18a2bf0a3b9d10ad51ec45d6b2f191f194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e60aedb2ba18b847157b6a52371fff2b

SHA1
aeccb3d6cd545b3dc8ac507b61b87549bec9ce19

SHA256
ed2068b956afe4d03ec5b13ff8b00f4d73ac9cdace89115a209b363b3b1cf468

SHA512
39c0366587f7f94aaaa24be2f8417ddd62f02c0cf006b398627f2f6078eb057afc2b246774d6bbb01399a57ad5ec0f10779e177a745ac7fcdfeddc8858f5dba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8b91da61e4d0838251e205df3828ac8

SHA1
282563e56033a43cb5d683526b582940edda8487

SHA256
1adee36069680f94b74ff1043a3f5ca4e68b2125385b1eb6921fa6844c37517c

SHA512
94b7cc3941e18079962e92ed045e070dbb6519d118696d870861d9a1688b53a626e2ddf84765608271aed51f26f86fa25118d020ad1011c406e0ea4c3cdfb520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
913987f6b2373fa70ffaa31eae1e0646

SHA1
913fb707c48f18dd650466153191ed18b5a7bd88

SHA256
08cefba06586ed9026582760b46b0e35b3f29a7bb670aa735554410d8725384e

SHA512
40fb8b40f134e4436c14caa5b8021438885ae022f48911095543e07b0bbdbd663c07bf0615e8ce63c8f6fc5c0854ca70748996c7ddbca20e520f16f08fcd2c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
557182edbbe4d2f629e104e4af85024c

SHA1
12c79aa767e1f9e2d6dfa02f3b67056854089bd2

SHA256
ccd9ec5d97d69bf3367df93dc3eeb85e3ecdb28034a058b4111a5cf0c3d85985

SHA512
431efa501753e6deeaa3328af18f82200ceaf69df1d4aad1afc052a53f58524ee03d9c31ba18069ea6c21f1ec6ccd5497b32a2a1b2559c39199bd7b298206a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5a2e4709ff16c92eea38af10ce23bb8

SHA1
5609f7c0ed9f8c9759d66020a79ce05a83f9d68d

SHA256
8807913443f874b1c9636496fc37367414f597f8482f74b119e344e2eb5d1523

SHA512
17b1c9a09e72b64a4a353538f360aa0cb9d1b988a4e3f2efa5210489181bcd88dcf530703182eb0b67adbc493602e350927d994c7f68ae1b05c04daf105d52c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b521e36fd3706fcd12378b594b718b90

SHA1
09fe12e2fcb050b66d18949bbc0bef9c658247ee

SHA256
c6da88340fc0ef2f18aa64de2ce1053fc87168bb727eb357d2e576933c534892

SHA512
6b991c43168da5b0a348792e6cfe5686e095544cf969cda3984b78c66332e497e27c0e663c8ab11930d84c2ef8d781e6de2e2dff5f7cb04b4502a5e4c87f71c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bdad9a7e2c33d44615d6ece577edfb12

SHA1
30dc47ec9af93f8e2617a9bc009c4b85c9e730d0

SHA256
23d6ea27d77096356d2683d5b0504b035c0697bc8d0d33cab969dc3b48dd822e

SHA512
927cef2175c97cc5d7a22aec07d427812a1847e85ad931c6040ac756c50a92357553c03fbfe3e45cd3b06bd2ba817143f5f5ff2b824bd72e3bcca540d73e033d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a28dfc9be62a0606deb751faa0ffa0e

SHA1
ea1d2d1a68eca0c740317bae8ed32e44921c17ec

SHA256
a09a58671e2bba4d6b81ffcc26dabe05243b4a96dcfdf62ddb602fdfb28a4317

SHA512
2ea15d167753c9b87a7dcc83b9b0695fb687deff67eada747c83064350b17ea9165f1e1172a087d75689e6fdca3ba2574bc21efbb7a1fda42c1a73bf9a827d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f53460f17338d9799e8ee82fb93d817

SHA1
d89557134fb8c70b770b69a423732887d8aa50d6

SHA256
31e5313caecf3483b2a712c83d319810c7e7ffcf5bae04952a70684360ab9c1a

SHA512
8f45cbce63c3049a2514b9192f6277ce2fe3f5140faa1fa1ac808a26cc626751f1d3da66d1cbfae9e539f591804168bd75fe963a15650a2648efb0c781001f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2e43cfe10fc7a8e24d65981ebdffbd3

SHA1
d8780632ec3e635090a6649a7832760700d0edf6

SHA256
bf052c4ed20389522fab9c21625f922fafd13789f58e728002fdd54a4041668c

SHA512
8700074a5a50e251f952d100b054729887d1e94a291c41659b4794acf5b27c1b3edaa7672bf22893ef4dfbfb17a31092dea5225e6a624a2273304b18a4595f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02aad3559db9cf39ea7cdaedb6737e77

SHA1
72ad2057a0436c8743fcfde1f8882079595f5474

SHA256
b0baded2d91bda3f49df7fcf4392159f16c15ee71961adfaf18776cd8eed95f3

SHA512
4efd7f23956063f1e5e42648fad906e710f0fffd5a50c2986450698e593f3f6b7349b18f381005238b7404711461c4fd53a867661e99bc4d22a1cc8143e16139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
549b56f0726005fb41b8be51f4ae0349

SHA1
a6403d2258da6498999c85e82fc51d3950f0554d

SHA256
5b076d5e46d533f5b51dfb2e334e27e195b8d184f766103d6f8f580545261efd

SHA512
ed95e00b1f21152b8ff17e2f7b6e775bb79afd017f012503813ee77368ac3ef076fc7db812332129118a1387365ea5ca6191c2714faa56440dfacd057a5530a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fbb1fb732b691508e76bccb60631e9cb

SHA1
7806efbb4ea57c6f2b8739a8d553d81a34d36c4d

SHA256
5ff171297e99bd9cc2d66ca0e1dc150b33834fee67f21d2159c146c5d41aed33

SHA512
6084899567464271b73cd049de3c33c4538c23b8fc9e6456ff7db2051bc99e00fa195c4e776eeecea5123028f0a5705f2ef07d654f5eb1ba4fda53a933d3ff78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c42fcf746cb66d4571d09c5f71a8133

SHA1
ec325afab566786ca354c0672a0893f2629a0c5a

SHA256
c9a6d08d3f59bd8c15296f1a1b46f9903bb6cef8adb104239752f19297782f61

SHA512
28046159cff64849b250194ef0a472ba62d191274e01d648dceafa4b933f737b0170178c62660e0e0fc7180a056564028b7cb456a4969d285eb16fcfc7c86881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fd062ddc2a2c2b450eed69ff94179e4

SHA1
8a53c0f6d53ccdaee139e28fef3ef51197839ecd

SHA256
f29104ebe1e7ea561396d4d33b2f32533b301a3f18be4daba2da80ed01716d95

SHA512
743e53900b85299ea075b48007d7d1aaa4ed20faa6e6498cc2ed699a8de1f1e5bd0952b10150a1072c39b05850dda131fe2697b28a09b5296206ba94d0fef907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1148fee21d1fcba953de2958cfd249ff

SHA1
68620672aff33c7a0c8061926935e5d11a65f23c

SHA256
acc63962a5553f53fb8ddb5cf0ec2b5616f698b4f30ea58ee2a6b4058c8fe92b

SHA512
d9af19e2a79a8094295770f0d69e8f468727fe26ffdaf927f689a88f6c946a2ca72c37d031097b2ab46a5e120ea4ded539615303fdfe60744ea8031d0da1316b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b7a09782c2117fbaaa8eb497175dd3b

SHA1
00b574a7b40a7529650e20af82b9b9098312ac03

SHA256
08ca15768cec85d4499d71884d608be8d85c2dee8141d1517ab63fdff9d4132f

SHA512
48faac956fc20e1b9b5fc7fdbc67904dd96fc29aef536ebd282c20c7f3a5b66887a059e10ba9d761e97f73effbb11dc642cd1a55095fe97f9a44e317d55d4c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
699d27ecc229eb97650ea5df78bf49be

SHA1
ebae08fb920b34297bdc80d09fb53f499244d891

SHA256
18466481515f73d9ab262f2e4781a883b1176c69525576d54c4dd846377f8940

SHA512
1c7319b51079f5a787f0f5a640e8cb0a440d22420622d149bc7856b358b52bbbbd4fef88d355360557389493f5b72a49dd49d62ba6f2f3ce1dd42df3188dce0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0a6655fb2ef88c77cf51fa3fecf70d8

SHA1
749548f40c51d713ef90fbe7de55eb174b196f65

SHA256
eb55f48aef5a74367a41fd53df724ebfde8e73ecc3b171dc0b78318c6e792413

SHA512
92dee077306a774f43c52157ea955910172144e8486cd0b4fc874f25e104396f10f537116ec88752b1b0fe706645c12f50f769841bf727638ad1dec1f231387e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
98800bf2fcce575e9086c4c079b546b9

