Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://google.com

windows10-2004-x64

10

Analysis

  • max time kernel
    522s
  • max time network
    1800s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://google.com

Score
10/10
chimeracryptolockeraspackv2evasionpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Renames multiple (3256) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Downloads MZ/PE file
  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 40 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 27 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 4 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • NTFS ADS 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a24f46f8,0x7ff9a24f4708,0x7ff9a24f4718
      2⤵
        PID:2796
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:4268
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:628
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
          2⤵
            PID:528
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:4072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:3244
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                2⤵
                  PID:4128
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
                  2⤵
                    PID:3536
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2084
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                    2⤵
                      PID:3056
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                      2⤵
                        PID:3060
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
                        2⤵
                          PID:916
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                          2⤵
                            PID:2452
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
                            2⤵
                              PID:3484
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                              2⤵
                                PID:4592
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 /prefetch:8
                                2⤵
                                  PID:2864
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5272 /prefetch:8
                                  2⤵
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5084
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                                  2⤵
                                    PID:1260
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                    2⤵
                                      PID:2848
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
                                      2⤵
                                        PID:1832
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                                        2⤵
                                          PID:740
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3360 /prefetch:8
                                          2⤵
                                            PID:208
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                                            2⤵
                                              PID:412
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8
                                              2⤵
                                                PID:3052
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5060
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
                                                2⤵
                                                  PID:2044
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1548
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6104 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4512
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
                                                  2⤵
                                                    PID:1768
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2432
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                                                    2⤵
                                                      PID:2252
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8
                                                      2⤵
                                                        PID:760
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1772
                                                      • C:\Users\Admin\Downloads\WinNuke.98.exe
                                                        "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:4960
                                                      • C:\Users\Admin\Downloads\WinNuke.98.exe
                                                        "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:4828
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                                        2⤵
                                                          PID:3568
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6448 /prefetch:8
                                                          2⤵
                                                            PID:5072
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:1108
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:1160
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:3736
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:2000
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:3228
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:740
                                                          • C:\Users\Admin\Downloads\Flasher.exe
                                                            "C:\Users\Admin\Downloads\Flasher.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:2068
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                                            2⤵
                                                              PID:4260
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 /prefetch:8
                                                              2⤵
                                                                PID:4596
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:3696
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:716
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:3324
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:3760
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:5088
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:1432
                                                              • C:\Users\Admin\Downloads\ScreenScrew.exe
                                                                "C:\Users\Admin\Downloads\ScreenScrew.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                PID:3376
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                                                                2⤵
                                                                  PID:2016
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
                                                                  2⤵
                                                                    PID:4324
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
                                                                    2⤵
                                                                      PID:3096
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 /prefetch:8
                                                                      2⤵
                                                                        PID:3872
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:4280
                                                                      • C:\Users\Admin\Downloads\Time.exe
                                                                        "C:\Users\Admin\Downloads\Time.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:2264
                                                                      • C:\Users\Admin\Downloads\Time.exe
                                                                        "C:\Users\Admin\Downloads\Time.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:2476
                                                                      • C:\Users\Admin\Downloads\Time.exe
                                                                        "C:\Users\Admin\Downloads\Time.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:1212
                                                                      • C:\Users\Admin\Downloads\Time.exe
                                                                        "C:\Users\Admin\Downloads\Time.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:4768
                                                                      • C:\Users\Admin\Downloads\Time.exe
                                                                        "C:\Users\Admin\Downloads\Time.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:3888
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                                                                        2⤵
                                                                          PID:436
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8
                                                                          2⤵
                                                                            PID:4820
                                                                          • C:\Users\Admin\Downloads\Time.exe
                                                                            "C:\Users\Admin\Downloads\Time.exe"
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:4508
                                                                          • C:\Users\Admin\Downloads\Time.exe
                                                                            "C:\Users\Admin\Downloads\Time.exe"
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:3340
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                                            2⤵
                                                                              PID:2512
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 /prefetch:8
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:2028
                                                                            • C:\Users\Admin\Downloads\Trololo.exe
                                                                              "C:\Users\Admin\Downloads\Trololo.exe"
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              PID:2440
                                                                              • C:\Windows\SYSTEM32\taskkill.exe
                                                                                taskkill.exe /f /im explorer.exe
                                                                                3⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:4080
                                                                              • C:\Windows\SYSTEM32\taskkill.exe
                                                                                taskkill.exe /f /im taskmgr.exe
                                                                                3⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:4844
                                                                            • C:\Users\Admin\Downloads\Trololo.exe
                                                                              "C:\Users\Admin\Downloads\Trololo.exe"
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              PID:4596
                                                                              • C:\Windows\SYSTEM32\taskkill.exe
                                                                                taskkill.exe /f /im explorer.exe
                                                                                3⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:396
                                                                              • C:\Windows\SYSTEM32\taskkill.exe
                                                                                taskkill.exe /f /im taskmgr.exe
                                                                                3⤵
                                                                                • Kills process with taskkill
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:456
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
                                                                              2⤵
                                                                                PID:4464
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6368 /prefetch:8
                                                                                2⤵
                                                                                  PID:3616
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:2652
                                                                                • C:\Users\Admin\Downloads\Vista.exe
                                                                                  "C:\Users\Admin\Downloads\Vista.exe"
                                                                                  2⤵
                                                                                  • Chimera
                                                                                  • Executes dropped EXE
                                                                                  • Drops desktop.ini file(s)
                                                                                  • Drops file in Program Files directory
                                                                                  PID:4696
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Desktop\YOUR_FILES_ARE_ENCRYPTED.HTML"
                                                                                    3⤵
                                                                                    • Modifies Internet Explorer settings
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:5364
                                                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5364 CREDAT:17410 /prefetch:2
                                                                                      4⤵
                                                                                      • Modifies Internet Explorer settings
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:5472
                                                                                • C:\Users\Admin\Downloads\Vista.exe
                                                                                  "C:\Users\Admin\Downloads\Vista.exe"
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:3280
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1856
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 /prefetch:8
                                                                                    2⤵
                                                                                      PID:700
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
                                                                                      2⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:1340
                                                                                    • C:\Users\Admin\Downloads\rickroll.exe
                                                                                      "C:\Users\Admin\Downloads\rickroll.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5064
                                                                                    • C:\Users\Admin\Downloads\rickroll.exe
                                                                                      "C:\Users\Admin\Downloads\rickroll.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:3600
                                                                                    • C:\Users\Admin\Downloads\rickroll.exe
                                                                                      "C:\Users\Admin\Downloads\rickroll.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:4944
                                                                                    • C:\Users\Admin\Downloads\rickroll.exe
                                                                                      "C:\Users\Admin\Downloads\rickroll.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:512
                                                                                    • C:\Users\Admin\Downloads\rickroll.exe
                                                                                      "C:\Users\Admin\Downloads\rickroll.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:4636
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                                                                      2⤵
                                                                                        PID:3204
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
                                                                                        2⤵
                                                                                          PID:752
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
                                                                                          2⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:4212
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 /prefetch:8
                                                                                          2⤵
                                                                                            PID:3692
                                                                                          • C:\Users\Admin\Downloads\HawkEye.exe
                                                                                            "C:\Users\Admin\Downloads\HawkEye.exe"
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1176
                                                                                          • C:\Users\Admin\Downloads\HawkEye.exe
                                                                                            "C:\Users\Admin\Downloads\HawkEye.exe"
                                                                                            2⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:4184
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5124
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7016 /prefetch:8
                                                                                              2⤵
                                                                                                PID:5456
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
                                                                                                2⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:5780
                                                                                              • C:\Users\Admin\Downloads\butterflyondesktop.exe
                                                                                                "C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2400
                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-SEGMF.tmp\butterflyondesktop.tmp
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\is-SEGMF.tmp\butterflyondesktop.tmp" /SL5="$601AA,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:6016
                                                                                              • C:\Users\Admin\Downloads\butterflyondesktop.exe
                                                                                                "C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:5924
                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-1N9NT.tmp\butterflyondesktop.tmp
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\is-1N9NT.tmp\butterflyondesktop.tmp" /SL5="$F039E,2719719,54272,C:\Users\Admin\Downloads\butterflyondesktop.exe"
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:6044
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1308
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:112
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1231093879678108331,14136967909208094866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
                                                                                                    2⤵
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:2928
                                                                                                  • C:\Users\Admin\Downloads\CryptoLocker.exe
                                                                                                    "C:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • NTFS ADS
                                                                                                    PID:2328
                                                                                                    • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                                      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Adds Run key to start application
                                                                                                      PID:5108
                                                                                                      • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                                        "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000220
                                                                                                        4⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:4324
                                                                                                  • C:\Users\Admin\Downloads\CryptoLocker.exe
                                                                                                    "C:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:1784
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:2228
                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:1240
                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x4fc 0x518
                                                                                                      1⤵
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:1016
                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                      1⤵
                                                                                                        PID:5544

