Analysis

  • max time kernel
    100s
  • max time network
    238s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/05/2024, 08:28

Errors

Reason
Machine shutdown

General

  • Target

    https://github.com/pankoza2-pl/malware

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malware
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffe2289758,0x7fffe2289768,0x7fffe2289778
      2⤵
        PID:1464
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2
        2⤵
          PID:804
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
          2⤵
            PID:800
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
            2⤵
              PID:820
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
              2⤵
                PID:436
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
                2⤵
                  PID:3368
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                  2⤵
                    PID:2720
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                    2⤵
                      PID:1096
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                      2⤵
                        PID:3860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                        2⤵
                          PID:4756
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                          2⤵
                            PID:2860
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                            2⤵
                              PID:5076
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                              2⤵
                                PID:1948
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                                2⤵
                                  PID:2444
                                • C:\Users\Admin\Downloads\Monoxidex64.exe
                                  "C:\Users\Admin\Downloads\Monoxidex64.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4564
                                  • C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe
                                    "C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.exe"
                                    3⤵
                                    • Executes dropped EXE
                                    • Writes to the Master Boot Record (MBR)
                                    • Suspicious use of SetWindowsHookEx
                                    PID:896
                                    • C:\Program Files\VideoLAN\VLC\vlc.exe
                                      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UnlockUnpublish.m3u"
                                      4⤵
                                        PID:2228
                                      • C:\Windows\system32\NOTEPAD.EXE
                                        "C:\Windows\system32\NOTEPAD.EXE" C:\$Recycle.Bin\S-1-5-21-3699363923-1875576828-3287151903-1000\$IPSK9RZ.txt
                                        4⤵
                                          PID:2636
                                        • C:\Windows\system32\NOTEPAD.EXE
                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\an.txt
                                          4⤵
                                            PID:5980
                                          • C:\Windows\system32\NOTEPAD.EXE
                                            "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\nn.txt
                                            4⤵
                                              PID:5992
                                            • C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
                                              "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
                                              4⤵
                                                PID:3392
                                              • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                "IEXPLORE.EXE" "C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms"
                                                4⤵
                                                  PID:5424
                                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82945 /prefetch:2
                                                    5⤵
                                                      PID:5716
                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148482 /prefetch:2
                                                      5⤵
                                                        PID:1404
                                                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148484 /prefetch:2
                                                        5⤵
                                                          PID:5660
                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:148485 /prefetch:2
                                                          5⤵
                                                            PID:1176
                                                          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:214018 /prefetch:2
                                                            5⤵
                                                              PID:4936
                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:476161 /prefetch:2
                                                              5⤵
                                                                PID:5900
                                                              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:541697 /prefetch:2
                                                                5⤵
                                                                  PID:5920
                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:82954 /prefetch:2
                                                                  5⤵
                                                                    PID:1680
                                                                  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:279556 /prefetch:2
                                                                    5⤵
                                                                      PID:6364
                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:345095 /prefetch:2
                                                                      5⤵
                                                                        PID:7544
                                                                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5424 CREDAT:410628 /prefetch:2
                                                                        5⤵
                                                                          PID:9056
                                                                      • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
                                                                        "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
                                                                        4⤵
                                                                          PID:3780
                                                                        • C:\Program Files\Java\jdk-1.8\bin\rmid.exe
                                                                          "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"
                                                                          4⤵
                                                                            PID:2640
                                                                          • C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
                                                                            "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"
                                                                            4⤵
                                                                              PID:424
                                                                            • C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe
                                                                              "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
                                                                              4⤵
                                                                                PID:2952
                                                                              • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms"
                                                                                4⤵
                                                                                  PID:5764
                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms"
                                                                                  4⤵
                                                                                    PID:4548
                                                                                  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                    "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms"
                                                                                    4⤵
                                                                                      PID:3140
                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms"
                                                                                      4⤵
                                                                                        PID:512
                                                                                      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                        "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms"
                                                                                        4⤵
                                                                                          PID:5652
                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms"
                                                                                          4⤵
                                                                                            PID:4304
                                                                                          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                            "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms"
                                                                                            4⤵
                                                                                              PID:304
                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms"
                                                                                              4⤵
                                                                                                PID:6128
                                                                                              • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms"
                                                                                                4⤵
                                                                                                  PID:3528
                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms"
                                                                                                  4⤵
                                                                                                    PID:5352
                                                                                                  • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                    "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms"
                                                                                                    4⤵
                                                                                                      PID:4548
                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms"
                                                                                                      4⤵
                                                                                                        PID:5316
                                                                                                      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                        "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms"
                                                                                                        4⤵
                                                                                                          PID:5416
                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms"
                                                                                                          4⤵
                                                                                                            PID:2200
                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:82945 /prefetch:2
                                                                                                              5⤵
                                                                                                                PID:6296
                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms"
                                                                                                              4⤵
                                                                                                                PID:2288
                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:82945 /prefetch:2
                                                                                                                  5⤵
                                                                                                                    PID:6696
                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms"
                                                                                                                  4⤵
                                                                                                                    PID:5840
                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5840 CREDAT:82945 /prefetch:2
                                                                                                                      5⤵
                                                                                                                        PID:6940
                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms"
                                                                                                                      4⤵
                                                                                                                        PID:5948
                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5948 CREDAT:82945 /prefetch:2
                                                                                                                          5⤵
                                                                                                                            PID:5656
                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms"
                                                                                                                          4⤵
                                                                                                                            PID:3780
                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:82945 /prefetch:2
                                                                                                                              5⤵
                                                                                                                                PID:6572
                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms"
                                                                                                                              4⤵
                                                                                                                                PID:5352
                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5352 CREDAT:82945 /prefetch:2
                                                                                                                                  5⤵
                                                                                                                                    PID:7188
                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms"
                                                                                                                                  4⤵
                                                                                                                                    PID:3528
                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3528 CREDAT:82945 /prefetch:2
                                                                                                                                      5⤵
                                                                                                                                        PID:7648
                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms"
                                                                                                                                      4⤵
                                                                                                                                        PID:6072
                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6072 CREDAT:82945 /prefetch:2
                                                                                                                                          5⤵
                                                                                                                                            PID:7444
                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms"
                                                                                                                                          4⤵
                                                                                                                                            PID:5752
                                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5752 CREDAT:82945 /prefetch:2
                                                                                                                                              5⤵
                                                                                                                                                PID:7384
                                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms"
                                                                                                                                              4⤵
                                                                                                                                                PID:5184
                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5184 CREDAT:82945 /prefetch:2
                                                                                                                                                  5⤵
                                                                                                                                                    PID:7464
