Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://archive.org/...

windows10-2004-x64

8

Resubmissions

06/07/2024, 19:34

240706-yaglcs1emn 10

06/07/2024, 19:29

240706-x7jasa1drl 10

06/07/2024, 19:22

240706-x29wjs1dmq 8

Analysis

  • max time kernel
    286s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://archive.org/details/malware-pack-2

Score
8/10
persistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 2 IoCs
  • UPX packed file 35 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 29 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/malware-pack-2
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa2b4246f8,0x7ffa2b424708,0x7ffa2b424718
      2⤵
        PID:5060
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
        2⤵
          PID:4304
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4684
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
          2⤵
            PID:4644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
            2⤵
              PID:3584
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              2⤵
                PID:3176
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                2⤵
                  PID:1824
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3896
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
                  2⤵
                    PID:4940
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                    2⤵
                      PID:4424
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                      2⤵
                        PID:548
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                        2⤵
                          PID:3656
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                          2⤵
                            PID:1676
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                            2⤵
                              PID:1384
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                              2⤵
                                PID:5356
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
                                2⤵
                                  PID:5572
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                  2⤵
                                    PID:5588
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                    2⤵
                                      PID:5800
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6464 /prefetch:8
                                      2⤵
                                        PID:6108
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                        2⤵
                                          PID:5176
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
                                          2⤵
                                            PID:1488
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                            2⤵
                                              PID:5260
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
                                              2⤵
                                                PID:5492
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                2⤵
                                                  PID:6116
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                                  2⤵
                                                    PID:2548
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
                                                    2⤵
                                                      PID:5288
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
                                                      2⤵
                                                        PID:5336
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5244
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
                                                        2⤵
                                                          PID:4336
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2913805195667476949,11803337744844251536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5900
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1524
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:3964
                                                          • C:\Windows\system32\AUDIODG.EXE
                                                            C:\Windows\system32\AUDIODG.EXE 0x52c 0x518
                                                            1⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:116
                                                          • C:\Windows\System32\rundll32.exe
                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                            1⤵
                                                              PID:5848
                                                            • C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\Security Central\[email protected]
                                                              "C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"
                                                              1⤵
                                                              • Suspicious use of SetThreadContext
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:5468
                                                              • C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\Security Central\[email protected]
                                                                "C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"
                                                                2⤵
                                                                • Drops file in Program Files directory
                                                                PID:3420
                                                                • C:\Program Files (x86)\Security Central\Security Central.exe
                                                                  "C:\Program Files (x86)\Security Central\Security Central.exe"
                                                                  3⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetThreadContext
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:5012
                                                                  • C:\Program Files (x86)\Security Central\Security Central.exe
                                                                    "C:\Program Files (x86)\Security Central\Security Central.exe"
                                                                    4⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    • Enumerates connected drives
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious use of SendNotifyMessage
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:4036
                                                            • C:\Windows\system32\sihost.exe
                                                              sihost.exe
                                                              1⤵
                                                              • Modifies registry class
                                                              PID:5392
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe /LOADSAVEDWINDOWS
                                                                2⤵
                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                • Enumerates connected drives
                                                                • Checks SCSI registry key(s)
                                                                • Modifies registry class
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of SendNotifyMessage
                                                                PID:4420
                                                            • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                              "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                              1⤵
                                                              • Modifies data under HKEY_USERS
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:4004
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:1360
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2420
                                                              • C:\Windows\system32\sihost.exe
                                                                sihost.exe
                                                                1⤵
                                                                  PID:6048
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe /LOADSAVEDWINDOWS
                                                                    2⤵
                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                    • Enumerates connected drives
                                                                    • Checks SCSI registry key(s)
                                                                    • Modifies registry class
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    • Suspicious use of SendNotifyMessage
                                                                    PID:1676
                                                                • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                  "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                  1⤵
                                                                  • Modifies data under HKEY_USERS
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:5500
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:4312
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                  • Modifies Internet Explorer settings
                                                                  • Modifies registry class
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:5744
                                                                • C:\Windows\system32\sihost.exe
                                                                  sihost.exe
                                                                  1⤵
                                                                    PID:868
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe /LOADSAVEDWINDOWS
                                                                      2⤵
                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                      • Modifies registry class
                                                                      PID:5624
                                                                  • C:\Windows\system32\sihost.exe
                                                                    sihost.exe
                                                                    1⤵
                                                                      PID:6136
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe /LOADSAVEDWINDOWS
                                                                        2⤵
                                                                          PID:2912
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                        • Enumerates connected drives
                                                                        • Checks SCSI registry key(s)
                                                                        • Modifies Internet Explorer settings
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5396
                                                                      • C:\Windows\System32\rundll32.exe
                                                                        C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                        1⤵
                                                                          PID:3452
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:3092
                                                                        • C:\Windows\system32\sihost.exe
                                                                          sihost.exe
                                                                          1⤵
                                                                          • Modifies registry class
                                                                          PID:1384
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe /LOADSAVEDWINDOWS
                                                                            2⤵
                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                            • Enumerates connected drives
                                                                            • Checks SCSI registry key(s)
                                                                            • Modifies registry class
                                                                            PID:4924
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:5832
                                                                        • C:\Windows\system32\sihost.exe
                                                                          sihost.exe
                                                                          1⤵
                                                                            PID:5752
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                            • Modifies registry class
                                                                            PID:5796
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                            • Modifies registry class
                                                                            PID:1464
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                            • Modifies registry class
                                                                            PID:3352
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                            • Boot or Logon Autostart Execution: Active Setup
                                                                            • Modifies registry class
                                                                            PID:1808
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3856
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                              • Boot or Logon Autostart Execution: Active Setup
                                                                              PID:4328
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                              • Boot or Logon Autostart Execution: Active Setup
                                                                              • Modifies registry class
                                                                              PID:3252
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                              • Modifies registry class
                                                                              PID:3200
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                              • Modifies registry class
                                                                              PID:4768
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:1224
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:5004
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:2780
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:6100
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:5156
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:5720
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:4148
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:2172
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:316
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:2032
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:4308
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Modifies registry class