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        b55e8ed2faece3e59612a63ae325547d

                                                                                                        SHA1

                                                                                                        9bebb1c4ce616bdcca5e9352ef10b47ef7990c5b

                                                                                                        SHA256

                                                                                                        a147daac14b1161ea1b1312639153a489c123761b7bad1452c7b2ca9ab23e256

                                                                                                        SHA512

                                                                                                        b89486e906724d04510f2551e68a3d624805c9da8e269bc0fee8698307aca5bd8420e48041e17dc33a1fbc1b6563fa054c8a4cafdc8a866c71e34e5052485870

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2dea37bd-9ce4-4db8-acd4-e462b2e4ed6b.tmp
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        857c76df779152b9c685c9dfcbb15eb9

                                                                                                        SHA1

                                                                                                        ec76a76a9c6fad7eaa62e97b3ca16189d30cf060

                                                                                                        SHA256

                                                                                                        5ce23970e1d3ff5ed319ca54fa38556d53b2ae51bce6b2eddec025dd53e00251

                                                                                                        SHA512

                                                                                                        a7b82fda19dfd12454d2f90916bdf05d15c3520e029427b908b7280e53fd9f22232268a37a6152f6eef8bd166d6de07409ff33923894991d252f15b414fc928e

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        dabfafd78687947a9de64dd5b776d25f

                                                                                                        SHA1

                                                                                                        16084c74980dbad713f9d332091985808b436dea

                                                                                                        SHA256

                                                                                                        c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                                                                                        SHA512

                                                                                                        dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                        Filesize

                                                                                                        152B

                                                                                                        MD5

                                                                                                        c39b3aa574c0c938c80eb263bb450311

                                                                                                        SHA1

                                                                                                        f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                                                                                        SHA256

                                                                                                        66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                                                                                        SHA512

                                                                                                        eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                                        Filesize

                                                                                                        62KB

                                                                                                        MD5

                                                                                                        c3c0eb5e044497577bec91b5970f6d30

                                                                                                        SHA1

                                                                                                        d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                        SHA256

                                                                                                        eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                        SHA512

                                                                                                        83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                        Filesize

                                                                                                        41KB

                                                                                                        MD5

                                                                                                        ddb8bf0444969fde4ffd0dd3036d9dda

                                                                                                        SHA1

                                                                                                        b77ba856c51a72a40f69637a9c7980cbbe859897

                                                                                                        SHA256

                                                                                                        3e634c7e24539826f9f228decb932e1b9c3139c6505bbf6a9d15cc206f1cc6c3

                                                                                                        SHA512

                                                                                                        bca01e2dbf2b8aed3a08ddd51d68029296175b7a2f2a601a3c3e522ccfbce6c397b3c9a109db07abb053cd812865d930b097888ea58a772a99d4a67821d02f5d