                                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms"
                                                                                                                                                  4⤵
                                                                                                                                                    PID:3172
                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3172 CREDAT:82945 /prefetch:2
                                                                                                                                                      5⤵
                                                                                                                                                        PID:7640
                                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms"
                                                                                                                                                      4⤵
                                                                                                                                                        PID:6164
                                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6164 CREDAT:82945 /prefetch:2
                                                                                                                                                          5⤵
                                                                                                                                                            PID:7396
                                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms"
                                                                                                                                                          4⤵
                                                                                                                                                            PID:6248
                                                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6248 CREDAT:82945 /prefetch:2
                                                                                                                                                              5⤵
                                                                                                                                                                PID:7808
                                                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms"
                                                                                                                                                              4⤵
                                                                                                                                                                PID:6276
                                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6276 CREDAT:82945 /prefetch:2
                                                                                                                                                                  5⤵
                                                                                                                                                                    PID:7724
                                                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms"
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:6320
                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6320 CREDAT:82945 /prefetch:2
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:7792
                                                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms"
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:6380
                                                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6380 CREDAT:82945 /prefetch:2
                                                                                                                                                                          5⤵
                                                                                                                                                                            PID:7884
                                                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms"
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:6440
                                                                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6440 CREDAT:82945 /prefetch:2
                                                                                                                                                                              5⤵
                                                                                                                                                                                PID:8104
                                                                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms"
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:6492
                                                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6492 CREDAT:82945 /prefetch:2
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:8340
                                                                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms"
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:6564
                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6564 CREDAT:82945 /prefetch:2
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:8276
                                                                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms"
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:6656
                                                                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6656 CREDAT:82945 /prefetch:2
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:8308
                                                                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms"
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:6772
                                                                                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6772 CREDAT:82945 /prefetch:2
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:8412
                                                                                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms"
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:6896
                                                                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6896 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                    PID:8540
                                                                                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms"
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:7000
                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7000 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                        PID:8800
                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms"
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:6192
                                                                                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6192 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:9012
                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms"
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:7068
                                                                                                                                                                                                            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7068 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:9156
                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                              "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms"
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:7288
                                                                                                                                                                                                                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7288 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:8060
                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                  "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms"
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                    PID:7576
                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7576 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                        PID:8696
                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                      "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms"
                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                        PID:7976
                                                                                                                                                                                                                        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7976 CREDAT:82945 /prefetch:2
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                            PID:8796
                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                          "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms"
                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                            PID:8184
                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                                            "IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms"
                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                              PID:7688
                                                                                                                                                                                                                            • C:\Windows\hh.exe
                                                                                                                                                                                                                              "C:\Windows\hh.exe" C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:6048
                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
                                                                                                                                                                                                                                "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                  PID:10096
                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:8
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:2880
                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1512 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:1524
                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2156 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:1
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:4996
                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,14398666521876994079,2455154673556181839,131072 /prefetch:2
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                      PID:6084
                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:4780
                                                                                                                                                                                                                                    • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                                                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                                                                                                      • Checks SCSI registry key(s)
                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                      • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                      PID:2992
                                                                                                                                                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:2084
                                                                                                                                                                                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                                                        C:\Windows\system32\AUDIODG.EXE 0x3ac
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:2308
                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:2188
                                                                                                                                                                                                                                          • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                                                                                                                                                                                            "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:3176
                                                                                                                                                                                                                                            • C:\Windows\system32\browser_broker.exe
                                                                                                                                                                                                                                              C:\Windows\system32\browser_broker.exe -Embedding
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:4756
                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:4548
                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:5296
                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:4520
                                                                                                                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:5512
                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:5892
                                                                                                                                                                                                                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:5272
                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:1392
                                                                                                                                                                                                                                                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:5760
                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:6056
                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:2380
                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:6088
                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:5524
                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:6084
                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:2444
                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:5988
                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:5640
                                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:6068
                                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:5840
                                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:5220
                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                        PID:3756
                                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                          PID:1112
                                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                            PID:508
                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                              PID:400
                                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                PID:5480
                                                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                  PID:5384
                                                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                    PID:684
                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                      PID:5628
                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                        PID:5504
                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                          PID:5692
                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                            PID:2288
                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                              PID:708
                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                PID:3180
                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                  PID:5936
                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                    PID:4688
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                      PID:4232
                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                        PID:5380
                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                          PID:828
                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                            PID:5472
                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                              PID:5044
                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                PID:5200
                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                  PID:3696
                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                    PID:684
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                      PID:5092
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                        PID:4688
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                          PID:5776
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                            PID:2016
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                              PID:2200
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                PID:32
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                                  PID:1392
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                                    PID:9476
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                                      PID:9268
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                                                        PID:10404
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                                                          PID:10668
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                                                            PID:10840
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                                                              PID:11080
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                PID:10276