SHA1
b9638e95d2dfb8adfe5ae85d790e82fd3ae95117

SHA256
1c9720ce1dc7cda187cc359279aa987423929aaabcd7b4dd1a68fc0067f79d95

SHA512
efe0567618f1437852e49f881c2069c19b9facf6776c286b307e2aec1bd8320c08731d769cb3a99d2d0095fe09f8e38ae3bca25894fcf7b746170db304042b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c42fbe448097261bb6afad5dbb859d3f

SHA1
206bcac358cdc1f596a545095d15618505c34636

SHA256
cd59164fa3e2e19b44a99ed91349a835a8736141708e74a826111b27909b65d1

SHA512
e75419527678419bb629e50a8ad2be913f4cdb8b537c541996b4fe51f44ad43e5b1a3766f8f2bf4583812f03066a150e8c48d9be2e0417a9ce71f10c3acd37f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
192b897a9d0c7440624b9260c6765e76

SHA1
ec5975566ea6315d06a2a6f55012577fc0a906ef

SHA256
92b052b6ea2374392c9eb7babcb44a15226bcc5766e1d68a672259ce225f0806

SHA512
c96bc18fe5113ea6f866028ec87299dac0dd430a14fac8f61b4f71e83494366bfb3844e71ed293ec395bcb991dc24fb90545b08418a8caa8e21b58c411e35c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3faf9730688221b7bcd66213c16b5a1

SHA1
1d084a457053a6af2ec3f71fa6d3c3fa5978ce6b

SHA256
33929192903dd563fc6f59431ffb0b1d85e9ef10c8cdbe8191b3cfe977bda819

SHA512
de974ca8fdcb8b5a7524cb3e551cd3549e42b53bf886907839084646a9cdefd369e73d9167675db6d7bc513c88f0bc7d8f122aa072e77c2fe8094439b43770ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2cf366de14b27bf62522e1e78bb13a99

SHA1
19ee4e3b84aba33cb9b30b77ac0759be7e2d3743

SHA256
7e40c3b0e5456cad69b8cc3401810320e6019de33f93c9309733f99cff8223a8

SHA512
f5c5010c2ecd00e585db52d25ee61aaf87f500aa58153b1a80f24b43495b8d9d265c9d342c294ac9f5c52f652dfdd7ec47e1c374332705a6408f1b74e93618f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa7d892aff65d9c2945c3fee644a553d

SHA1
a2611c6fcef396b816a20954e6bb5998201cedca

SHA256
414b1ff181a0f23a71b386462d1f5bfceb71d9e82897a9543c7317e3c9e734b4

SHA512
79829e70202c721b487c6dcc93dd623b15ceeb47d2860bc7dac116f2c23f275c88447df234bb8e232e50d5a3ee1cb899cedf99c7ff2eca4fa3b2990ffc8b9706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6718c45c030a5fd868d85b5bb51e7189

SHA1
859daf0571fbff9698b6e7b70053a80d0da8e651

SHA256
e2b59053ef3eb78e6eeec7c372147b07ae6da5a4c0e95e358fac2da194a9d671

SHA512
2c236b3b322a1306beb52e3ea6f7dc4c2dbb65c7d10fe59cf4cbf84ab4a84618ab6b2ae5b26d7256965fcb5495fc59414acbb3f43347b8a54373f2a0d009c5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df16d123ca7d5f26bd91acbe3955fd1e

SHA1
5fa5bc4a88969d8f01aed8112b0ec4c56608c607

SHA256
8bcf6b60c31cd6703142187cce180321b2a75cb906112759bcd4704c984cc183

SHA512
02d0de0eb21675a2608081a706f03beb97052335f1497f187cac8b2738dc612dc3555e18cff22043cc00584efc53e651801a910c25913d021b0b0ab67d70172d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
343a5623d44a6b767a95f13eea178610

SHA1
916de6f0a5885db0c8b403ad312f7da3d17f92c8

SHA256
1ec94e9038a343af159b31e9d438cc14b876f81e05434b2a22f0abe35490d605

SHA512
8700ef5da5565a804ba574ce52178c4a58cc9a6f9ce4363b7eb2cebe1f32db6ca60a34129ca0ed803d728f9589626f8deb745dfa6376437e4a7e5151157a5c39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdbbd5efb87b095f30c4145546dd994c

SHA1
c8e7648eb455513f46e369afcd7a56045ced6017

SHA256
b71f961e37e97b7391125cef9178c764d63740823bc08a303bf1d3b1c66de615

SHA512
1faa3bb19d1bcf56bdff7ae1fee8d9e3b17233f49a1beb575a366ca5b3bc75cfc36e3a815c261a54f62415d01e9915c0e745fc9ca2ad7bf2daeea272994192ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b00c891f34c41dc81701b1bd0dc4a6e3

SHA1
b4ed7b08e3f11bfd99c34bba95f05d592578f5cc

SHA256
78189d5af0706867d7d47d74ee26932dd12e025116622a4015e71ac6794c1c48

SHA512
374bdcd8cbf58bdb994ae80de9e8e131624d6f487228dcb780eec16f971336d7e6d40e1bbeb81ebeaaf725b4cbad1741671efd0711cd88499be34de3516e08a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
980bdc7302a7668ebaf28253c9b3eadb

SHA1
1d245b2b31fde817c2f9b227c09d93106b045fbf

SHA256
7ca3b12e9a44315873fdc46c80b03bf6c4695857604341c63fc6e618f73306ba

SHA512
177211e545dafae0f2fd54da165a87c07eabf2930e0abd156bce1974c2610ed64c379fe03ce560f8f29843b4df0cebfd1ffd255a61f548730b17945e25b92300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
64026210040456542c5f4b5e8e7d395b

SHA1
b146d1dc848c7b4522af039097a6bf279e9bfa65

SHA256
8ec2e6e7dad35689722074d75290bf73cac8aa85f676fc5a6ccfc4adbd5a9178

SHA512
ab22e7d1ceb0c2663f56009ba7ccf77590f644ff2b6da91051698a96dc5bd6070446e5680150b5d2acb708c98ede9c52a56c54b8057ca7d303b1c6386c4849c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b3f98c74fafb209d3f69fc8abd45c363

SHA1
8a3f1f30eba8f00e07c50b0dd914b5d56bbf5f57

SHA256
caa96006b176a132cf13dd0600a1f4cde2f6dbdba0fb786c39a00049d3fa657d

SHA512
74918f0aaa2cc2347e53090c01a512f0fc3a48c6c29d75fc5d0e5b7823b6d838c727aab783b33679f31aeeaace6d7ff00807b85712bcde3d59fdac2de117d0f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d887daa82bcbe6eff6b3ee3f74334858

SHA1
efeec237de6ca06607139ff30bb0a2b6b9a641bf

SHA256
333d9895a7da4c0d2e75910e79015069f7512783151bf33699c3e0b4443ca006

SHA512
daac223dc223dce985395e8920736317423ab84f88e70e4007ab3be03c9ef82e162f112c6ef771756486d28dfbbe6b3875ef16748464e74235eec6631edd9ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f2b437bce3ad61d4ca65aad39d92d4ea

SHA1
13aa51dd7ae20477ec25f7fd0a9fc6b8d3a21a91

SHA256
d3286e8ca1411eb6f69c67716fd5c3962afd2711e5347c1aa2ba4af1688584bf

SHA512
ca1dc7b94f6fc94ea9e5ff4f48477a7835f77b6c1ebf3489cbd41d23e149b613ed4f3250721993e272d86c3800b8947a29bff2708cda6c8cd10197ae082bc476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a36327fe64c902651ad9d72f1a07c011

SHA1
f9a00e02cc2d4d5821b16444190c9f5b8a1875d2

SHA256
a1f86241279d4f6c097485c40741c8bae82da6f3e777463bd19d105d5792e729

SHA512
dc8338487ac85e88417088ea0cdf47cf96fbd5e369021ed9d73e541993aeddcffe52a2768651313d340d001bf98102d2a2bde736f6d1d08cddbeb92d506eeb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6265a88f8e9163e0b992159fa422114d

SHA1
d362da0eb603e5c525bb77ddc43a30322e15e0e9

SHA256
d7c172d1d86c3636f3303b226c6e05505fa630e0af3921dbd91f22ff46eb09be

SHA512
2cd53939a14a41ecfb5ae8f7bdbc04d3528721b994d679c772a631482dd96277507f75b64d203eedbcd28ffd695c403fe620ebdb2fc963c26880578c7affbdef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0376b442f42543d8de863a11a46531f9

SHA1
d1631315cf2fc9e39ffc9b52e4f786a4d7e33171

SHA256
df1e1b20a1575ae8160eed41cd6f12af925d4f9367734a3ea27664c2f57d342e

SHA512
57b5b95c94dd31a1bd4a15cd33cd12c6d61903098a61fcb9f1ec0ef4214826e445429170149e633ffe3ad45b760cb0e36e9a26ce6a04c8b9b18c5e80c69ad3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3a2ead30fe6b07bf53f920a444e04265