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
                                                                                                        Filesize

                                                                                                        67KB

                                                                                                        MD5

                                                                                                        9e3f75f0eac6a6d237054f7b98301754

                                                                                                        SHA1

                                                                                                        80a6cb454163c3c11449e3988ad04d6ad6d2b432

                                                                                                        SHA256

                                                                                                        33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

                                                                                                        SHA512

                                                                                                        5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                        Filesize

                                                                                                        19KB

                                                                                                        MD5

                                                                                                        2e86a72f4e82614cd4842950d2e0a716

                                                                                                        SHA1

                                                                                                        d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                        SHA256

                                                                                                        c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                        SHA512

                                                                                                        7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                                                        Filesize

                                                                                                        65KB

                                                                                                        MD5

                                                                                                        56d57bc655526551f217536f19195495

                                                                                                        SHA1

                                                                                                        28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                        SHA256

                                                                                                        f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                        SHA512

                                                                                                        7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                                                        Filesize

                                                                                                        88KB

                                                                                                        MD5

                                                                                                        b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                        SHA1

                                                                                                        386ba241790252df01a6a028b3238de2f995a559

                                                                                                        SHA256

                                                                                                        b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                        SHA512

                                                                                                        546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                                                                        Filesize

                                                                                                        1.2MB

                                                                                                        MD5

                                                                                                        e9260f3d081cf9a5d5c7551fbdc3d234

                                                                                                        SHA1

                                                                                                        0cc5b721c02dab3301207880871fc97e004c3b88

                                                                                                        SHA256

                                                                                                        81b05795af8af16e41a86d022730747b7b59a8e96951ec3053f34f91d66cae4e

                                                                                                        SHA512

                                                                                                        d4445200865a3636e814fcddd9ea21dfdbed943deb68a12279d715879693921e94ca8dd8570853bbed657f47cc8d034f931f500b3591a2001185d9be45bd109a

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        2f7b33b04c6c9c78b10d6e5249d42abe

                                                                                                        SHA1

                                                                                                        e630fb7b5b9fac008fca5aca2811f5b1a485c2b1

                                                                                                        SHA256

                                                                                                        580fb01c6e14b2ad5bbcbf587aa0843bd800b24c22421e66f3783ef50f198d92

                                                                                                        SHA512

                                                                                                        e391b60bc285675c920dc7cab777006c3a0f282db2d66c3836572f39e7a819abc18f09c74d3010c373d94deacecd4f730613929a94b88da87c01c2b5bed66f62

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                        Filesize

                                                                                                        336B

                                                                                                        MD5

                                                                                                        dbe32a7487568e6c57429d2d0cbf2a15

                                                                                                        SHA1

                                                                                                        4ae8713ce3ff2478138983a8b37f4db6a0c0e4e5

                                                                                                        SHA256

                                                                                                        8a45dda10e0b5e30b7ff6844c050070eac681e9f42fee0a99bc9b682223eb52e

                                                                                                        SHA512

                                                                                                        9841a96f40619b467904a655b873a5694fc1968bf927522e4b2111ec9a9f95097472dae36823ef2cf20f8714c6fccfad0f010c5b90a899e284fd8a87210c5e37

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        9cf850a35f28d6e7646e33b84cb5681d

                                                                                                        SHA1

                                                                                                        6737b678aaf58f3239abde37548c0d1e1fbbed09

                                                                                                        SHA256

                                                                                                        ae148dc90c0e8af8ce1ee12b9e63056dbff487ee1ba4aa098f2a9a922e0a762d

                                                                                                        SHA512

                                                                                                        b3d867b7566058a1ea4f76489fb93ed365020a11044b2cf694a27fbb30ef846fbe5faac8dbbb0a1da416c2bfaccf718bdce97a0e160f945c95620a130a548549

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        e38eb38662e3daa1eb8484ffdb586e3a

                                                                                                        SHA1

                                                                                                        69c248d230d0796722b1ccd57f7ff979ef56be1b

                                                                                                        SHA256

                                                                                                        92065e9fbad633463bd95919e04ac84f16febf94eb874465cc2f0c74bcb4165f

                                                                                                        SHA512

                                                                                                        0b22bba648830aea9d6d77cc065664be1d8bba5848ddef07a0795ab26efdf573accd05459e3190df732b9f3fec369e5b819a5c2505ae2c10cac681ab5610ed61

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        5KB

                                                                                                        MD5

                                                                                                        b51c9c85f33d0f20f082a9ebe9860dde

                                                                                                        SHA1

                                                                                                        dbb75436a179e207be04d91969ddf34bf18307ad

                                                                                                        SHA256

                                                                                                        8938f13a67bae5642ec9f2f7f8974c470d03d6d9c68aa15d1f7bc4c3d807ddbf

                                                                                                        SHA512

                                                                                                        20f645b199b3b16bec0278651b05d65f73c3a4efd6ff57efb52979ff6a030e0695885e9ada7d03928f4ad2e5a8fea57ca81627a2e1eede5ffc172264ab64ef73

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        155f7b1ec6d997cba39920a6d3d4c3cb

                                                                                                        SHA1

                                                                                                        bae81bef1a21633e538cd40de6430bfa379c773c

                                                                                                        SHA256

                                                                                                        35d9361ec90b0aa558f90b1864820a2c5ff19b464121f5a6e381e9d9f33dbb96

                                                                                                        SHA512

                                                                                                        0dd17a46e2dc80937df4779568a5fdbe0f1e4bde7f1dd149af5c2437fbf5a52c5102f15e0520d3af10d5397f3e74a35abd68d3974b0d16241c12145ad03e8cca