                                                                                                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      471B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      c41ab5352ba79baac9ac093dd7eb2500

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      1ffb0e70f86845daba211aeda43cad539d34ffd3

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      558e13bb7aa293569457e9703d2db37e8365e2ab670b2c3484ada9336ed24895

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      ccebe3f11039e14d39d4102652669fd372d179778bf73fae0659dd01da569bbf850b273cd3a4e13dc77b3fd4fb4d84d01525ac3a0dcb23b297c733da10bc2ff0

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      404B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      534e5256a495b2e2d7df7bc39f075de0

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      07b7940befc4b0dca22ad6c69afcce196c256f51

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      609d8b31963470dda521842e55d0e15a4dc230610de791df9ced02453530d6c8

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      ef75669b8866b395014db4407c1ca4587001882fafa53c62e8ee1277c405819980b76d3238944594dcc3c3cf5945b5f5df658a46f7dc078d447107342aaa6987

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      40B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      c64929d71f8769929406b672778db163

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      9dcbf05f8029ec6263ec43b6958a54626adb62d1

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      804326f8bd51789f9771a37e66280b09

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      041ead22b9dfaeb694d81b9aeebb74d1c3a6782b

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      cd2403a24316b780cd903e7aa54ab551bd51b51d7eabd6fe9f3f225e0ce39f49

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      0db74f36f5e2ba700f2f59d228285b2e68adec4d8dbe216c57588b94ec017cf20d69b3db31555d139fc1ab99b73658628df1a2f750baed85dee29482c04abc1f

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      c5a246f8f269b1b8688188ca2e90104d

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      061b3d9d162990c39468650550f5b4750854aa88

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c60670fe54e4de17053a3665e0e0f19a04010b11e2a66f3eec42df10088aa79d

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      c427b8f665c225538127704b8feb0918e0a5a559118a7078a1b785b53b7dc7aac44a8b647100fa6f971f1fab35018f6b86f8cda9f1f6b849e021370fd067fe99