                                                                                PID:5108
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:4440
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:3356
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:8
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:3716
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                • Modifies registry class
                                                                                PID:3996
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:1940
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                • Boot or Logon Autostart Execution: Active Setup
                                                                                PID:3828
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4964
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:4348
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:1288
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:5640
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:512
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:2304
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:5864
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:2060
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:2932
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:2928
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:3884
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:5340
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:648
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:4076
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:6000
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:5672
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:3552
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:3032
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:1396
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:1036
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:3044
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:3640
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:5268
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:1744
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:4160
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:4024
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:4180
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:2420
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  PID:4600
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Modifies registry class
                                                                                  PID:4620
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                                  • Modifies registry class
                                                                                  PID:744
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:5784
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                    • Boot or Logon Autostart Execution: Active Setup
                                                                                    PID:2900
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:5976
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                                      PID:2056
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                                      • Modifies registry class
                                                                                      PID:5012
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                      • Modifies registry class
                                                                                      PID:4012
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                                      • Modifies registry class
                                                                                      PID:1764
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4040
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                        PID:436
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                        • Modifies registry class
                                                                                        PID:3340
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                        • Boot or Logon Autostart Execution: Active Setup
                                                                                        PID:2664
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:5680
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:3248
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:5272
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:5024
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2024
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2148
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:5056
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:1060
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3676
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3528
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:3700
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3472
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3172
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:5524
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4984
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:2784
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:1416
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:1496
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:2720
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:5400
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:5016
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:5732
                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                    explorer.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:264
                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                      explorer.exe
                                                                                                                                      1⤵
                                                                                                                                        PID:1432
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        explorer.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:5076
                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                          explorer.exe
                                                                                                                                          1⤵
                                                                                                                                            PID:4224
                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                            explorer.exe
                                                                                                                                            1⤵
                                                                                                                                              PID:5388
                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                              explorer.exe
                                                                                                                                              1⤵
                                                                                                                                                PID:3912
                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                explorer.exe
                                                                                                                                                1⤵
                                                                                                                                                  PID:3680
                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                  explorer.exe
                                                                                                                                                  1⤵
                                                                                                                                                    PID:1752
                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                    explorer.exe
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2444
                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                      explorer.exe
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3240
                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                        explorer.exe
                                                                                                                                                        1⤵
                                                                                                                                                          PID:3704
                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                          explorer.exe
                                                                                                                                                          1⤵
                                                                                                                                                            PID:1664
                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                            explorer.exe
                                                                                                                                                            1⤵
                                                                                                                                                              PID:5088
                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                              explorer.exe
                                                                                                                                                              1⤵
                                                                                                                                                                PID:3664
                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                explorer.exe
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:4672
                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                  explorer.exe
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:5288
                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                    explorer.exe
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:5828
                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                      explorer.exe
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:5776
                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                        explorer.exe
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:2704
                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                          explorer.exe
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:5248
                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                            explorer.exe
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:2268
                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                              explorer.exe
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:4084
                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                explorer.exe
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:1164
                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:2324
                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:5224
                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:5884
                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:3064
                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                          explorer.exe
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:5404
                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:3952
                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:1816
                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:4368
                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:4232
                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:2568
                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:3992
                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:6052
                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                          explorer.exe
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:4788
                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:3012
                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:2340
                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:3808
                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:2088
                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:1932
                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:1080
                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:3860
                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                          explorer.exe
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                            PID:2912
                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                              PID:6140
                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                PID:3876
                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:4624
                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:5556
                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:6028
                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:5748
                                                                                                                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                                                                                                                        explorer.exe
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:2104
                                                                                                                                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                                                                                                                                          explorer.exe
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:3504
                                                                                                                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:5452
                                                                                                                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                                                                                                                              explorer.exe
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:4256
                                                                                                                                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:3496
                                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                  explorer.exe
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:4900
                                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:1928
                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:4676