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        6df76c3e57f8bf1d6e5c00827bfff675

                                                                                                        SHA1

                                                                                                        a9fa1ff77d9ad9abdc8d8c2ffc10efbae9cfd94d

                                                                                                        SHA256

                                                                                                        1ffc67140390b8b8b0607b620007ff3f30ebd16e428a5a235b3c7c7b1064884b

                                                                                                        SHA512

                                                                                                        f58b03f17617955422bb0fd2a4fdca4ff789be710b5ebb7185c86b01e1f66966b7b4cc7201f3c1c84c44b1bb68535b5a1b4d5d1e76e38c460649eabce9f37941

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        6KB

                                                                                                        MD5

                                                                                                        11826a132d3e6958c65865a0ee8c8d0c

                                                                                                        SHA1

                                                                                                        0547fc851e6e5b9313e51b943c871d14c8804174

                                                                                                        SHA256

                                                                                                        d692b5de0211943901fe2ceefcca2c1d3391d67643a97c2684c7e718ccffe612

                                                                                                        SHA512

                                                                                                        fab5da52461cbc5b088f4d51c2b10997dbc1f6daf3f9a909eb5937f826dd6c952469ec581fe5bf124949766c70ed8816c7c77fc2820e59fac61c589fce8184cb

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        9cac68539f0e39f392aadcf1d5584e68

                                                                                                        SHA1

                                                                                                        c56f7a51f223dbb5ed01542c24960870f5114efd

                                                                                                        SHA256

                                                                                                        5a9f8e39bf9dfeae4f7dcf0d29ca8e40e4a19739ea7c5a95af43ce9e6f7c4fe7

                                                                                                        SHA512

                                                                                                        e956aeb97c69ca427ae40422e5c0f331c38aa037182373bf9a11de3f7330224382d3f883e5cb36f0e4706d317a5ad11069d960d3e673b492a131270c626bf5e4

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        82d1f1802b4bd7d77cc5086afec9d243

                                                                                                        SHA1

                                                                                                        165ba991e917cdead79100d36be2ce0b974c7d2d

                                                                                                        SHA256

                                                                                                        b9c7e0162fd437d61212b58c3bb0aea80da1ab161d70c6d1d5ea1a963148a46b

                                                                                                        SHA512

                                                                                                        e043363cf4500648e57ec0b5e2950b4d3156c419393a420c377914b38fed8345be94af255c7ac05353f995f7b4932ee4965195e2070e257f246b849c8cab9005

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                        Filesize

                                                                                                        7KB

                                                                                                        MD5

                                                                                                        d6f3665fbac06aaa64717600ce853b0d

                                                                                                        SHA1

                                                                                                        a182181cffe51995398f7e703e2f48420f4d5752

                                                                                                        SHA256

                                                                                                        68d379d675ab148ecf73a129f0e3ff67ffeabf381931205112c1fb4d6ba25663

                                                                                                        SHA512

                                                                                                        dd2b5f6d711a7ae6fedb34416f22379b4bba49424b07e47c01e972c09d4336ef8e213988d33d870cf4e0db58212fc778f687ad37e586ec6cef413883b47925c2

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        f8a3fda879b67198c37ea39ff7b06205

                                                                                                        SHA1

                                                                                                        0333d0ca9583ff64a134f3053250845a2750ae96

                                                                                                        SHA256

                                                                                                        9af9e78d50f7b0d3996cfc41f846e5d9ebb8eb80123304a461e58d431dfd2b1c

                                                                                                        SHA512

                                                                                                        8044090e05677c9406b751c13f2771a96eb40424718786ce3882737efe4fc2cb5b4cf96f8a07b9940a462254d23a7d8397cee24f721c19ae74d05337b7e196c1

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        9621cc5c243b83b3361a66193411c82d

                                                                                                        SHA1

                                                                                                        522310387188de5872af7325357701ad777e73d1

                                                                                                        SHA256

                                                                                                        78ed90b5a2cc913e3ab0649b679f4d84203351243440995d4e9f26946ece1ad5

                                                                                                        SHA512

                                                                                                        bc5831ac0f478db9c5d8be2421b8a7953e6ce7ed06a99836187c63c71893665757b6db8e3616208347d91ab8f51e65dc60fe1331366d7115de2313239b07b522

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        e84f3e7b051e5f1f1053660668bb11c6

                                                                                                        SHA1

                                                                                                        368ca0a99c5412f87ba01bafc2d8bfb96ff3cbf3

                                                                                                        SHA256

                                                                                                        1e3119c39af098176b9cf7a2091fb8da05001820d3b725d8c6cc6788c8a2cd69

                                                                                                        SHA512

                                                                                                        895a73b13f6b83b3de877b11e099369c0ebf8a06b8e5d4b539a9cba5565076c2416a03179ab8ce8e8e7680573acfc6766ebb72bffac76411120ae07a4b70f5be

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        33a3ea2508cfbf74298ddeb1f008cd6f

                                                                                                        SHA1

                                                                                                        f24d0ad5ee39d5d1e18ad4f7966b9536bc2aaf16

                                                                                                        SHA256

                                                                                                        6fc07ca05c8962ea27bc826765117976666375d59559df3e4370f224a9504b91

                                                                                                        SHA512

                                                                                                        f26f338fa0dae73c837b26d8067862a335b8f5131206b9082926bf430fda2ef85411131332480ce0a6e105591a7f5729cc081f14eb665531ae87852fbf0e2d83

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        1249426537e82fa82672d4fb25346bb6

                                                                                                        SHA1

                                                                                                        711095e3699427272855b1f28f5b6089f6839180

                                                                                                        SHA256

                                                                                                        7b040524765fa1880eafe92dd02fc6773b8a08f8206a26d8baa5a8385452b409

                                                                                                        SHA512

                                                                                                        8bef7426dd4ecbe5e9938b691c7226825cfcb94fddb8af6ffb5fcee274b14fa2ac64d0bf4875d9edd4c5e46986bdbd7c335a0b44616444ef1e2325c861606f04