SHA1
40c9c51a12a1824b2b23b37829df2c408b4c746a

SHA256
2f1eb4ea57aff4d26ddaecd2bbfe20881cdb626c7892a10043fcf73947e034fe

SHA512
d01e7769113b69a1662ddfdbe699a2664749af0e5146b67e70f412debb60dfaed69f7164645694ffbab1f0674286be2b8e8edfbbfcd315dfdee175901a3308e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d14d91b33ff90e8c2b31e40f03419c8

SHA1
a321f62690aa513f95b04f7e273ccd16c3dbaf4f

SHA256
4cdca8f424f8c7daa74099ff03a85b33c032e7ab60ad72d561fdefe4a6d5bbfa

SHA512
79fda7de21b398ba621efdd44a02a223e08cc72fdb19c22a02d650eb0ef1fa34db6a7a4c644d3eb9825e3fbb66d6617ac031cdf9bfe341ff707835feab108512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b6e185d4b00c5e52196d2362eb56d06

SHA1
d33c4212f11368f3d5a488775d2224fe37fdc755

SHA256
aa28f3af078b47279a7e4d135edcf16d0c326dfbbf6e8dd51d2d4a3a7d48fcd8

SHA512
1ed90d4203f3a69967fef8709dfe71a75ad218cd490200bc166ee3789ec59d22abe024a6be11f633bf0f26e85039473077d00b0fd48fcc03ad7ade3ed5b61d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c348e6613931f84358685e69fc68298d

SHA1
eb5d0093be07688ab04a57ef8df567b082164c05

SHA256
bb9d6b4db8efeefc97bd0bebc5b3f85bfdb2e1d77b4a617f10c7f45cba27de59

SHA512
3bfa4c15751a339a13de330e55df981eadbb307a8e27f36b42a5c43881069a34fb35cf015576be81d0955fff9b278101058be94e9fd8d0d5f8f2ac669334a1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d22aec71ce167d62bc16791ec45786c5

SHA1
07e910cdbb8579ffb0b74b8f0f6476bbbc18129b

SHA256
99b6a201f64dc0bf633137ea44a7e53bc4ac61612164ad6d3978c94965da2072

SHA512
856f2288fa39b48c2c355f151c8c4aad67a1c553e3789099d0f793017ed7fc85911aae2600f6e3c4395724daa20bae19840df77362f6da51da7ac127773489e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f7916d2eca2eebeaab03ba35a53d0a2e

SHA1
b2ad6dcbff89598bfe8b8d21c99f269156295767

SHA256
a507fbf3c0fda8fd32b6de5434a28720f01f792ef9dd380dc3df6ff1855306b8

SHA512
474f1661314f70186ff37bea2ecc0a901253eb3b416ebeda4e85d9d89e600abe60617173e161083d6bc62be2c2318fb6d9617ac267ef412ee2a87d6dc364abfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cc37abb969e5c37481f8b73baee3524c

SHA1
7052091aa5e69d08f610bf9b8890e1729db527f7

SHA256
dec37177ff7957da80677660005268b9f390dad50f5c7f20ef64c79b94d04610

SHA512
40f252f27a848086e1a0a85c35a30e36af690bd2e71e51b971769952e39453a91d42ee3079dc177662b71dec910e4dd04234ff413959ada6abfb01fe49090fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f1baad7ca03dfe9123bd6207df7a012

SHA1
7283f7f2062e2afd57634f252912173d9930c7ec

SHA256
61c5aef342fa7ef33e8578954cb9afebdbc0317cb213949941a35642a1a6bfb1

SHA512
a1c1fe3e9c796be75018e469b3d0684d6d7b91c937b13c4951317bc59f7fa96574b413328da84fe4bfc63f3ab0ead590172640debb61cd88d0070a982637957e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d48c18ac24af710083899643b9d4192d

SHA1
72d0ec7537bbcb2bd451e075daf9eab94a8579b2

SHA256
789bdf1fc1c281c59306ab11c62ffbe9644e0722c5731c6bffd9e2a0ddefc585

SHA512
fec0c1c006fa26aa0dad28dcfb9ccb04259a082bc9e106a8e1d09c359b1816a39d550b9434e011a248e5a895ad0a69e5b441a3c20ab2e72bb7307f5d7ca42076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a526b9d2006f428b24408634fa69aa4c

SHA1
87499cb286af60aeb5182446ed507f82039a2a47

SHA256
7fc92a9e1be3296555daee4f4528b95000160378b4eb64e3356723d6e9fdf642

SHA512
7e4e1979201e98d8eee1d14baa16cae2212f675dae105a9097194f148a09ced793599bca688bbeaaa38801853ff37b6bfc9d1cee3995dfc414a13d37ce3a2e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed6aa7f7313ff0690f662c349606b5d0

SHA1
00dcd80596b88e1ab11e26b4ca2956bde5608c0a

SHA256
5498233deca03c0590a633bdc1b81d47a833d62d04900ef3b6e88aab206b8c55

SHA512
376d4fca38ab9ea850a1edd05323da18a4dc9c959edcb62bcfb55ca555fe065c9272b63b26145b98d45bfce0659539f0f9c9eebde332fc29fa767b2d2606c4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
df787bc1839989a173c956a1c47efcdf

SHA1
1a1dda531ec6877b107c44fb9b30942f0dc7c982

SHA256
71a522ab2dbc490b786810d1ab750c40eb3c695a44a5d9ccb8448d0ad36733e2

SHA512
f6542ed69e0a68cddbf037c3359d022bc0ae7b9774c0f212e5006e90d986e328778b32eff6374d839cefdad14c7f825acb71ca85e7cc9948ca6f4ce43878780c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e91e7bcce60a821b64753857f67eb0da

SHA1
40551bca7c8bbd2de4e8e616d246132f97edcbf5

SHA256
e06586fe465dcd8fd89b936f1c754ca8cbdb10b2e6ccd70fdf2efe81b04c36e9

SHA512
fd17761f0da7b5d459c92931b3305417511b9f2a189419edb67eceb57bf1e91353e28d7465607af8db28f6122bc40b39a78859c7b1950e89d1a106e9714a4094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7813d5abcdda572f505c2d335e01343

SHA1
ba716782e29e48fb84bb7ca244a1bb6286ef3efd

SHA256
1e7fd3bbec4601695c0b5dfa7b41f56cfebc752aff675389a6503149f8cae86f

SHA512
4ef328edf3484f907eec9720735279832ffe9a1fc9600805f3fa1e121b6f2ae0bc26cb7383d3d25ce1b9d4ad60c104ce95dc349d7520b1a87e8082828fadb14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb579ba3cb47bba6c0e69e854a106e72

SHA1
3e3c77cfbad1adbeb3730fe4ddd38d638e519f87

SHA256
22e60ed8a15f95be5df44706f0e9e12506577090f14c6417f65ae9029ba57bf3

SHA512
264f1ef08fa4d5bcda063e0a83ab492f4c993abf627c98d81488c0d8444313947bd69316e180e90b62982fba7f2412663e72e4707b844c589027731c65ad15bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2faba4ee61788006e431019b14be1d96

SHA1
76f782487b8effe92e541517eba141a852c0cbcc

SHA256
8ea97c51f63db32664d67b8f5ffef5cfb086eedbac5728f1615da316e92f517b

SHA512
34888a071337ccdfef8620d52b030debc9e257cb6323a04cf930f0dccc15291393cebb89f8359f795793475ae7bde3ee460b45d65053cf2275fd468e6bdc7e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
46de48c73b7677e274f05b26a69000b4

SHA1
415548b82576b41b4255974ffbaae68372deec8b

SHA256
cedb10990845449b097a3cbefd32e8fea6783396e900f34e37c2cb916dfe6917

SHA512
50d895d2daed4f5894579ad1e764ecd94336d1b80d80b52724d190dafcf14ccc3bf41e3fa322329a9b54e860df144232d13567bdb9efb8fa69f790571d224d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a2afac261fe6afed25f85ac9e835c9f

SHA1
52614aa8cbd1daf421eb9e1780caea1f72262fa1

SHA256
8b47aa8f37f09bf732ca2684e60837a137b47c6c4d614de5e35686d4d910bac1

SHA512
d8e4716fbc2bd17258ae07908584b1134d890a2f5f1d990ffe9edbd00f4ab8b1a1bbb70b069a03c3bf29dfd40095130f8d424c0b2e8f18a18e8ca6aee974d3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2f7c3b175726c5067d0ebb3542ef9099