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      293c463e155cce408162528d1ec95e11

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      fe53f6ff976fa4d2dde01654b3281a4d72711053

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      d40787564b4f1f6edb81e29ce9fa98c4463f81aaed39c54d9965b867790903c9

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      ada281e7145cab1156ed691b338052ba8b80a6f5febf68e7351c1ad13b48672c821cf432d5a93b04984de7786ea0c227add7214587398ef9774affcd4fd6f5f6

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      84e87beea9b8c401b5b0a42f7d7c3d8d

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      341c061d184723b1837bbff49f204f4d2838cc78

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      ecd868ac5b95fdac31b63fe29e125b153dac83d0f1fc9188cd32a6bba3422a77

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      ba1a60283e56d8dd5b7f8791a1d776ac1420f6b709a928963a1124cf431c2fc9cfbea4e5278429471d0d31ac85e3bbdd639bc59ec146e3382f59194d00e41c34

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      0a1ae39b51e7ac6fdc292af06ce755a8

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      e30fec912eeedc03e92612eb3672adad207b8138

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b1df75fca4bb553274fc5d0533985472842a8509a382557f5db64466ac8e4cdc

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      786cbcb0332e5799fe6fa2940729e0ac73ab3cf70610fc410bdef9b5769f2cdc8efc6f7de632e6d29e9342386d33420956a7baaee3f6cee566533da35372559a

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      94133f497accd38546ef4b72140e5321

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      4f540a01f7ac3c9d8f691e9813471e15cc1e2474

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      d395e14f0323171bf3ce01fb8f5e623a776b788c336e8fe0847ce6e017aa2af0

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      91893ab2dd418a79dec63d488d413d5287e20f763cd263f37c6e246f56d9add5159224ec495d942bd2dade7d7eca43b608ef0db6be2e30c59ae47a918896132c

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      59e560b32ae4775b69fb0a0335230e55

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      f44d7d93b9e9587d59b194b5270a22636ba60094

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      a29d9c9957647d0c94986124842768d2f92e0ddecadac28af63cca3006518e8e

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      bf2a57ba08dd5fe797ca2896d66ad53393355770b49c869799bf4a2cd26e57103098f9ffd2a98f1c2784c9be89a1b8652493c9057b4d0a7f90eb068c224a157f

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      1fa438799265bc231ca5ff736aad9dc2

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      95b48e6c8f177441749a7e6ce0e87f00d7a16402

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      6816ae979f8596802bab8823d9bc72a36aeb8cd44043ea63a5af086f1676b18c

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      3a379f0f9dceea24133ac9fdad38ddd01344bebf35a5c5fb7699fd233a0716dccb3e8a85b0299b40cd522dec2a62c5740ceb935f7a5381092c569993a391b638

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      dc5407f9d3d900eee42af322a9e144f1

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      3b34c4cfc7c8d075696e836373476d1c0399a64e

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b9256b6544eba08447066a164b72ba5f462f5566b0a3df8cbd0ae4f26ca1245b

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      7be19e6316af3e4bc6ccabf538f51ab3fb682b4df53620e9aa8275672415eafaa1c6fb6d8bcdde34ae50822ec01fcb56615882dc0cd21573eda4c430b0436b56

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      9e8038eba161e3234c164078101ea6a4

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      d721b355f18956242133e282619ce5db94edf8da

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      20e337d2b957ab089e2758a7f458e023504680a28661b71b800c007d9c852f3e

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      106cc63acfdc220f6e952ab84409267b111e71ff768d03a182e8c52e81fe8f33d82a6519c41964adc1436ee1c00fdc7cef604067dd947fa2de8cc5a67fccbefa

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      5fd561d294ff69d51b2dbe6d00f772f8

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      63bddc8fb589cc1d83c3ca18713b861ead50cae8

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      25864721e1b71bcce1a8d02fc1ee25d7dea636384f8f62ea1bb8f0cb52148edd

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      4bb0fc18ebd05ffe93fd9d7f3d5557e4860dc492033794c1bffd0ee5db37648fb462805b5c0eda3f5f1f5852f8b1fdb578024e7bd900adfe66043f168907f347

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      3d0034464d47345eda1bd5576c2c50cf

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      7a7cf444d2c752ac2df79103a8b951d7ce10ecc6

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      2da88dacf5752efe7ab79ef7600e03c6380b20fbaa18751fe9dcc37c325f56e4

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      e03943fa99b2455c1654094c89700b9f69a30d33b6dc005522e55e12c0931a0ffb09471a619e70be6fcf56215c3a5e452cf934cdd21235631b955f7a0ea8f6ef