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        19b3269b6ffe23652d89eff05935cd21

                                                                                                        SHA1

                                                                                                        82ad84303f9b5efb7f3f7321827bdf4c257c5823

                                                                                                        SHA256

                                                                                                        0e78ac0b48978414241fcba7ff3c905def8a93c894ee10b66a604aaee434cdb5

                                                                                                        SHA512

                                                                                                        5d08bc9ffa8b8a965484a47102b0ac0062f34eb6418abee488da5f00712cc09e214884e7bdec9af4967d6bb055ae35a2c669b08b4efec30602a0dd4bed81dff9

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        862a24c07d68cfab3d401d4159058ba7

                                                                                                        SHA1

                                                                                                        e3064d1faa186cd27c05de2ff1d06ec95c3630f0

                                                                                                        SHA256

                                                                                                        52a9f61acf2e395fbbaf4ccc62421b567590d66e20e0bf6ee8d67bee740f1eb9

                                                                                                        SHA512

                                                                                                        6f873b76547a44b78bf77248dc16ede1fef8fab26ea2ba45504544a9bf3f062be3cf2669e89cc93f0c8c0d24590e37c6a7251461cf50fab913e9a0b778c8d64f

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        b82e310015fde5dc4b98157b0cec3cd1

                                                                                                        SHA1

                                                                                                        d2a7ea691e4c5cfdfd69164b786ffe1d41801237

                                                                                                        SHA256

                                                                                                        554228c653223aace25f9fac2cbd69de26ec5cef6696f24b2a7d80c0ae22b326

                                                                                                        SHA512

                                                                                                        beebe9dd548dce555ba231cc97253f08c5bde7f7456d2daa1ee4cc1bd016bc7e3d46b2e1e1d2214a8a1bcf18e10a128bea0e35f90bedae2647507b6a28020b83

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        4c56aed53650d69b160494dcbf553de7

                                                                                                        SHA1

                                                                                                        10559b53dc456b60195ee4d36d550424e61fad5e

                                                                                                        SHA256

                                                                                                        efb5bea3a1d76e81d3c84a8f62ecb6dd1fe7797e9a3e5ce96019f425b8a80046

                                                                                                        SHA512

                                                                                                        cc0be0d0daa4ff522ff160dea12242aaa72e072aa06981959bd8f96cd5893000ec4e12982fefc9d8123b2ef2ab37e466986e6bdc69c659d3d87eb4d8df513caf

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        4be26ae3149a0432a04a6ba113ce03e6

                                                                                                        SHA1

                                                                                                        ff74253999d21e4f3eb3fe4674dc48495e20d598

                                                                                                        SHA256

                                                                                                        e220be3e98f2af670451d9d1aa5f318c1a4b7c6665c17f0ccfe67c233af52fed

                                                                                                        SHA512

                                                                                                        bf0f5ebb2b1e412f6bf6bb4bd96f2e2475a1903ff92cb8a793274aa4f6731ab5b7655277451c7c0729d2745b9e8e10415d65a5db12a798b06cefd1630cff640b

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        bc856d36867e4ddb53e6f1cad0260776

                                                                                                        SHA1

                                                                                                        676551d52f2ce3abaab8a2d21cdf5d9f3de18022

                                                                                                        SHA256

                                                                                                        ad026af8622832fbf2e0613466ece4a8d5d43efcf5d40a42f3422bfc8dddc777

                                                                                                        SHA512

                                                                                                        45e57fe36ae52f86920221296d59f08325277aa93658bd241f43bbe33e3ca9cf70f98460f48f6a0166f4e1e3cec71d834e1e92d5e7959a3fda414108a412e5aa

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        d2f6d450b9a8f8c27689659b15cba9f4

                                                                                                        SHA1

                                                                                                        74ee8963f48e27ee27a29d0cf0e3e3f66dd4f399

                                                                                                        SHA256

                                                                                                        13508513251dbe01ad3c3ea69f84fd298a666c94248f01a7f89b8a16ddcb7a06

                                                                                                        SHA512

                                                                                                        df2acc9a1f9e1c72c57f08181f6479e67b48aa92ef20d21c5546c253a3beec4875c2f66e61d364a35cc997d7ef2cddd0d9a33a6dda06fc26251b14011ac94ae1

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        25aea3e6b7b4cac063d08c7b6564877b

                                                                                                        SHA1

                                                                                                        75a8e2501ba87ef2af5f7675b2cef50494f4e374

                                                                                                        SHA256

                                                                                                        a2a4f6164ad62bfafa91e7dadbde07ff487323b6108ed07e392243f8fdc59554

                                                                                                        SHA512

                                                                                                        545d34a168bea4604a0382e2be917a554d0177cc11b63c2a3d8e675832082318eb57e28397d6b98fa23a6b8a623951a2291e751076f6ce0b8b6c975caff327c3

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        818a7173f6b6b2426439b1d095143ca6

                                                                                                        SHA1

                                                                                                        9ee432bd4d3bd361ce66150eccd31c81920af0a9

                                                                                                        SHA256

                                                                                                        6f85a5cebb862fc650094e76c8f453531e2c1302462c2eca9284e32910c2312e

                                                                                                        SHA512

                                                                                                        1f76a93445e54a21fbeda33b4de0655a6529954352936aee7f659b07168d63db96f4d5e5972eacbc297b560c536d9b46ef2d57cd4f297f2f2827b97370adaa35

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        898d9ec2a93887c3c337c5f0a2d38955