SHA1
ac95e18e704332ef6a22c1ca09762c3aaa132ba7

SHA256
8745b92d59d3167b190233b18da923b305df20a9cf63ba6947f57011e14092fc

SHA512
ba26e2bd946ea7440712243f9a7319c911ae57487a2e468479a62ab08f9d967cda30c1c7d56ce1a9e525b96a49d2dbbb9088863d5c7d5bf111a61ebd91026fd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe19cca09500b4f0f034e920ef59808f

SHA1
e867cfef5de90349f14cf8e953cd84473d746ec2

SHA256
0dc2988048518142346f4cfc5d58f93dc6e4944b854e1e95fdfd4502716cc306

SHA512
e18436bf6e10b3fb3dd8ccf7e71ef68bcf1fb96274140020d201fda91cfb98e82c150c5a2cd1bf62813812081120c692b6e5a40fc2463b4bf85c4e69f6e60ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5df5905c12a0ec20522907b50a440da

SHA1
54c2e616f45933003fd0906c98bd2493f938f77c

SHA256
ec6ebd4e67cdd86bf137898cd4f1752426de2fb1e0224cb2e7dca5a39c975d9f

SHA512
a08ded41c797f4ae83ef41e25e1a3be19f53c69b96651c611d89ba85dbedb51e7b0bd8901bba7a882a57ad6395eb6138d8b99697df07baa15b7a882072b3642f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d038f03d40f95893d1a5c6b423d97741

SHA1
75611bece75466c0a081869e03fae0b49b53be59

SHA256
2e729795898d6f20a2ec1a7b1c30c16c85841d24eb5cb17f56ff74d7168611bf

SHA512
5ae5d12d85b4f3499d02c67fe86f90114a074aef0e62bfc2c344f37fb0f2fa34028403cf6ac60469a895613ba333bf5e67f75fb080d73e4b8e877e263563e683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ffc632724057c932dd6abc25ba10051

SHA1
05eedf554ef3c468f541786a6ca0e9f5d4dcdd17

SHA256
395e217066372cd2aa524a2383bf5d9c31b9929630771f3003036751b13ccf56

SHA512
ff131b9a0679113190e2e9c30d771594a27d46a9556fd44a1cb2811a5146da3743ec285ca7983d81a9e99db26b6c413e3de99e1fa061c77484fc2a640da4a31c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
efa01ee3d3815ae4af63e66583339c1b

SHA1
110b4263a53b806e899a9d3ad7d1312be4001b02

SHA256
9395598da725145835c6286ee534b1aa07a68624efef6b6e6e8c7f8b30c2bd29

SHA512
df59357ca8eaeb74826c8edcd352b6f96379d91263a24de4c5226089e6c8c06f4bf97eda8fbc8b5b5603730f59d42e001c1978ad67a2f7bc70ab4fc6615357d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77008e260c20568c2030a34e1df16a3f

SHA1
aa547a972c14437ac1e951fe3f620b48243a9b96

SHA256
f9ec1cb36f04d63ca36fdccc0feb5c95c1a9cf2b80ec9d4a61442ff521e76151

SHA512
5747148b8cd517775ae9291eabc793c92d46f401aecc3cddd45b0be789ced22db00983955d94cb17044429afe10efc478b25c7b434864a1433ecda64094f3326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3b3ad16b96f081e75128687af41da418

SHA1
a1da965cd16ae26b38c3d7ee8e3665a181ab2c2a

SHA256
0a774a64d65e9b8ca29a84571e19c916e626893eaf93f33625b701bd5a721707

SHA512
f613b61f7aeae2c26249fedb6003d61958fb3fe8926b8b06d62ef51a2efb679b4dd436a88d961f55a42663e8954d812b1a5075b4686da0d6b88ef4915801b2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e140dcdbd729a0b9b9ea3e79e6139bf9

SHA1
a2ae402412359089373b0eab5850ccdfbc936af5

SHA256
4093cb6696662ff1b5e8efdbfcdcf08c155cbcbafe3579d5f560e69c69a509f1

SHA512
9a338183e79cf5e130f8603b2cfce37af41b5a575aa22e4d155dc26ae3c28e76491cd82112e36e17d48e32a27f935fca5801eeab2d2239022461156631aea8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1bdaeb65b99d47f8016348c75a910a8

SHA1
c9c4765904b47e9f9f9e0dafe899d5ecd874ba41

SHA256
4fd5359223770617c307749f46691b280e27fe081bdffa639c4bec6e819cf30a

SHA512
ea93e6f590a139748105e4b84da8b3bd74beee8fec4d7b4906e201091a1baecd487f1b2ac90828e575c6ef753b691857da8162b5d928a43e65d512eaf043f965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6bbe0432516978e4e9f6870ccc73fe7c

SHA1
bfbb622e8d5556270384d3cee820fa6bce302f9d

SHA256
8e0a30c41ee3f671276ff3f51c2ce555cbe98e6b243f7d30c0f4c912a6567c64

SHA512
939f38fe027a7ebba30758c80f8662de25859815e3afe41315b6a9d2c5a00524d8bfe11a934123c51026a742142f6cbf1cb50f56ac423a650fd3fce09951c8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c11ed57feb0cb330bbf3b222d1cb8a66

SHA1
698fe9228d84456631eca8eb4c131df05cdc0c4d

SHA256
e2613fe06d05f0d84fcebe4d685591f4c4ce33b601356a33af45064c354ed00c

SHA512
32605c374849e1a402ed50a12320bba93b6aa697b23803d1a1c17d102305c1ebde918f2cf17080974e3bf3da4e1dbedcd519a0bec64f83ff8c9bbbe36e3f7776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
08cb657d855467096f82a8719fcfd8aa

SHA1
0e41c58ed68b31ad39e4fa81c7fab33d6215dc8c

SHA256
e89ceca8de6dbbe31c4eeeb68cbc53cce1d4eed51877b7f9a2241304323f4fee

SHA512
80178e975fe31c1453650fcfbea91779683a77d36c2ba0c0ea4a6cee667bb5ddf8c45bc3f142c5ca1c0eb042b67b5233028f2659634246513e56cbec4db58d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
aebe5d8ca889cbecb0c750b0fbf10771

SHA1
78e7bf528f794d3e57024c4ff4cb02c2df7125bb

SHA256
4924624104134ca127e310509c9586ed46f2fd58368913466efe999cc2b2e5a5

SHA512
1ea582cd291cfa904d62cb21b757ba01d1ec8c253b829f4d8f9f03ee173a4ef13c93dbf528e752da7b72a9e6941087e2ef13ffaeb805092e0effc63e79cb14b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bff7f623-7de1-45e8-9573-708562dd4d0c.tmp

Filesize
11KB

MD5
18728c1d071d68c06f9f6ea969ad7085

SHA1
2263aa2629417a117294cc6ccd5a8eea4e684fe1

SHA256
ac2aea281540e0ac55dc671b2c5055b4da1daa1b5b89cc6ce8de388a55871901

SHA512
2fc69d88cd04b57a925aa3a5fed9ed2c03c1b570c7c7a4f6e26c1969c8a32c8b17ca9f40b7bb82884afdba4cf2d7dbd3f46cf6fc2067c504e109efb6054ef95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
db866c3409f7f092997a618025e9b079

SHA1
90292411e01c67589c3a499618f4e39fdb933f74

SHA256
21a6639a38175435ce475c0193fd50c1bf224362c0d0dd174d3ffc0f08d92c22

SHA512
2bf4621e4391a76a37e9ee3146814d05c4700134403d2f3aaa588f27eb7b9678ec6088472a1e333f50c79189300e529f61a86eab79c8b16e81ddf10321c92032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
61184c83179d4a61fd6d02ac7f23af49

SHA1
d9df64876b7ca89b0f4013c2920ca42f7984da4c

SHA256
94b00b3586e838b36d927a57e949264e1746d05f496beeab3130837b0709a119

SHA512
f5a1f357f73a298f09ce2c0e02e6eb6eca0ff28a60a20f254982ac7d090516119ecda6f4f71d437f60027159eaa5a9c55644844df47f2e9d00bafcf969df3d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
11c15c01204ffb520d12c389ca8b948d

SHA1
cdafb0b7d90413d3658f634533d36cbb581ab2f5

SHA256
f721b57b729daa7773d4f212bcdcb2e3caacbb427f123ade60eba97b749a2b3b

SHA512
c2bd63203ab559f8d2f0da41362237fe309f5eb13cfd61ba97ef3953961feede08888c95284615af8f8040eb0cd92617a79e219e904b7de76e510d1c9993f313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7ef39bcf58785316a37b30e02e01b49

SHA1
f6086ec134e6e99e2e559e75c809ce0f5651b656

SHA256
a915fb9c638c5ba7d81a4dd9b848a6a40e205d47a976d8ada7c0faeaf25e1251

SHA512
13275c0b8795afb585b6e860245573af3db3e340cd2ff86d7929b7917863496f09cb66bbd193a08893eba0f427c034cbe4786573312c6c43bce9f67caf200448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5501c955826eb6079bf48724d92b3b97