                                                                                                                                                                                                                                                      Network

                                                                                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                                                                                      Downloads

                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Security Central\Security Central.exe
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        904KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        0315c3149c7dc1d865dc5a89043d870d

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        f74546dda99891ca688416b1a61c9637b3794108

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        90c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        7168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\IconCache.db
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        23KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        de3b56804963b2b34826aff29b89887a

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        8dc7999e6ffe21e389849158a3d4ac55a011a6db

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        473d0340c97bf5d3ec09b176b535a55c2aac8672168a79003ba7bcd2520637da

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        cdada05908316c573b25fe2029b16f7295c54998085db2bcb09d21d727b2759e271a6720315856cbdd6e4aae10de4abbacb5b40f8b177ed0251db766649d7738

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        152B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        f0f818d52a59eb6cf9c4dd2a1c844df9

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        26afc4b28c0287274624690bd5bd4786cfe11d16

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        152B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        0331fa75ac7846bafcf885ea76d47447

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        5a141ffda430e091153fefc4aa36317422ba28ae

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\818ab86d-d91d-4c6e-98bc-95b810cc44a1.tmp
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        540B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        c9281574e26595007bf65e22b5d02eff

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        39736b9d7e7a5375fb8bc6065b9c97bc0af50c3a

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        ecb755280541bb3f6dea77ee9e2d1c48ef27d0cca40fa8b3ad3ae2e3b6d9d2ab

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        17f3fd4d31ecc3caa0b61f3d25bda2348feb9b9649a4a818dc82c7120261f92d606a34ec5e5b2969db1a2c1242649c7691fbb076fd97729671302f9d3816bedb

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1024KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        9ba2064d38eeb5042951f9699bd24192

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        5c3589f43e20ad11b238e51298dc63b98d256794

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        c34948200ad5e17597d3b3a34052dadee91382d802028495610ec2b9cf1f42de

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        9a964d695e064549bae9931601c084cf2187398546309b8a94a955b33f1a94763295486d6e053a63f5f6f9c4a32d5730bc5b18ae2a17a52d986f6bc0311b4553

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        19KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        f6c5f91182d258e81425b5814913051b

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        b82c9fa9215cc431995b0d5a6a74f44945a8c008

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        6978a3d3b264438b44353c188da1097721f8ae6bd6c42756f130de64b1034731

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        2cca8e44477ab360a5bd7ca0af4e12e54714577e9edab90f7e0fbf079e81e15229f7e08419dc7f839a2cb00129211cc837df2c5da97a346e7c8db9fa174f8da7

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        211KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        151fb811968eaf8efb840908b89dc9d4

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        686c84f60684c8dfe6059f3d55cbbf9b

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        0558c51453b2c1ea523affd5edc5a5b13f10dbd6

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        c4a6cbe1caee9f01e725733caf7ba541ba129246297204e383e3126a42531126

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        1172415192da8e5e382c6de34ae4359be2f1ead6ba687301c0a677e64f9b8012b69c7c615f46cabf72e76422881ba6a1286fe3e6988485de96a1d8bba34bebfa

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        168B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        c1215930f512c37424bf55d6d3531a86

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        b006f533f3619c06d91c77f7ffce05fe26db1406

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        aa777e3925f905816644c768daef26ab3ab54dcc8ede580dd084813cda2586c1

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        2dd6b3a4269634be5725b2fbef53bdb182ba70889ba1ec04c4e2763be3643bea7c5e53ea44cd8966723b7ae6728ebfd4be57abb8b08798f7ca4be951dc45fb16

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        00a294c0d5b658ada1ded7869c182199

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        14138e9239f2b125fb6fa2fda7e05bd29a89b901

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        5d58a053f4b8868981400223f0b98a441188093d5805f7668e132f56e8e60a26