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d89e98965df40f07c58c9263453711d7

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      5b0e5f50f2bcd58ea3d0e04f9a8526d481cded1d

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      54e77278b30a01c22cc8185dc0c605d26c60e5c43c7d9804bcf7123eb66cbf78

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      cb08ededc289104eeff62e5f875a44bcde57ff54223b3f9c074ef9c8b989318124f621701942ac915a501f33d088942e669495d1ec090c8ee88a3615eae29ea2

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      6208f64a8291d921e53d0dac5e5832a6

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      c3fe51a32d1e01350943c28e269a8bd392cbc0a3

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      8fa457a4c7ebcee7dde4bb88d486363bcf7541d1e2ea2aeba55a3e5bba9ea2c2

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      75ed378eda9543b9b088c08053fd78174c3fac0a86d72fea945fd4a0c07e4cf2d05af0e8d72e40d93a313c1d0ae0d1d05addff8ba035b494a79a1ee54ad62573

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      6ceaa130d066628509f6b4f704bc9049

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      5cb7a05aa335c18fde3c0edc788109c6446f62ce

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      0bc50455eca600aa676d0abad4683023c115df27b43b9cea80ff451347d0e8ca

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      75b3903000afb81d56b67f2b729408a5d5b5a106cf8443c11456c4e29ec5ff71f1d4cfb75ba3746e833618b88059a9cb42a0f4a7657fbbb3ec7161648e8cba69

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      105KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      6f9b5fef0553d964cc28a0e921984cbd

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      6b709790b252a5d6a7b2d8581dd73cc7a2ba2ce9

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c1e97eb09aec910eac5527031d274a111c959252ca18f0dc408041190f7a287d

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      ac31c4289818d4a630ff77bac95d2137db9e3a1d01bdc369d69636ab0a4a6b31c45fee5b6e1cfe1d6c6210d0f9b23c7b176f6076875a273b3a1df3422a40fa8d

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e937.TMP

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      98KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      829df5d6f7498d13fd5b6f78ad62f519

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      0d87d043b63cab45d8a92e50918def32d87737c7

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c43ab888a5b5963c1f5f5764589517c78478edc2d7c289b93055d19aa411c556

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      1c715904f63f9942be0e1d27f360317aeaa00cea256cada5aa94f076397ebe84bbb118a2a5ba821eb98d1d259f0bd5cc60a85d30004e1eed243e16daa1fb2c7a

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      2B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B564AA6E-1B3A-11EF-B03F-D654E02D47C9}.dat

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d4a494e68ef01d137cf9849d8de23838

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      c7811fc0e829c5228aa7807bf00e0ea60119ffa9

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      eef4c13ababf11784a202ff9985c740c541f7c354d1c45fb0a48b69c1a9c4f7c

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      bd33988ea7a0fe4715f67ef042eb006242cb56bd483881e2610d7bd885801156df8618f73b1e3b672bf3ea3482fcd1beba31462a7f4ebfd72d1ced35c2eeebd2

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\xmltreeview[2]

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      03710426ab25ad1280e197f61249f9de

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      f5e7a6fd42503ae4758bc36c8dd78d98efb35047

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      21e63f7c77896ed2b5f115957f2448e0a9e2dd738d7d487e471217421f6a93e1

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      213cb55b8573335d1384ae704ff4267f224376056f71548660f9b2fdaa1203d8abddb787900aaf5d1e0ac6e5be261f713bdbefb67643d08e8d3672512a1af588

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WFQ509M6\edgecompatviewlist[1].xml

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      74KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d4fc49dc14f63895d997fa4940f24378

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      3efb1437a7c5e46034147cbbc8db017c69d02c31

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DP7TYXVV\suggestions[1].en-US

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      5a34cb996293fde2cb7a4ac89587393a

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\026d1a02-fa0e-4291-9639-232e7cae9f72.tmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      88KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      2cc86b681f2cd1d9f095584fd3153a61

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      2a0ac7262fb88908a453bc125c5c3fc72b8d490e

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\A9R8mydo0_1apsi2a_2ec.tmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d80a3d394ccc6789a8af4bb65f90e397

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      b248a6f97e672a3d06750406e677e446426ef05d

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      a9544cd3f648861cc1fa2f2526059f580ba07147c8bee8f5846b49a96f497969

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      1820148a0ae668a3161f163a4219c01efea255df8fee2a64898dcf2dbf85b868bcd8bbd76cc1afc5711b0c56c616a8c22b967d53af651bc3a3d043c915846221