SHA1
21a76f072207f2142c0c8fd921565a2327d403f8

SHA256
6df7e5122f1ed8e02aabe231602ff338e4b928918d0e2ffd36cfd0f66457d739

SHA512
2c3c61a30e6a24601da1b845e0ca2a1129677c6fa6b69a8a170370242b7d337110ee2606a3a32a4730fba52e9fd773cbdf7eb94fa97c662ac3313c73d109efa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
5993b2315633438c46cd5c1219089eb6

SHA1
2d04e1e39bf4ede8f2bea19f42b4fe1519074ac0

SHA256
a85f9eeac1e56926ed80a07a7682d9b01fe6d64494e4547e4496ffa5265ff1f0

SHA512
6631a45c57dc67c57a59c3a5f81734c940b77f03ecd05dd06e47f120836fb786b6e228f858f98b416cc66567f9e6e18994054da99872674f4248119a67e2b7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3686bfdd9dac59032c46a2a0e489927d

SHA1
102b69682b9b46339b9200aecf8e95c98124c485

SHA256
0a5769e058fb9932dc8df6fd9e8f9a3663b1d5f56c75a22cddc909a7b61e234c

SHA512
dd9e380f127459b60617ca3fe9d2f8103e9d7a517c1694fd93721ffcb0ddea6f983601f09fe487c17c2c53c973c7aa9d7944d046cd4287d05653f924b0ed87ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7203a759bd6509d82ab3225104072746

SHA1
42158cfdd2590fd32ca978299487d19840343ad9

SHA256
8a1bd8d19857937dae68bf4b149670ae280b0d32ecb2fc594807ae6c26585430

SHA512
5624a9b8196dcca074c668595b1b70aab2d205bb87d86d12f7f0afc6d1d0cd6ca4eba22dcf1cb964bb017d86bd5f1dfd49f13922355d6d5188cdd232121fcc0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
923931fd1729f0651d10802fc61c10de

SHA1
b1d783c7b10b913bf9b991639ee415e79fd82205

SHA256
96b023b8ef4c2f8a8edbc17dff86f35ef937fa72680935ee8054f213ff87352f

SHA512
e25177afc516fd0bb0297b8b88cbe5fc84206648b9ed11228eb7b8865c03e9d590e69e52cca2fe43879ad3aa0eff3e639fc5d24ff9126d68c0d52b3af1a1b5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e140df1d398a6d206f77c8973459c602

SHA1
d253cae80bf2f7f553a6a383936b6b657a11abb8

SHA256
592820c8e4cfc901e67cf4b63a3f4b61b213d9714b3eb72f488ec90a9ffb54b1

SHA512
c14d75dc9a838cb97b07ed71b1219ab439299bab9086e114bbf40ab6b4ce2389f0d9a695385aab0dcdd10f745a5f5c0e0818a2ed14c504e4eb31bbe2ea5608ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
e7bf26451e2d6f732f8f3b9382a899d8

SHA1
643487d7a14f78578d5861675fc21d2af25bbde3

SHA256
bf04af20fb292af507d71d1a448045f08a464e825f5a2aff439195a86d971ab4

SHA512
43d703f657b10d9f549226f763920a3ac45adf570109b6843fd3e6cb21630a13b7cc0ed70937816385256b602b4f7ffd0e2a882cad665d14f171e130ed577e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
9690adf132997fd2d93b34f63340477f

SHA1
7b34ba811e98606a89334b35eff534dbd8922885

SHA256
e312e16cb9cadcdb308086139f214c81a16f5dacb1d5b9868403d5078e6cc4e2

SHA512
4cdb98ce8542e54c45bef25c5f2e83d340b9d598200f3442441b10d2a68d20e907f2a761c320de35763ed3a6d481f076261a6204b6ef48f072aea477ea99da5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80a405a73070b739e2dc890be4b9d500

SHA1
02ed8001bfbbac25a677013761d198acc6f300c7

SHA256
ef4546a376472614be48ddfcb608b5b98a5685354d4a2e9e043fbcf55d4296c1

SHA512
2f05853076d7fac5aa20fc448ca5f8c8c17e866a8bfb065f24bd7b2ccea4bad1caae6fe7da9d521aafc282e35f7f39751f7f8df242e3517174e1dba53c599c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1da4eec0b7c5091356f18514293d0fc5

SHA1
5547a263c7f62c96c5237eb0eb41bbd0b9b9d901

SHA256
ef6452035304b3628db0a4c0fba43f0343e23573b49756591f332a789f3399ec

SHA512
a5239f50c446e529c2507605cfdd314671a361989334e7cd384779fc74ee3cb7bc8158ea7ab2784d5566886d1fc083eb3e636f1569731f0e73296a68de799b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c39e9cca816b4aeab2394414a4bf114

SHA1
019f08ab5485a3472611def71b007b19d8ab4808

SHA256
0cb3e8b92545ecb2f49a0b992cbb1584d110d1b5b6315461304be40351dba745

SHA512
da6245ded07b91863b5b99dcf694e22cab8c2228806f69e062b1a308289a89a2fc1f54830596678d78ac93334e8f764715b8e9feac8944707ef3704ee31dc8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2df7f96dfea0a1c3c5cc7d24a320c9c

SHA1
4d0c6fae587e4aa58ba6ee784d6baa5e4799a709

SHA256
f05b122fa80e3ab4d1031bc7d9661891771f6cc2d8575725ce8cd301af7edb43

SHA512
4b40877a7b8eeaf6f5656fc133bc37780d8928f3af329b0287582e21214a38f0dbeae1669a169b4fbd089a7abf61655002a58e5a54cfb7f4ccb7c676feb76534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f580ae6a44a6fad4a80af943d560c7d5

SHA1
193856d5fd5f77d87d431e4eb975de4cd55e03cb

SHA256
88a414721e050da0d8ea18f8025cfdeaf4a615578dd602281c7bba3769884cf2

SHA512
ccef7cb7d7c5e38abcb5ca0612f2fd6842b39eea7a922fbb277bf56795c6c78451b65712172bf7d845bc49f7bb750b99b4e6b438d19132655daa2f8845a3ae3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7f20b0eec35d19833bd78b88b4bcc78c

SHA1
82e4cb4bd2d32e6b81d65eaa795cbd968e1771ac

SHA256
26981c31f800c29006c4b122efa72566c28bfeccbe72fb2659d9c45ba0289e6f

SHA512
9a773640f754189c09df1a9221bab65bd2e3338abd72fae100ba7360ba6bf8ffefc883ea07e8d6e1005259e99d323b71a2c0639e36fd011c5b3f184496a27c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
82d168ea6cba3357eee58b1c093a5766

SHA1
b30af37177b5329c52c0d5fdc46df691462d4d4c

SHA256
e274436189d192d7f3869f7d92b5f0473dc6477bc47e7003bef14905059e31a9

SHA512
32917c9887814644a8e7286a08aa0ab37fcd7bba692857b0396cd80860560d28063846c78c965882bf7e21d2731ea2959a862a972b8bc494f2c7a53b63d41d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
d8ad791ff18d683e7d8c00ed5db032a4

SHA1
a371a0f0ad19d1cf18758405e22fd7322e95c52c

SHA256
ebfd5ce1cf6e0a5b6958f5bffce5e6a85657902618a65de6fb72b61b650522d8

SHA512
5fac04264afbf0099b25e2a3c9dbcccab25481be2b503d5810d6fb34fcc438a6a72a03fac545d16a5246cdc991be12a31bcef4861a0e437c6bfa9bf6989048f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
46f991af6cfa479addf306d7fdaec87b

SHA1
557b1bf2b14794cc5225281a1eb9f5cbe79ae200

SHA256
d9b32fa8b2dcda0c8539730501959c9c43e041d7cc567ea1907822908e95352e

SHA512
2cf1bd0875362825feb49ad26d87589cd416efc84a7f49ffaa61dc5aac7d30a72e0ca6306fbb61d9144f66de74a08458bebb334740f20a6f18ad0ea5adaa9f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6384fd6e9ad85e212d055bc7262ae761

SHA1
c1c4bc88be6c1479bc908bb3a54a6e2bebb43018

SHA256
42e2cbbdbdf725d4947036c10be8a51c98d6d2e6fbd914f9e8133ca790b01b63

SHA512
1389a6fa16748d8f3085fda2460ccacb5accc3cf7dfefb2fe3a6ad2d3c37ca5aebc42b457cfd822c7273b6d9939927531eebb4892e07ffcd03a9c9c31750d3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
7e4a496c9661bcab9a90813ecb457325

SHA1
a1830da52307e10d9488b9e84ab3f0f6a9d3a445

SHA256
0f97433ab5692e0ae6973bae3bdce8cccec6e87684d7c12ffc0ad033b8b0a3ed

SHA512
f7b62a64ae9728ce62a2f308f94269e4f501b1612e8896a2f187f364436b5d8d5f09116838dfc27be230b12e719c5251f7487fa6cdafa30217479a48b2f54bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\8a214823-7ed1-4aee-9258-a217f1132423\index-dir\the-real-index