                                                                                                        SHA1

                                                                                                        67f7a49ed38757fed186c5c3ed327b83d26d7593

                                                                                                        SHA256

                                                                                                        bce8a05eeb89b9ba3c24ab4ced393b9ae01eb08934916e5e044b0dce3b3d0fe0

                                                                                                        SHA512

                                                                                                        2588f85e770d5c877f38aaa2630d887903b7cdd0e5983be893d2e754cc0e8662d9157c275833fdac221dbd5343cddf69e430d1df61e1631fb47667cdd2ee18d3

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        800465a9696d400afbd0255576d62d93

                                                                                                        SHA1

                                                                                                        5fc47bdf52af463c43771d482cfe049dd7cc9b5e

                                                                                                        SHA256

                                                                                                        4414794fed2dbcbfff256c4e72962f2e256f33bd1a164304a1cb7e15219bdc2d

                                                                                                        SHA512

                                                                                                        d5c9110020c799b47cf97122733af6fc8d7f5baed94902365771a500857c17579035f28d177450f36991ce8b28d014354f08fc8597e141e0a4dfccfccc008441

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        874B

                                                                                                        MD5

                                                                                                        f40f79ead7ca56f461ac6061a24b4990

                                                                                                        SHA1

                                                                                                        71b47f6ec392b5745e6988211994eec1748628fc

                                                                                                        SHA256

                                                                                                        e490090740b8800fc83e0d48f0f29daa15ad1bc45bf67141442ca4309fd8f204

                                                                                                        SHA512

                                                                                                        5a7b4e7e70d4a783209ca5a14049a79f454f5bc2ee1a5de24abc2e00d2cb56ff09dc7d093ca32ce8433af7310067010e91efddb9f079beb0efc448b4318d87ef

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        f7f17441e5c66ecca0861f0f289c8db6

                                                                                                        SHA1

                                                                                                        c7c0f1712ae2b758293719ed70ab14efe8d13f19

                                                                                                        SHA256

                                                                                                        3a86ebaf9e03c75e5c18ceeca289cf15ec5c6de849962c450a8f131a19a5a03d

                                                                                                        SHA512

                                                                                                        f7b0eae69071e5cd91c461769a54790772cb84f59b4c0a66525a627e9346fdc3353f02daa748de38fa58602d890860f29c7044e02fffb45d5eeb3a5911c6348d

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        d31a028aff3785cff91aa0e3b4e63870

                                                                                                        SHA1

                                                                                                        4d290aa99029134699d48178a0a66409dd964927

                                                                                                        SHA256

                                                                                                        ff1045193527ec01f3a890d3f1bf77db415709509b4eb6584accbdd4b0203ae3

                                                                                                        SHA512

                                                                                                        754dc0fa3911554bb5254f19e0aa9155e2647ea4efac3b0e0daa7439a7ec5c1e063630225cd5713012538ea40f1c0dcbe77ad8ee2e995335d638927e415d67c0

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        1b006bdc2901c700c1479b402c781964

                                                                                                        SHA1

                                                                                                        2cd4d78464359e77cc4cd572c2d83e8ab8a99c1b

                                                                                                        SHA256

                                                                                                        72bb28e11dc0d2db557dabb6c24c1cc9aeaf8b74f82f12ac5d2a0832298fd621

                                                                                                        SHA512

                                                                                                        af840ccceb86272d8967025d96d73669413418ca3e69e4340f52c5ef4de98442779f6e9ab992fd4e8bb4c168940ba337056df7f0823ae694c88c480c42000d7d

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                        Filesize

                                                                                                        1KB

                                                                                                        MD5

                                                                                                        b19058e5e39abfd359d3e12f237730f6

                                                                                                        SHA1

                                                                                                        71be58f704667a2cee4f2532d1e8689776bf9028

                                                                                                        SHA256

                                                                                                        e96da42f299e2065d1eae6524067bf4f0e5cf53543eb179a78dab417809dce7a

                                                                                                        SHA512

                                                                                                        d2568ab97f1b83e8b4289573c3c56d60eb20f9041bca2078b266d663a020cc46ba83a7c7949083e2b85b969beb2f585e079b427434859e8cf7aed48126954deb

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d764.TMP
                                                                                                        Filesize

                                                                                                        372B

                                                                                                        MD5

                                                                                                        d45661417627c5d0f73892e7e4e555b5

                                                                                                        SHA1

                                                                                                        0489d2a88e899b7259f710b46b861c314383f920

                                                                                                        SHA256

                                                                                                        a8dd9f4be506e25ebcc61f000fe3bdd91fecb1aaba3baf2503e7ff9c21365095

                                                                                                        SHA512

                                                                                                        7dd1555065014e76e34733ac97d6649e7272d0a58a1c19327369417de7fc6deac45c3a163c52ed4b0d9fc883d8e111b6bcb72b1ed0319ba34523a23276e84359

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                        Filesize

                                                                                                        16B

                                                                                                        MD5

                                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                                        SHA1

                                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                        SHA256

                                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                        SHA512

                                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        11KB

                                                                                                        MD5

                                                                                                        1cd0a0b66747c8667d0ee6d9e8b3e0a5

                                                                                                        SHA1

                                                                                                        f38ea3abc73845f34e459ee4a54305af01983518

                                                                                                        SHA256

                                                                                                        11d1bc98f977333df8a79c8bde89e7488851ad8450d3201be1335d8e37905949

                                                                                                        SHA512

                                                                                                        4f12652e24167c8a2fa5aa89a0b649d0d6fe865c0afc952aeeb912b635d65b65998ae102ae557aa84eb4d449e6e5a5b2e12d9a976b9e6f0ff1122ce5d329dd81

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        a9b9c68b8957e5d6ca517a47f17363f2