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        278e536da0febf2274b85d4f67619013140c34ea7a8a01d476eda4bd91bbb1bc7b830f51d52bdf04c5abf02c6faf79eb34c7c9d4285a2fdc4583fc817ec3f060

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        f808ccfc021a7785661fde8625bbaac3

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        b6d13916d198d32611988b8802b57d8dc7634d5a

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        2d04b3ce666006fb1f42c3f5c2d1e2823af36be4d932d034427ad9be3e5ce9b6

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        04eb0bf8789036408246779ae1df5109bbf1315c0edeba7d6ace920f9f2693b3b4ec6a745cc864d04661a047e88dc12e372c39a3e73e4010dc079a22bfa97b4e

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        c37324871a1493d1ae316c2cb362bfbd

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        1d7fa6c0990773ae3b47b42f299b679bdf729cef

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        c893418704de36bafb41d50b05fd9bae829b5a93b1da2f0b59b735471cdae934

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        50d1be16ff9b6a0254e095df68de96290f46417e74373cb71d9a9a803f97e4abd2a5fbce1d90e9ef4f783a8455d1423bcd904937f1396053bf75f9a43ab6090b

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        909c5c915f3c43bc0af849f7affa1b77

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        3bafd19614b003387bf69374c08079fbe966e495

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        465e0e323c3f410875550ee491bf497abc128651deeb346919a1df34112352b3

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        f3eb54540479380d9b3a6b94fbf0b4bbb67723642b3d788ab71ed286b53d28bbaf4ee5bc463013219c1c30106fa3c4304cc902df2cb70c2ea20541e310f18ebd

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        9KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        de5154ad3c207539f840f6b1b6fd2e7a

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        c63d8cccebab332b07d713d233584eeda7879caf

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        aa7733a73f75667d625bde6f9ee3299347cda0839cd3c7bfb4ebe668db1c107c

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        511466d06b8754907d003102a2eee3bab65d44d18ee280204a2ee180339085760a22bf0b8adcbf2f024ca6ec6b26022ee878a72305b76ba37c5039e8365c1dfb

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        37c46b32fe9ad4ecb8858bb77da05312

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        019693bc2c4bb9823d504bd7d9915cc915633677

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        676047a23116b72699fbd4d6f679d7979708c1e42f7aa52c2b7913636d5b36a4

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        668c90e98d3c98d8a31a9cffe07aeeda0b8d7359a5c961daf34bef12b2561b17d27577fdf206b6c47a4915e96c827c900caa497f98fb27791296a10c16b173f7

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        1241bf3a03adb9b0656b4b12791240c1

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        45bf9dbf95f9723ff7c8d872be10e039c8f41683

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        47f8806627bcb5e48df0c9f43411d83e594551ee418d57a2491e611207809a03

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        029c8716dd07546bdbd336f57903cb19a4e488278b6311c3e741488efa421be490cf782cddd71e8743541e0579409ee7fbb1de3e3cef5d84ceee2a8b8a7029d0

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        8KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        e79e26f870dee8989d51570535ca368d

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        778a5ad4d01f49908716a3b279fa31ea4bb139ff

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        e907b1be98b10e38bc5427692e956ce705c3ad52179b449bc8f1481ab24d52a8

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        48c64219796db5712c13e3578aa27fd39bd5e573cd498562fa0c280a77447b0de2a2db747252469575c06adbd8ac08a8974d0fd10807040e4319339a34d61698

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        de6dd2cb947a2370e94629cfc28bb3d2

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        9a38c1de9aa92a170921346c49de0fb6efc6f5ac

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        048df3e273e5f78f3ff452f3c0ac0f9d704fad957f964fea2f3c5713958db0e0

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        d0172fc4ad5e89620ad963f029250caeee4544d2a53792f34589c299405187676da0d04d816e88351e8decdd096c0e35426fdaee9a345183db4e755753c2404b

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58603c.TMP
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        372B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        1028ea29f45044c1ba4873a987305cc5

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        c2c2b4521405682dfe8b8820f9e5efde013e48a9

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        3e02f607c3c28ed36badcd856b32d7d0e2c2a0ae19521a67b69cc89177196e91

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        d69dd84c8103030584ab28444b87c56ab6c021dd5103c71e3ced6d3905f43e06f46dcbf9b0be7f318a93a660aa77c4a44c0a0ec7747cbfcd3d4f30c45552cea2

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        16B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        16B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        11KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        8c14140f5427177189a7155162f58ed9

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        64d72be27e7d671e4cd5afec672e4b8d010ab82e

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        6661f141ebda128af4364286dbf635e970f131a4dcbf373066a919a8f3d8ef05