Filesize
1KB

MD5
29536986d25acfe267d8866691ebff84

SHA1
ed8ca8519bbb2a347123a6e1dd8f980830736c7d

SHA256
6633b020c5d9440f0a795b8d3722a08ad0d48378cee963c940de0dcb95ed5b02

SHA512
93bcbc71ad54cdc109f480b7ce27102e5e4c4a946dd18d78fddf91509f534250fee1293a38ff4a3accdc4e679f695b1f106be5a694aa210c385621abaca4385d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\8a214823-7ed1-4aee-9258-a217f1132423\index-dir\the-real-index~RFe65460d.TMP

Filesize
48B

MD5
837a24f4da916524d0f0472f0d1c0f92

SHA1
1b9e097213b1d412a7ee0fb1c07f3a8936c47d39

SHA256
e85564f52d32c9c4610b1bfec33c595485c4dffc9e89cfb12b8c861329dbc567

SHA512
d33268d087dc76de8ac4173acc7d211f14512e2e6fa4c3b304d950904205c6e6fc73d670511dd2fbb8ecdcb6d1557610f3b72f94c2bc92f98f82af7b051a50c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
115B

MD5
a3dccb9f37ecf7d8b779bc4d0641bfca

SHA1
2762e31f796461ec3b4b7cec5a9b351e4369349a

SHA256
a777c49b979812d3bf61dd92ac1f51c2f286ba97feaa14cb98f779625692359e

SHA512
ee380a7f1b008aaf6617065208ca0daa12e85f44eb8cf7d8c8ff12f2c47e04a22f9ff198e490db19260e03e326bddd93d7b0c2c638302eccccf6b9aa4c2bdb54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe65463c.TMP

Filesize
119B

MD5
64b49ad14a449c271b8338e14124405f

SHA1
c424c5c37114e085973dc0339847c5ebc5e482b0

SHA256
cf0746f3c62e75deb6534ad609749f1c57bd6a99fc16a5cb35f457e18cd2446f

SHA512
55db0e2f1b9081357a743dd2047da31030044e3e41589c820b1c7db38003f5ef2a58b8e152cbb3601675369735ebf3f7fbc1becdb037c5a8a557f197ea6c7ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fcfd0e1d089169fe9cc35565cdbb44f6

SHA1
e3f60a2ea7e9cc1e4f0e147f177613d2b155b38a

SHA256
38cd1e202b8186ebcc759c8b24f294e7095ac98964931056bd07d457d78526d6

SHA512
e56fa10b05a0540025a55a4489a75b33580405bf41e7fc58a0f6afce845daafd87efac6e426fb1fde54f7af5be258562725a031db8b046004ac17f0c4757a594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe653ac3.TMP

Filesize
48B

MD5
a198c505333399248bae6f2c000fd67c

SHA1
9dfa0070389752026c80ef708b3b7cb237c37958

SHA256
7c2caeff8b097d39cd7b6743b6bc929f432c3a348d2a61c6b5d3a97438e44c71

SHA512
b4901351dcd522770ee16282bdc37578c22d944d53c752b33ae4e1b1e9e52a3faf661e9cdf31fdad9fdd7f152292f2606560c014c3781c4bd94435661081d6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0d214a42895ad9c4f1c3d4070d4c9c4d

SHA1
4c8255ef81d03a745b90e6fcbb11639295b88df7

SHA256
c4db6cfe03cd5f151d84101ccbdaa28b5087a747cb17b92ef0681880c8c662b9

SHA512
bf0bad0955bea5a07e19fa6eb5c941e8888d6dc1836719d41986dd33a1ad8768a0202661c773579130fd71b99730d5233bf568f4e4e01a70e3f89fd7d492a864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1a7836654b3b2a748220f156448e332f

SHA1
b163ac99fd52f9a370b9a0a90e41864e9254f814

SHA256
2654f0a6274a1f3acce9824c0c4601ef4f6f254d37128ad6739b03db968a718f

SHA512
64474880c45a7f3e7c46ed92fdea8f199c6b034016f6301b9f0b98fda6b6a23ae002695d47a20fc34be93cc5d5e3a3a6fb6d77db9d70876ddd7ddb1f1ef6fc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e734158b22a45103aef6d36451b702b7

SHA1
dde90417119488a4309906a6a5a874f2fb3152aa

SHA256
af823a390539fa8f0ef61b07485d029dbeaeb16ff8d6ef9005dfd7decaa8572d

SHA512
6b7cd35ca7d8fad0c4d5e8ced4b48c3c80b406078a1b055703a19264dd974f812da09dc345b9dbccea300bd747d8e92421ec864a83baf154783c23184d35fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe653787.TMP

Filesize
3KB

MD5
5dcc764a8f81df68211a4890fe7fdbe5

SHA1
74fe60e2ab9bc73f52d2858e09ec2031ff11f0fd

SHA256
6801632c804a67fde40f2586b2862b07957c9aee6be0c0a3b36816b494ad85b8

SHA512
9338437baf5483b6853f5217681fedc245e3b69addb20473be199fbbe6ce3c3f6c9a4b882a232931f82aa5ce2f8c4ea1c2634b62d0625cd8fc8153aff052b337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c6152acf-05f7-428d-a7d6-2b0c9cf4d56f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
157f9c17330d7adf780bcf958d3569c2

SHA1
ff2c7db279fafbb6fa82cd675061ca0146bde32e

SHA256
2f52d535af137ae0db5c32b184af7df9454a1075273a247b74150d52b4a6762f

SHA512
93b1469e60c22efb089cf937b0246ca7c0a8a29a3fbc69bba153fe6088ed6fbc744974b42e7fdf9f0b5899842f3b06b7e8fbc63ebc73a3951fc3dd2a848b634e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32a490399b13842f5d4c185c53e454ae

SHA1
4b60f82dedb74a4a97bcb180a0b0fbb4b395e55a

SHA256
39101c3173043bc5d3c6be73f5ea705c1e3ec691c4ab5b55b444bafe375226cb

SHA512
45b989d0becd14325dca1c61276a908d1c3464897b85e629b0316ba63efa1736867fdb9a5b1287f89800012b7b320a4f882b7b733c78127b0d224080df9a5c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
58042a159093aacac09422ee565a5285

SHA1
51b18489cfa2eb005c6b1d3b57732d0cbf0cbf8c

SHA256
82640557388308a1abf91859428196b7e63de10afec5dd422fa437226712353f

SHA512
de8eb3eb0ecb766d01eec07a94ae5a21aa0b24fdc74d75d6f24676e5227d911a646f9bb39a474cceb7158d2137e4791207c3f46fa10bc5e7047b1d444106c629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
227e8ed9d715455a9506a743399733ee

SHA1
dee3926a8c80b9fab9be551736be15ffd6abb8e4

SHA256
f8292b8c6457f21e5e3568116cdc8f88bb899531c5f04ae9bed656539eda3b65

SHA512
0dd52ae1f90c84b6352e21d9d0b2b2c7eb50463c2691ed69b1a49f3b02eeb0f060180a62134621329b9f855932fed7d3dde366a4bee09c412afbdff1c471145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1d1799243d480696d9fbdc92d9a99d9a

SHA1
2df944ae23e8ce4eaf6dfbbf43240ff18dfa1b01

SHA256
028b04a0fcf8db400c0d51c5e72ce0881cee7f1b6d02dd4a0960e08203059590

SHA512
a82e1591305cf75b79e8c19f929fbc510c0f9953aea398df51a90c8f164e1120048637e828caec93a3f4e46b5b15948fd5fca8fba59a545e37af0305e06fb5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 54 PM

Filesize
80B

MD5
02c78932c370a8ac5fb68b212450656f

SHA1
75e46794697e4d5965e8c42241bb005e7d6b49eb

SHA256
f2d4305d2a3e570eba90abfc7d3c1b4cdabf6214c09f5e852985b2a8301ad07c

SHA512
b10b52164d3b7b320053483bd31acd3dbde04759d7216df6dfc1d7faf66dfb6ff66955d8981bd7b10d9b128df5382dc6eae6e948c4b3bca043759f94145ed542

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 54 PM

Filesize
192B

MD5
b7fc477bbf9e19c17a40f8cc43826ac1

SHA1
28db487a385263b9a21083e84b4c0880d7bc1eb0

SHA256
87ac130370f1ec8ee4b0e49fbae7f14e13ddd3356b6dfc8cb61e2fd6320b0073

SHA512
f5d9d1774095e0cb7a3b480740a6505e821bdaa52503d0046eb1be8b1b61faf5ebe26e8e99aadc8539f23a1912294049bc42abc24ab12551ba79f4a97882953d