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      cf3c4f3c2e2c36322aa0eee7ea506395

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      172a2d0a505afcceebd0589355fc97bb8547f92e

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      10150e99b4c26718d4093844091137d02ca4be0f04c34f509842023bc385326d

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      b1d51929cbca97b09f690f2705fc41fd98a0a8d2af57f74ce1b5264ee39c0f5304c3637a4fa4bf0f04a4cccbf7f0bcbde2f3d96436b4682bfa114a497606bb90

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      13KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d68042a9ab5b488cc088f760a97e6220

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      b33e14b4a4182bfb9c832804140eb3ca541de9bd

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      da6c6e148177d640475b272085161158fc2eb7dd2aa1819f52b8d076aa77c528

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      74029a4b7bf8e36eaa44eec72f08cc57eb6fec11cf31663cbb5b4cfda3d3497b9a723338c4ca51b2da29543da79db9ab58421a2bf2ca04d140662b90efa26057

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240404_121956800.html

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1013KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      0740a5de530880b0f2c5cbe8bb95a71d

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      344368186c325c615f2d9e426091e2b08d9aa400

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      69a884fb2f5f622b4a0b88fe15764a21065991a69a7c7272fda13136224595f2

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      b5817b75583bbf0bec3967fbfd60387d6c1b6106e9bfb4600b712b91a48abcc13778757339dde5f3c9547595455bd3e6e4decf0358e7f2424e0c4957bff7da03

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      57KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      10df6f1fb06ec03044260a7cd074392c

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      d8f976e3f3c5801bbadc627895e2283a40852027

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      026b45a95b166c64eb8fa007d9d8110d7403f7ff63c08296bf5d9048f2505bfb

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      8b216dd5c03ad4da2c97284220497437ca29a7e315ee3055aea5af5d8025c400487c54c73d932ab73abc8673d2f2f5c3375d21cb54b5afcbefd1e1cb87a8defb

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\NDTNZVHN-20240404-1224a.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      180KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d661c56349936db3313def21f44bb7b6

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      00cec397371f5a0d1efb39b0867e96d026efde3b

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      ce1e9b82a9957659379c348f0777bc9111745c3cfc3a139ab915ecdda84deeef

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      2d1f9d74c8ae253a1ef974f1670c0ca36ae09cb4e933384511919abad39977dc1f209a7367e79b0885acb85be4f90fc23e76a0ede5b96d814a8b8a7f87743806

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\aria-debug-1192.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      470B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      dc5b81d23eee4e226b024c3c3a9d3f8b

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      3a53565be021cdba4c76d363e480b96b02a55bc7

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      9f0971f6cf2bcc1d7a454be58dff8a946185bf838bd5e92b6ac01ab22d85534a

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      8b3bd9f4988aafe656a8dcc232f872c335bedc081c60d3479d05fa99b8a5f723c660393958f2eb6d6c6c2febad270ffaaaecb2be50ee11328ef14824685d8641

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      4e3fdb936cb4c5fb309d1976bf607791

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      fe0e203c33d20c9301bf21d552bab702fdd271e4

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      6f0c6ea43541db05552a5f66ab9f7af5a14b4e415efb8053b129037a316d7e25

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      4a44dfd21520bb1ca3a3ab32d6e4683c1c26b332eeb3506b893cb88b8d28f5149f4f94f7a5e495429882332eae812ff0b10a8b728102d1260b507d8483e7a548

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      63140c90345fc2d661b8201714b9c333

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      8763d91ea0ee88513ec77c716e124f78756bfc1a

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      efbc58862e2a2d1cfd8c000c1a6912d9f9d07f3d7aed65a46fce81ad241ed19d

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      7acc0500b57511d7e06d267bdeeba9829ef1b0e6ea616a8668cdd7ceb16218a8308930abcbcf1a922abfd4af61f33dc8f7186979a4c595d124dd8b532fb73702

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d059f0703ff63786d9bac9d086e8a621

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      1f3abe3f7fd1a3fa59b903ad47b73f8d8b8b1ef2

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c32eb22aae0e60cfed974a936506ad76307614a62f3237b1095c5eca7e51c063

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      c8872b53d1fd9f916e846f4818fbe5af2646d01a746cf6d077257a48d25a196b9ec112c59a55960d48a5bce22d0ad09ce712c20e76a38aa07c6d10084066eeb2

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F48.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      427KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      2850241829f8abde45231d91bcb41c07

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      05af867152afec6b707d005fbb9b2cfe375c8603