                                                                                                        SHA1

                                                                                                        b949dd8ba26f3dcf6dddf0941529d36aae4fa216

                                                                                                        SHA256

                                                                                                        c2a7ec0329c2a26aeba4397a21ba973d9da95866a39835514737957f04ee909f

                                                                                                        SHA512

                                                                                                        9e99187ede1b52e69bc286d3b3ec793aa68dad3d83b82a78c9e5784ed88001ce7d92e1a59383abaad167316ce6fd191d4c6b8c2c96809651ec6469403fbdd795

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        c6d3b70784f53bcabf74e292ea27d67a

                                                                                                        SHA1

                                                                                                        ca57a04bd2d573a3a0516fc999191de43363f884

                                                                                                        SHA256

                                                                                                        85ba672c8c87146b5793d5953496d0681215304bfbd4df092155f91ab5f7fbb5

                                                                                                        SHA512

                                                                                                        120f650baff1625ad90a2018115c1445d6327e4687216ac0c35fc66fe094450e464a021bc730211b7580a2998471920038f67688eee56981961201975a08e7fc

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        7e7d3759d786c2cff2ef21baad0293b1

                                                                                                        SHA1

                                                                                                        123889db7f6d0136565730fea0ed669943e35148

                                                                                                        SHA256

                                                                                                        d7173650f0342c370074be97a7458371fe36be3354aec9110c214903ee5be24f

                                                                                                        SHA512

                                                                                                        03633cfa7cd0f4f32f2419e60ff4746b54f00fdfc93556cda1bd57d9d5b686e82f689ba5d15aa74e92ae66b4fd851259fbfb54345e46a3d5ff6660e0a0c4790c

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        ba440788b15f4b590a05c71bcabfab7a

                                                                                                        SHA1

                                                                                                        cbeec66b74f5a11b955dacedd154424e823f302e

                                                                                                        SHA256

                                                                                                        92d36174cb67396b0eec13d06c5594aeb7294263d4faa37b2e34f76d6a9fb68a

                                                                                                        SHA512

                                                                                                        336a3ee8b25f79218edd628879b05775e8a975dcd536eeb0ef14ac7fc0c887d2e9d093002541d9c8d79217153968d766c24c4d3518b3507f086aeda464b5bb40

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                        Filesize

                                                                                                        12KB

                                                                                                        MD5

                                                                                                        808839f3e6fb9056b40f07e739a47a3e

                                                                                                        SHA1

                                                                                                        2b8acb52fe6eec867254da5b40195adc07082c59

                                                                                                        SHA256

                                                                                                        c5dd40ecd248f0b5c8161d25d56822b01931de7106ea56744e984b54fb0cfdd6

                                                                                                        SHA512

                                                                                                        7c94a5295e236c5939f930498794a996ffad902725a57ede425e93a4ef4ce90c7940781dba664ce652894b8b17ef2a4a9fd9a73c1a97f86d215fbcecfb7430d4

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver342D.tmp
                                                                                                        Filesize

                                                                                                        15KB

                                                                                                        MD5

                                                                                                        1a545d0052b581fbb2ab4c52133846bc

                                                                                                        SHA1

                                                                                                        62f3266a9b9925cd6d98658b92adec673cbe3dd3

                                                                                                        SHA256

                                                                                                        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                                                                                                        SHA512

                                                                                                        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EROQDKB0\suggestions[1].en-US
                                                                                                        Filesize

                                                                                                        17KB

                                                                                                        MD5

                                                                                                        5a34cb996293fde2cb7a4ac89587393a

                                                                                                        SHA1

                                                                                                        3c96c993500690d1a77873cd62bc639b3a10653f

                                                                                                        SHA256

                                                                                                        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                                                        SHA512

                                                                                                        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Melissa.doc
                                                                                                        Filesize

                                                                                                        40KB

                                                                                                        MD5

                                                                                                        4b68fdec8e89b3983ceb5190a2924003

                                                                                                        SHA1

                                                                                                        45588547dc335d87ea5768512b9f3fc72ffd84a3

                                                                                                        SHA256

                                                                                                        554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

                                                                                                        SHA512

                                                                                                        b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 134737.crdownload
                                                                                                        Filesize

                                                                                                        232KB

                                                                                                        MD5

                                                                                                        60fabd1a2509b59831876d5e2aa71a6b

                                                                                                        SHA1

                                                                                                        8b91f3c4f721cb04cc4974fc91056f397ae78faa

                                                                                                        SHA256

                                                                                                        1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

                                                                                                        SHA512

                                                                                                        3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 183374.crdownload
                                                                                                        Filesize

                                                                                                        111KB

                                                                                                        MD5

                                                                                                        9d0d2fcb45b1ff9555711b47e0cd65e5

                                                                                                        SHA1

                                                                                                        958f29a99cbb135c92c5d1cdffb9462be35ee9fd

                                                                                                        SHA256

                                                                                                        dc476ae39effdd80399b6e36f1fde92c216a5bbdb6b8b2a7ecbe753e91e4c993

                                                                                                        SHA512

                                                                                                        8fd4ce4674cd52a3c925149945a7a50a139302be17f6ee3f30271ebe1aa6d92bcb15a017dca989cd837a5d23cd56eaacc6344dc7730234a4629186976c857ca9

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 184540.crdownload
                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        a56d479405b23976f162f3a4a74e48aa

                                                                                                        SHA1

                                                                                                        f4f433b3f56315e1d469148bdfd835469526262f

                                                                                                        SHA256

                                                                                                        17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

                                                                                                        SHA512

                                                                                                        f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 381936.crdownload
                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        MD5

                                                                                                        eb9324121994e5e41f1738b5af8944b1

                                                                                                        SHA1

                                                                                                        aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                                        SHA256

                                                                                                        2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                                        SHA512

                                                                                                        7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 422931.crdownload
                                                                                                        Filesize