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 54 PM

Filesize
346B

MD5
368d2cafb49a1a07132820d3f17b17fe

SHA1
64f60ea43082fb1b4a8272cfdb37f6fdf8fecbde

SHA256
a12a034f74774eb82b602fca7237068df374d747a5f61caf5775082009b6bc11

SHA512
c77c38171495f3e9f71c75ac10cf3be54aa788c0833a132ddcd99c7345ee37862c439dd88a63714d406119bd18ae3ea5d57919f7abc2a7ad5729d32a41f21421

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 54 PM

Filesize
646B

MD5
a1dc7fb26511be749b2964acf94b4ef8

SHA1
414eef176fef25bc5ee5ca3f9f7dd67dd2520fc0

SHA256
fa24b8c24433931d6c489f8b391a3348b96a1d3d4b49ba1c224cc0e76e783c2f

SHA512
5154e6c37a7df2b5ee9df35d2b698f6a66ea5bbea6e867d102df270d55c9e2c998fed57d566f773f03833b5d508ab062ac4a5700d61a533c7f11bb7fe670cc58

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 56 PM

Filesize
86B

MD5
408513761e18391814c80b155d135a7c

SHA1
38507d60c6fe3ea8675979f41a42af32b3454d09

SHA256
b405f3b87856e6e0c9bb04b9e0e80b31d27f7cddee289a5aac3c7665a03465aa

SHA512
0c107e7489f50f0f0a364ee0e90ffe2781b9b2081f8276e91ad1d4ffc53fd05400539a0d1d79e3f6dcfea8950260ab18a9672c9f1a4a07c514cda7e03431e98e

Download Submit
C:\Users\Admin\AppData\Roaming\ConfigsEx\2024 05 04 - 07 56 PM

Filesize
386B

MD5
adf50a3ea701917139e5779bee82a642

SHA1
e8d60408e7f3883455516b717bbc0cc36ac10aa5

SHA256
a0a441d51dad9f9f4a5ce4a0b5d9d615a8b16e6c7253812f3ce803b667e3de77

SHA512
a5a7b73f74df901cdb525a7ac76f0fa69ffe2e59f219c1a4b042dbe667dc0e9c4d268c49f07f039eab82ce9bf567e8da5f8b2e856eabb044448df0aa41e4c70f

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9.7z

Filesize
1.2MB

MD5
ef9f9450167ff87f109e78011e320e62

SHA1
009ca4397fb4bdc2de546bea69e6f4dc2f849f72

SHA256
062a0c9ccbeefe292d6274808d4e9034a4883e56e51808a9f9d2dd50c3ba9dbf

SHA512
5c92626e961e31e76fb35c20c29bbd4255b2d6daca377ea10a886ead8f2687cd301c3df73ed918264113a4303ab5f2f095c7dc770266be84343195d1558fb411

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\Alusinus.exe

Filesize
1.8MB

MD5
d1092eb1b0e9380cb59a43ef68d81c20

SHA1
4c86dd9e194fc86601717c11a9ebd3d293583fff

SHA256
42d7b0b5c7be5fd50091d36d37de388ea14f95e5ce4c1cff718ac16eacb5a952

SHA512
0f06250780b854c7968f90de9f009ef11e61374238f74953ff6a3518c96e7b03f4ae67e92578890eaad869c0784d6ce58cffb7c05a168377b6d51de66dbb167c

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\RCX10F2.tmp

Filesize
558KB

MD5
5655e37634f8be0b465fa5a6dcf20cf6

SHA1
80358a74612010124d4862b910b6e10a415d0fd0

SHA256
10d54ebc110c2e9c8dd8ab61bc115bf6e62a4bacf4ca86d8d6794b953336b376

SHA512
2ced77a1b8b9b4630d01e499530998dcf94b591289d8382513ecf4c1d2610a1d97c6de6a72293cca93e0e5fa670888e762ebf937fa4ddcbc6e649006c68cb992

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe

Filesize
557KB

MD5
23536e40b8866766977e4d19fd50d8b9

SHA1
8cf0f0b8b9b466b9c8be16c1dab3c56482784da0

SHA256
ad129b96226cc513fd4cfe8ebb1f84aef7b35f7f26a62dc253b00a2c9dd0c0a9

SHA512
cb28bd1e6036b8574c6ec36612530067e08c50c373d03412f9750b5f38b8a500e430ae40d399027811e4eb069460cd487e33bf17fecb4728ee04ccd4527b7c22

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\Server.exe

Filesize
43KB

MD5
49ef2bdad1e3e0f4a7dc8038f6ccbd66

SHA1
9e745bfe5189d5c9cd0c466c46cee57bfd8cff92

SHA256
71a18ae72b9430b426a0379bd3166fdad4f701d7fc6f87633e7c71975e2cbe5d

SHA512
f0226fc1be17417db9417e82a0f29583eccddc10b456839deefc69eaab48e3512627074ccf8c0c382d623fe053f63dd65f9b56df9d824bb6b14afd7ac646875d

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\Stub.exe

Filesize
100KB

MD5
8e8b8d5d2c814cb262adcd3a0c771f28

SHA1
849262a6ddd738617b320628d0888f549e478383

SHA256
f1c5e995295f90b8dd91979dc15447b467d2e60bed983c72697faa970ae0988a

SHA512
3fb5db288c9e31a4d00487e5039ab4c92a9a9a6da07dda7c0e87ecf31de01b045f15111950ef3bfef6f1fb79d3ae741ed5afe6185035a30c2742e100b41adeae

Download Submit
C:\Users\Admin\Downloads\Alusinus RAT v0.9\Upx.exe

Filesize
289KB

MD5
2ec42eea603c34b79287a4c84c83d851

SHA1
a4c33cbe6152263f47b661b0790e86024b38d30e

SHA256
247f1b56b4600708746a8bf0cd66f11cc047d5f9d531acc69af41efc5c5884e5

SHA512
588e0050977e33d42fba7ee71eddca562d74a5ad2ecbae2dd7f4b087bf97f58f61b2012d6ff920e98c7ac50723008ad51b08ad06b0cd1655e2929f6eaa8c959e

Download Submit
C:\Users\Admin\Downloads\Assasin 2.3 Pegasus.7z

Filesize
1.5MB

MD5
cf532d60ee1b696bda274481cea3295c

SHA1
9b8a35bce7edf541bbdcb30cb769ae741adedc8a

SHA256
a447e5f7856e989a2bd3bf782c780f96a873acd04954e63add0ef451b4d62dea

SHA512
85c4d3cacc7293486dd8fe1ac8e6094b0d2fddbd4ffe1654ddbdd4cd4d0a2c6fb78813000cb2c7c3d53d5149d67be91e179cfc76e0b08a7aa8997bdaf38938ff

Download Submit
C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\Options\Settings.dat

Filesize
734B

MD5
f93482cf6c44262098a2005bb00708a9

SHA1
5998098264efa07a0f8d0fc6dae84587928252ab

SHA256
88ca8747aeb309f470a533c4701b8c4277e46733f5549fcbe505b011d62084da

SHA512
16bd90db65c03dcf70221234d8e77f19be02fa8553dd4775a47b11b7fb6c56e42925ccc5e91d673a5173df14d2f29996f51bc23834d6f863c9b722f7200029d8

Download Submit
C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\Setup Files\Server.exe

Filesize
64KB

MD5
d83336ce895afa030623c6b7450ed45c

SHA1
966241f5a3df1a0e745f61b8f52668d5b5585c26

SHA256
7d9d176e32b57edc5d4926f3b58df479547f183fdd84726eccf61c66cb938d4f

SHA512
a1440e6f63891b8b11302442efd18f5dbaef73ef7832caaba756e1d02e03ee33d93cb52c5093decf3502a139fc779f63397c9529bf904ee1c9f147a668cdea56

Download Submit
C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\Tools\logsim.exe

Filesize
490KB

MD5
f565d25d755cd677dc61111ef5101170

SHA1
f0556f237d6ef26997f81a5296e683a0304df38d

SHA256
48665d1d28a60bf38f9f6e5a03ac15706b0fbdc82cd45d9980b3b46981abe5c4

SHA512
d39c75d6e142e3f6a6895fa5fab4ef889dcbb6718753315cd0125e13e408844dedfea3797822e56903d2499aed659e2401e6cf371de0c7d839b489e858917ff8

Download Submit
C:\Users\Admin\Downloads\Assasin 2.3 Pegasus\client.exe

Filesize
2.4MB

MD5
b63ea6f18f6d41aa29999ff716f8edd5

SHA1
327cac86f8610803e4a52f212a08ed6db56eaeac

SHA256
9d3a8d67572e46f77a24e292906b81b6c5f6bee07ff19a30e59784215e3c2278

SHA512
ec8fb84f86fd02be8df3f877383b4befabebbc082abb498b9f4513d5ebff6a183e6f2cd269136818f4cccac02ed445491e9c3c6a8500af5489a9e7764f414a6f

Download Submit
C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0.7z.crdownload