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      d3c870f1f1730e4ebbc812e7b6fddde9d724093dbcea1e3d36975a599408af6d

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      9c549869ec3a52061ca91a4eeb98571b14e9c4cbd0ce2e07f38f5d1aec7b458315f1747ef3bfb34409aa01dcadc33e355c465728b5699ad3ba68993609443c9b

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI7F62.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      414KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      05c4e7db5c1ab65d12ac28922a16d970

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      c7af528221045903075f19efef33d5e536e0bef3

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      7a9e6ad7b13fb2cda6fb60fa89d0d4c0e6a708160c5dcde30207a13c9ef292ee

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      77862b93d32fde1bf9ed7d60fbe044c8f5eb6e85d1d7e514c13fb5af9c377ab50fdb0d967047c5cd047e3676b525d83b73874cdcd4a0e85fb4a800339ed6d974

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F48.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      50ce1e211c04b27a0640f404f9e95d73

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      c34ca5aac1f5ba244344fe508f387a225c8ad527

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      1f8ff9371f3f6014d55e78e2fa82d15369ac3cd2e625dedc772b91c2a318e7d8

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      0c0b521c8a5a7d6bd1f667681664ed1e23610aaece1a3a160e430bc807fd40f4f1d747a962fe88ce1c672ec364ba7af7ca5ebca7f6a596914565735d0b02e945

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI7F62.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      2a473eaebf3ad02a2c32a7c15308ab19

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      1c915df7f513e7d434f5d16285f0c504a7c2a53a

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      27b5408821e9896167182e1a276b6b025961cba888d886c8fab78b2c77249f5e

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      82b7290d9bbc31e1bfb303b84dcd6734f36170fcbe026ccbafd4f25edcc321d82ef311647dae2844265c24d41c2bc8eb86ac194201c66d19c8dd6f3a386a66b6

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\jawshtml.html

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      13B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      b2a4bc176e9f29b0c439ef9a53a62a1a

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      1ae520cbbf7e14af867232784194366b3d1c3f34

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      153KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      ea9446862246c7213dd9ccda2d37d0f6

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      40867bbb224aded46a3429b4be187256be639174

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b0631e73adeda5c45efabf53b4a4a119d5c2634c15e38250f8aaf11144035117

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      c746fa4fef0a115c49858a3ecb503b9fa9dd3a1831eec124850ca4d33b8f8aa69ecec16c9e3305c5264f5225626f216f56256d69786f11fe18e5f244b9fd826a

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\tmpFBDF.tmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      17.0MB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      ab4df4168f941f5679eb7119ad5173d9

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      318ef17a1e36e7d6ebec03bb05598991a2fb0cd3

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      416a897d88bae305d497c15f33b500882e744e8c8aba47d7613071ff38e5d90f

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      71bcd157a57f8b68cb0d51e1beeeb270be43043516d7de1f0f9914202cbf5011aa65b79c9d7f1eb20e2da052be005000fb3759d79430c8f60fc8333b107c3a27

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\wctEA1C.tmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      63KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      e516a60bc980095e8d156b1a99ab5eee

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      238e243ffc12d4e012fd020c9822703109b987f6

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      685B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      d63f3150ecdcbdb09cd01d62ba4bbc7e

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      2d886ef03392409f8108d1c12777ef83516edc49

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      cfa56075e13d8c466759e1d8776be9e3c6771f6fda2644886834c559b9eae008

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      f9c8b4654e975d7c9ff1db2c0e0dd07ec183c5a58dc4253c8cd9b553a2cd9c1adc4d08dd50363f1ae9c1396831e9d71ac3c07191d1bb58aafa92b19512c9f475

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\驂摪升赵瑦蕝愜鯄愡薛崣崲栊瓕詆藾.txt

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      260B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      de9cc24f9cdb9b50e5713a854e7d2fe3

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      da895eb00e8999da35f4bd3906b5c08cface6bff

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      c0622c7e26ebaa79fb4950d39b656e29a2392b5fb3de15bb22ce031d8c6ceffa

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      75d1ce72321502b35082c0191a7c8b4b171990c1a5f4f62be69153ee5e73f5c6b0bcd6014dbca7fdfa68021896af982873137722074290f6f5ba1fc22ea1fb09

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      ea10b726744600b1ee6240ef1d8ed6b6

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      96bcfe8d4f7a058fe7a9ddee2801c924571726d1

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      9ce5bc30c985212de5fc903f646c6d0b8edc81714d528ab96a131ec228d8a602