                                                                                                        246KB

                                                                                                        MD5

                                                                                                        9254ca1da9ff8ad492ca5fa06ca181c6

                                                                                                        SHA1

                                                                                                        70fa62e6232eae52467d29cf1c1dacb8a7aeab90

                                                                                                        SHA256

                                                                                                        30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

                                                                                                        SHA512

                                                                                                        a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 433408.crdownload
                                                                                                        Filesize

                                                                                                        111KB

                                                                                                        MD5

                                                                                                        e87a04c270f98bb6b5677cc789d1ad1d

                                                                                                        SHA1

                                                                                                        8c14cb338e23d4a82f6310d13b36729e543ff0ca

                                                                                                        SHA256

                                                                                                        e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

                                                                                                        SHA512

                                                                                                        8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 433408.crdownload:SmartScreen
                                                                                                        Filesize

                                                                                                        7B

                                                                                                        MD5

                                                                                                        4047530ecbc0170039e76fe1657bdb01

                                                                                                        SHA1

                                                                                                        32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                        SHA256

                                                                                                        82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                        SHA512

                                                                                                        8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 485182.crdownload
                                                                                                        Filesize

                                                                                                        2.8MB

                                                                                                        MD5

                                                                                                        1535aa21451192109b86be9bcc7c4345

                                                                                                        SHA1

                                                                                                        1af211c686c4d4bf0239ed6620358a19691cf88c

                                                                                                        SHA256

                                                                                                        4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6

                                                                                                        SHA512

                                                                                                        1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 528948.crdownload
                                                                                                        Filesize

                                                                                                        129KB

                                                                                                        MD5

                                                                                                        0ec108e32c12ca7648254cf9718ad8d5

                                                                                                        SHA1

                                                                                                        78e07f54eeb6af5191c744ebb8da83dad895eca1

                                                                                                        SHA256

                                                                                                        48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723

                                                                                                        SHA512

                                                                                                        1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 548892.crdownload
                                                                                                        Filesize

                                                                                                        3.0MB

                                                                                                        MD5

                                                                                                        b6d61b516d41e209b207b41d91e3b90d

                                                                                                        SHA1

                                                                                                        e50d4b7bf005075cb63d6bd9ad48c92a00ee9444

                                                                                                        SHA256

                                                                                                        3d0efd55bde5fb7a73817940bac2a901d934b496738b7c5cab7ea0f6228e28fe

                                                                                                        SHA512

                                                                                                        3217fc904e4c71b399dd273786634a6a6c19064a9bf96960df9b3357001c12b9547813412173149f6185eb5d300492d290342ec955a8347c6f9dcac338c136da

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 585357.crdownload
                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        MD5

                                                                                                        93ceffafe7bb69ec3f9b4a90908ece46

                                                                                                        SHA1

                                                                                                        14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

                                                                                                        SHA256

                                                                                                        b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

                                                                                                        SHA512

                                                                                                        c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 647783.crdownload
                                                                                                        Filesize

                                                                                                        338KB

                                                                                                        MD5

                                                                                                        04fb36199787f2e3e2135611a38321eb

                                                                                                        SHA1

                                                                                                        65559245709fe98052eb284577f1fd61c01ad20d

                                                                                                        SHA256

                                                                                                        d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                                                                        SHA512

                                                                                                        533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 936924.crdownload
                                                                                                        Filesize

                                                                                                        1.9MB

                                                                                                        MD5

                                                                                                        faa6cb3e816adaeaabf2930457c79c33

                                                                                                        SHA1

                                                                                                        6539de41b48d271bf4237e6eb09b0ee40f9a2140

                                                                                                        SHA256

                                                                                                        6680317e6eaa04315b47aaadd986262cd485c8a4bd843902f4c779c858a3e31b

                                                                                                        SHA512

                                                                                                        58859556771203d736ee991b651a6a409de7e3059c2afe81d4545864295c383f75cfbabf3cffaa0c412a6ec27bf939f0893c28152f53512c7885e597db8d2c66

                                                                                                        Download Submit

                                                                                                      • \??\pipe\LOCAL\crashpad_4936_CGYULHTZFHQSCJMM
                                                                                                        MD5

                                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                                        SHA1

                                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                        SHA256

                                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                        SHA512

                                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                        Download Submit

                                                                                                      • memory/716-1322-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/740-1417-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/740-1254-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/1160-1398-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/1160-1235-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/1212-1446-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/1432-1339-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/2000-1415-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/2000-1252-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/2068-1418-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/2068-1255-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/2264-1431-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/2440-1523-0x0000000001240000-0x0000000001248000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/2440-1520-0x000000001B970000-0x000000001BA16000-memory.dmp

                                                                                                        Filesize

                                                                                                        664KB

                                                                                                        Download

                                                                                                      • memory/2440-1521-0x000000001BF90000-0x000000001C45E000-memory.dmp

                                                                                                        Filesize

                                                                                                        4.8MB

                                                                                                        Download

                                                                                                      • memory/2476-1432-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/3228-1253-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/3228-1416-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/3324-1323-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/3376-1340-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/3736-1399-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/3736-1236-0x0000000000400000-0x00000000004A4000-memory.dmp

                                                                                                        Filesize

                                                                                                        656KB

                                                                                                        Download

                                                                                                      • memory/3760-1337-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/3888-1448-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/4596-1525-0x000000001C920000-0x000000001C96C000-memory.dmp

                                                                                                        Filesize

                                                                                                        304KB

                                                                                                        Download

                                                                                                      • memory/4596-1524-0x0000000001760000-0x0000000001768000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/4596-1522-0x000000001C7F0000-0x000000001C88C000-memory.dmp

                                                                                                        Filesize

                                                                                                        624KB

                                                                                                        Download

                                                                                                      • memory/4768-1447-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download

                                                                                                      • memory/5088-1338-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                        Filesize

                                                                                                        296KB

                                                                                                        Download