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        cbb2414e59d2c9b3b53547990bfd8b86a7004b04db609315b72eaad65983efc77a3edd4bec9fe4129133c1877a7ab30b92b5feb5f643e3e0bffaf4a69d965d27

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        12KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        8940b67aa4e65aa685cc764854168802

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        41c06d783f17034af59245d0c97af377c22fb4f3

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        01183a255cca757b051b7ed62c66fb4722a55bc014489e44e829c713693fb096

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        d121055afcb5f068fcb5a06fd6fe8c70f205eee533b8d2541c611ce81361f0de700f23fced16b99f41b4273ae57611bc6816143de59753ba9eec54f3bfe8eaf2

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1022B

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        74e80e39b703ec326ae14ed9101e69bf

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        fb6ec9156ad09a784f8e3e230a0b5af5d5e9ebb4

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        91603cef120ee657e7e2af679da5062d9010f56efb983a4c1a5efe63c55a167b

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        4abc4793cf506cddfe2ad07c0d36d37d350c85bb389601bede0c5d034facfaa71a3914aac79e093794add5d9c63599d5043850d75b60723f7d35127375ac3c8f

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{02DE8AE1-BDBB-474F-ABE4-06BABAA5B89D}.png
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        099ba37f81c044f6b2609537fdb7d872

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        470ef859afbce52c017874d77c1695b7b0f9cb87

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        8c98c856e4d43f705ff9a5c9a55f92e1885765654912b4c75385c3ea2fdef4a7

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        837e1ad7fe4f5cbc0a87f3703ba211c18f32b20df93b23f681cbd0390d8077adba64cf6454a1bb28df1f7df4cb2cdc021d826b6ef8db890e40f21d618d5eb07a

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Security Central\Security Central.lnk
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        5fe02f713212df6e21bb35ee0ae3cb24

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        66e3cf37bed4d9ee5811a02d3ea9baf18fba875d

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        de1bcb97d1bed29bd22b26e7f8fa1e9a8e51f99ad9be7d38f9dc27115099bac2

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        125f87329a442275e6150ca3c619074eaf8e7d741725b94dbfa2280fce2002fd161b928ff49b09109085cf3f2173b9cf7cfc8d1858580bdbd2cb664b4a0ba5f8

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • C:\Users\Admin\Desktop\Security Central.lnk
                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1KB

                                                                                                                                                                                                                                                        MD5

                                                                                                                                                                                                                                                        495e4478895dca5d03f0f47a12bbe395

                                                                                                                                                                                                                                                        SHA1

                                                                                                                                                                                                                                                        37e9c9fca34eb66c1ab2afa01d6b2dbc2d4ad748

                                                                                                                                                                                                                                                        SHA256

                                                                                                                                                                                                                                                        21706aedcd578d98550254b5bd1525c4a1e6af6890758e87dde5e091eb373189

                                                                                                                                                                                                                                                        SHA512

                                                                                                                                                                                                                                                        b3390b1bbf571236b0f8ea4096a7383d5026d879f4e84c213f58b8ede174243249ac0116dc54836785672caef3c89847fcdab9c02053f525c2dd01d69c5936a8

                                                                                                                                                                                                                                                        Download Submit

                                                                                                                                                                                                                                                      • memory/1676-548-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/3420-510-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/3420-511-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/3420-508-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/3420-528-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/3420-512-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-540-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-702-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-535-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-531-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-529-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-530-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-711-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-710-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-709-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-708-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-707-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-525-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-706-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-680-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-705-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-688-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-689-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-690-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-691-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-692-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-694-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-695-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-696-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-697-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-698-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-699-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-700-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-701-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-704-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4036-703-0x0000000000400000-0x0000000000A35000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        6.2MB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4420-538-0x0000000002F80000-0x0000000002F81000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/4924-683-0x0000000003050000-0x0000000003051000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5396-678-0x00000000044C0000-0x00000000044C1000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        4KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5744-563-0x0000026CB6FC0000-0x0000026CB6FE0000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        128KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5744-573-0x0000026CB76D0000-0x0000026CB76F0000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        128KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5744-556-0x0000026CB7300000-0x0000026CB7320000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        128KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5744-552-0x0000026CB6200000-0x0000026CB6300000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1024KB

                                                                                                                                                                                                                                                        Download

                                                                                                                                                                                                                                                      • memory/5744-551-0x0000026CB6200000-0x0000026CB6300000-memory.dmp

                                                                                                                                                                                                                                                        Filesize

                                                                                                                                                                                                                                                        1024KB

                                                                                                                                                                                                                                                        Download