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      94cf12c6f271346eb8e58f05e5b65f6193f67a972ce2d52e129a567adace22b41fe4a5b75d88740921ccb9292168bb728f3e62e06873495ac45840946f49c88b

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      a839568930bd2751c309d61b4d031efd

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      d4402953a69e83bf25a809f2833af1c2435e8d2a

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b83d3390f9425789b2282d2a2f0c9758c5d34c1571c9f5d7566cd0fa251b3f5b

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      fc4d83e5da4a7f24e465419929ce82c09f34a245bbc5e1551075128bdd274d1834702f774081b4c6f56e611c28eec205217dd512be25816e3af8d09d966b551b

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      89ec09e0bc444730f68cabaab3ce1c49

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      ce76c7aee71bf17012903223931228cffe846b8f

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      73bad53d60567998551384427e9b84214ad141a9bbcecf8b6e29686dca4855a2

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      9471a8b30c4317a91c74f2116b8330e3bda3f735de29451e8e6c8e21ae463cd5f57cda1c14746fc9acac551a1e1e224f17dc224980dcf7cb9967c6f314d40fe6

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      bcff086d72cc037eaae049b54b6a6c34

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      99ee3636b2fc6c12365cc1b16cbc84c206e3b9e8

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      b6ffcaeabc5b2e2c6d82504d38e34c029e018d3f1829a1721d31f79e99cdd563

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      17d5d1466236a025cb549396e158eedf46e0dc0dd449551822bf70f6c328321df255e3a9a4ddead116f15486cb8bac15bb9ee6a658434a37a0c18af9d3df9ba6

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      377B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      191f18f09168f57cf73bdbd2171f18cc

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      89be102288e850afcabe5dfd8a0fe22d82a95193

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      4fa1bfe5ebfe8e82072a950592de03a5060aaedf9befc9934fa2b607e4c25cc9

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      3555d0d07d043c2b975180df8a860ec93c17f50fd6d9c4d3ced0d6793f9e2155072eee4492f72889568bf795f724ab65362b716489b13dd4ed337ae117812a57

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      18B

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      f00b90b4e87e6d1405ba3fd6ac34eee3

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      47250ae41099635e396ffdb5d1adb7b18aaea432

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      3955ac256a55537fd2882f4f544b93940fdcddc8eafab9b1c532225984aaace2

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      bf2ab2fb70eaf968f19bfe373a89e3c3fdab2440b11fb0e442c147c779980cc000b69522bfd2f8f0903b7a83fd212588bf34122bdda486321234da93ee5c3ebe

                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\Downloads\Monoxidex64.exe

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      330KB

                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                      692361071bbbb3e9243d09dc190fedea

                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                      04894c41500859ea3617b0780f1cc2ba82a40daf

                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                      ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                      cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-643-0x00007FFFDF8F0000-0x00007FFFDF907000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-650-0x00007FFFDBCA0000-0x00007FFFDBCB8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-644-0x00007FFFDF700000-0x00007FFFDF711000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-646-0x00007FFFDE500000-0x00007FFFDE511000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-642-0x00007FFFDF910000-0x00007FFFDF921000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-641-0x00007FFFE02C0000-0x00007FFFE02D7000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-640-0x00007FFFE0780000-0x00007FFFE0798000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-637-0x00007FF63C2C0000-0x00007FF63C3B8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      992KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-639-0x00007FFFCF460000-0x00007FFFCF716000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      2.7MB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-648-0x00007FFFD0400000-0x00007FFFD0441000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      260KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-649-0x00007FFFDE090000-0x00007FFFDE0B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      132KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-645-0x00007FFFDF6E0000-0x00007FFFDF6FD000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      116KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-651-0x00007FFFD2800000-0x00007FFFD2811000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-652-0x00007FFFD03E0000-0x00007FFFD03F1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-638-0x00007FFFDF930000-0x00007FFFDF964000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      208KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-653-0x00007FFFD03C0000-0x00007FFFD03D1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-654-0x00007FFFD03A0000-0x00007FFFD03BB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-647-0x00007FFFD08B0000-0x00007FFFD0ABB000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                                                                                                                                                    • memory/2228-655-0x00007FFFD0380000-0x00007FFFD0391000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/3176-656-0x0000022286740000-0x000002228718C000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      10.3MB

                                                                                                                                                                                                                                                                                                                                                                    • memory/3176-410-0x00000222854E0000-0x00000222854E2000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/3176-375-0x0000022281220000-0x0000022281230000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                                                                                                    • memory/3176-391-0x0000022281320000-0x0000022281330000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                      64KB