Filesize
3.9MB

MD5
183240ab20090ef8b78d8219a2e5ac7c

SHA1
38bd68b3d7a942fb93145070222fdee6926854a3

SHA256
02654850ac0257aa15368e53c524792eb9ab9b8fcfc2c7c2cefb91d424552dac

SHA512
59a65fe94cc267f0e3ce6cde1a591a7a8eb0a3fdaf392169b8d1d032b307c619241b51f7a7d8c55610910c85dedd79182bdf5fd3e8646d9b1fcb978d724a14a8

Download Submit
C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\Babylon-RAT.exe

Filesize
4.6MB

MD5
e2a98acbc9fad38b4e919fbd79c12b38

SHA1
68564ddbe217f713cdf7a5c186c7d7cf6200680e

SHA256
d3c2fc4b4c95b10edf25c7321e59ee0aa747432dc2cf7fd719d0046aa62103fe

SHA512
058b1acf064feed82bdcdb74f2049ec761a75ca8f0732866cab446b4fa96ac580c972642cd117747dea4c968b6eb6c16182a07e95092ff8d687003c8e63993ab

Download Submit
C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\ObjectListView.dll

Filesize
405KB

MD5
de9f71635fb8532bd5202086097c2083

SHA1
6fafef29e6964209122555745a89ba3d1237f762

SHA256
1fa030cdd98f653fcaa109af5c48f3d58f624aa671a980628397c6c6bc6433be

SHA512
c82c7d79af86826fbf9f6519fd37c456017af9f77a6b05afa81a823f7a1be8a04bf2fc5ee32175a92803e9d0a34277b655571428cf655dd07abfd9d87f78568d

Download Submit
C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\Theme.dll

Filesize
87KB

MD5
2b61363f4f52a821908efb18d7a9bcb4

SHA1
7ea57f6afb82a003289ee2461121c347e8362ecc

SHA256
5138867aa5100c833faddba8ff8f0e5c61a535b8c34ef367cb3f095f56cd6521

SHA512
7ee8c751afab022e0e0de480838274ee2f4bfd637e45dbd9998ff6e9aca582a9ac14e86ebc96a913e321bd674a77234e90b747d43755deafaadc6bcb894cacfc

Download Submit
C:\Users\Admin\Downloads\Babylon RAT v1.7.0.0\upx.exe

Filesize
402KB

MD5
e8b39f250fb67e115e07e9eac5c99708

SHA1
51bf6ab0baa3a4c6f45be46011baa8ccd7ceaf8f

SHA256
d634cde09d1aa1320a1d4c589d35d306f8350129faf225b2bca394128c2c4442

SHA512
37418c8941834c95f59bc026e82002035fcdd7ea217061a217d5ab28f9859f1aacf0e9f213bc5eb27e3f23db8d8817ae88abc3c2ab6a4f45ce3e4ca74c0ce7e8

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\RCX4E51.tmp

Filesize
861KB

MD5
f3368c3d04b8b34aa61a29dca32c22eb

SHA1
5a50fd75f0d2acdd74ecff702aad7a928d0d2f09

SHA256
cf1ec4758811cabc77b3b03e379818418c051b58c0786c1613691ab2df6e1149

SHA512
98a670ddcce3c134b9a6face4e31497115751acd7f03ddfa435f646f5c6ea48059ea67ddaf4595f4814fe9676efc0b3a78b837dd01abbdddc29fcba8b12ca39d

Download Submit
C:\Users\Admin\Downloads\jyhkhjk.upx

Filesize
356KB

MD5
0e804109b040676aa7c4f1f943351d6b

SHA1
58e1c56a0e72f42d54c7e95a04593b7be371ba18

SHA256
8bd6846d0da1b466616930521b64622358c2f7677e69b3943f6f11bf66102fcf

SHA512
60ea6ef0f91a33a40ff73ee6737895cbf45f8f954c99eec9a7182f76aefcf51eebf570540ba7ecb13fc52608097a2840554bb92abd1d254c77b96858629398ad

Download Submit
C:\Users\Admin\Downloads\obvious rat niggaaaaaa.exe

Filesize
356KB

MD5
d527382cd1dbf0de58b1f73f6e2cd122

SHA1
1bab1dd7aceb3ce01097def20068fad5193810b2

SHA256
d6467d13ece866167464ffb34b9a19b29be7f8b63a7f551d152b0f098871c4a9

SHA512
8d651dd714747f54a7a88a0ac7731c0f4106ce333904a18f08a99d95d86cdab3cd270133ede356ac27a946f547397734db985850d9c43be69033647d227e16c7

Download Submit
C:\Users\Admin\Downloads\roblox.ico

Filesize
127KB

MD5
57583edca832928e404887e9d41be156

SHA1
da1afb4d95bbeecd0fda11e8ca46ae42dfec88fd

SHA256
96155e66efabf1ba5c2bc02fea67fe9b2e52fdf3ad8d625170e4cfca67a3a797

SHA512
236ca59ec0cad787c158fd9e63fb7b49715fa3449d89197430e769eee8e51d4cb63e77e0e386fa48691f7ac0136897611ee0cd1dd5d6d3cc0be0901d9d9eb7d9

Download Submit
C:\Users\Admin\Downloads\robux.exe

Filesize
733KB

MD5
90b987207da7d10aa1e122012ad3b4cc

SHA1
9c1590f21ae5774f22d656d67d858ba06b7b2243

SHA256
35777ac532bc48677e687fc929fa25a181bb5d1359a2923de5e0922b280d1846

SHA512
982645e6457ac57506e97b00b593b8599ca98c2b6fef8914f118a8c8713116a873c10c606760a49967e3cce564a55d40da4299a47399db6582ed0b9186574bcd

Download Submit
C:\Users\Admin\Downloads\wwwwwwwwwww.exe

Filesize
733KB

MD5
d2c0ad2ca348b0c97c74d28bbac9de6d

SHA1
fa9f54a7094e1baa06ea18ecba66055fc322df5b

SHA256
e4424e2f77d2ecc0b1e4dcd8d7bff2a74c8d5670f81b1ab861d3e7cbf5688d93

SHA512
82b49528a61a9d542e641bb8d49f1dd65b3a188c471ee6276afd745c688965cff4cb38cc24cef6e04d87cddcf22da681b3111488f7076a18c5a5e02f45c6d743

Download Submit
memory/332-1641-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download
memory/332-1604-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download
memory/840-804-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/840-818-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/840-829-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/840-878-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/840-793-0x0000000000400000-0x0000000000CFC000-memory.dmp

Filesize
9.0MB

Download
memory/1072-1164-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-1103-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-991-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-1177-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-1187-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-978-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-966-0x000000001C4D0000-0x000000001C53C000-memory.dmp

Filesize
432KB

Download
memory/1072-1003-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-964-0x000000001B740000-0x000000001B75E000-memory.dmp

Filesize
120KB

Download
memory/1072-1014-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-989-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1072-961-0x0000000000A60000-0x0000000000AC2000-memory.dmp

Filesize
392KB

Download
memory/1072-962-0x000000001B770000-0x000000001BF3E000-memory.dmp

Filesize
7.8MB

Download
memory/1072-1016-0x000000001C540000-0x000000001C6E9000-memory.dmp

Filesize
1.7MB

Download
memory/1076-1269-0x0000000000210000-0x00000000002D8000-memory.dmp

Filesize
800KB

Download
memory/1076-1262-0x0000000000210000-0x00000000002D8000-memory.dmp

Filesize
800KB

Download
memory/1160-1287-0x00000000006A0000-0x0000000000768000-memory.dmp

Filesize
800KB

Download
memory/1160-1267-0x00000000006A0000-0x0000000000768000-memory.dmp

Filesize
800KB

Download
memory/1180-1297-0x00000000006A0000-0x0000000000768000-memory.dmp

Filesize
800KB

Download
memory/1328-660-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1796-613-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/2036-1907-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2164-2025-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/2648-881-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-887-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-882-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-892-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-880-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-890-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-889-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-891-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-886-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2648-888-0x000001443BCC0000-0x000001443BCC1000-memory.dmp

Filesize
4KB

Download
memory/2760-1911-0x0000000000910000-0x00000000009D8000-memory.dmp

Filesize
800KB

Download
memory/2984-817-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/3128-1206-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/3128-1214-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/3876-514-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-504-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-492-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-623-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-515-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-525-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/3876-538-0x0000000000400000-0x0000000000816000-memory.dmp

Filesize
4.1MB

Download
memory/4588-647-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4588-645-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/4680-567-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/4680-574-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/4744-1502-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/5260-3294-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download
memory/5260-3292-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download
memory/5308-2037-0x00000000005E0000-0x00000000006A8000-memory.dmp

Filesize
800KB

Download
memory/5308-2039-0x00000000005E0000-0x00000000006A8000-memory.dmp

Filesize
800KB

Download
memory/5724-1605-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download
memory/5724-1644-0x0000000000E50000-0x0000000000F58000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads