Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://google.com

windows11-21h2-x64

Analysis

  • max time kernel
    1007s
  • max time network
    1009s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-07-2024 20:53

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    http://google.com

Score
10/10
dharmatroldeshwarzonerataspackv2defense_evasionevasionexecutionimpactinfostealerpersistenceprivilege_escalationransomwareratrezer0spywarestealertrojan

Malware Config

Signatures

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    evasiontrojan
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • ReZer0 packer 1 IoCs

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0
  • Renames multiple (563) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables RegEdit via registry modification 2 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables use of System Restore points 1 TTPs
    evasion
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Drops startup file 5 IoCs
  • Executes dropped EXE 19 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 1 IoCs
    defense_evasion
  • Loads dropped DLL 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 64 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 5 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 6 IoCs
  • NTFS ADS 24 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 9 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4720
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa934c3cb8,0x7ffa934c3cc8,0x7ffa934c3cd8
      2⤵
        PID:5044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:1736
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1708
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
          2⤵
            PID:1488
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
            2⤵
              PID:792
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
              2⤵
                PID:2956
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
                2⤵
                  PID:1312
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3744
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4936
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                  2⤵
                    PID:4876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
                    2⤵
                      PID:3856
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
                      2⤵
                        PID:5064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                        2⤵
                          PID:2152
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
                          2⤵
                            PID:2084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
                            2⤵
                              PID:3148
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                              2⤵
                                PID:4188
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                                2⤵
                                  PID:2780
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3340 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2092
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                  2⤵
                                    PID:4776
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4232 /prefetch:8
                                    2⤵
                                      PID:5004
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5024 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4800
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                      2⤵
                                        PID:2428
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                        2⤵
                                          PID:3148
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                          2⤵
                                            PID:1012
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                            2⤵
                                              PID:4872
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6856 /prefetch:8
                                              2⤵
                                                PID:3868
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6716 /prefetch:8
                                                2⤵
                                                  PID:4832
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:236
                                                • C:\Users\Admin\Downloads\Launcher.exe
                                                  "C:\Users\Admin\Downloads\Launcher.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:1440
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
                                                  2⤵
                                                    PID:5052
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8
                                                    2⤵
                                                      PID:4428
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 /prefetch:8
                                                      2⤵
                                                        PID:4652
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4656
                                                      • C:\Users\Admin\Downloads\WindowsUpdate.exe
                                                        "C:\Users\Admin\Downloads\WindowsUpdate.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of FindShellTrayWindow
                                                        • Suspicious use of SendNotifyMessage
                                                        PID:4664
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                                        2⤵
                                                          PID:4480
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 /prefetch:8
                                                          2⤵
                                                            PID:2404
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1052 /prefetch:8
                                                            2⤵
                                                              PID:3352
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
                                                              2⤵
                                                              • NTFS ADS
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2812
                                                            • C:\Users\Admin\Downloads\YouAreAnIdiot.exe
                                                              "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:240
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 1232
                                                                3⤵
                                                                • Program crash
                                                                PID:1688
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
                                                              2⤵
                                                                PID:1052
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8
                                                                2⤵
                                                                  PID:1360
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
                                                                  2⤵
                                                                  • NTFS ADS
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:3440
                                                                • C:\Users\Admin\Downloads\Time.exe
                                                                  "C:\Users\Admin\Downloads\Time.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3408
                                                                • C:\Users\Admin\Downloads\Time.exe
                                                                  "C:\Users\Admin\Downloads\Time.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:1392
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
                                                                  2⤵
                                                                    PID:4640
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7008 /prefetch:8
                                                                    2⤵
                                                                      PID:1876
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
                                                                      2⤵
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:440
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                                                      2⤵
                                                                        PID:2648
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5836 /prefetch:8
                                                                        2⤵
                                                                          PID:4528
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
                                                                          2⤵
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:3812
                                                                        • C:\Users\Admin\Downloads\WarzoneRAT.exe
                                                                          "C:\Users\Admin\Downloads\WarzoneRAT.exe"
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of SetThreadContext
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:4752
                                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                                            "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDB8F.tmp"
                                                                            3⤵
                                                                            • Scheduled Task/Job: Scheduled Task
                                                                            PID:4656
                                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                            3⤵
                                                                              PID:5100
                                                                          • C:\Users\Admin\Downloads\WarzoneRAT.exe
                                                                            "C:\Users\Admin\Downloads\WarzoneRAT.exe"
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetThreadContext
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:2208
                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                              "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp1982.tmp"
                                                                              3⤵
                                                                              • Scheduled Task/Job: Scheduled Task
                                                                              PID:2180
                                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                              3⤵
                                                                                PID:3568
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                                                                              2⤵
                                                                                PID:3892
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6308 /prefetch:8
                                                                                2⤵
                                                                                  PID:4624
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 /prefetch:8
                                                                                  2⤵
                                                                                  • NTFS ADS
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:2088
                                                                                • C:\Users\Admin\Downloads\CoronaVirus.exe
                                                                                  "C:\Users\Admin\Downloads\CoronaVirus.exe"
                                                                                  2⤵
                                                                                  • Drops startup file
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  • Drops desktop.ini file(s)
                                                                                  • Drops file in System32 directory
                                                                                  • Drops file in Program Files directory
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:1640
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    "C:\Windows\system32\cmd.exe"
                                                                                    3⤵
                                                                                      PID:4932
                                                                                      • C:\Windows\system32\mode.com
                                                                                        mode con cp select=1251
                                                                                        4⤵
                                                                                          PID:14232
                                                                                        • C:\Windows\system32\vssadmin.exe
                                                                                          vssadmin delete shadows /all /quiet
                                                                                          4⤵
                                                                                          • Interacts with shadow copies
                                                                                          PID:6248
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        "C:\Windows\system32\cmd.exe"
                                                                                        3⤵
                                                                                          PID:17388
                                                                                          • C:\Windows\system32\mode.com
                                                                                            mode con cp select=1251
                                                                                            4⤵
                                                                                              PID:6420
                                                                                            • C:\Windows\system32\vssadmin.exe
                                                                                              vssadmin delete shadows /all /quiet
                                                                                              4⤵
                                                                                              • Interacts with shadow copies
                                                                                              PID:10336
                                                                                          • C:\Windows\System32\mshta.exe
                                                                                            "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                                                            3⤵
                                                                                              PID:6308
                                                                                            • C:\Windows\System32\mshta.exe
                                                                                              "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                                                              3⤵
                                                                                                PID:6344
                                                                                            • C:\Users\Admin\Downloads\CoronaVirus.exe
                                                                                              "C:\Users\Admin\Downloads\CoronaVirus.exe"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:49340
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:12084
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6968 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:11988
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • NTFS ADS
                                                                                              PID:10608
                                                                                            • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                                              "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Adds Run key to start application
                                                                                              PID:37900
                                                                                            • C:\Users\Admin\Downloads\NoMoreRansom.exe
                                                                                              "C:\Users\Admin\Downloads\NoMoreRansom.exe"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:38212
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:39056
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:39160
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              PID:39216
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,10610404343962724543,3353219684817561084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • NTFS ADS
                                                                                              PID:39352
                                                                                            • C:\Users\Admin\Downloads\Annabelle.exe
                                                                                              "C:\Users\Admin\Downloads\Annabelle.exe"
                                                                                              2⤵
                                                                                              • Modifies WinLogon for persistence
                                                                                              • Modifies Windows Defender Real-time Protection settings
                                                                                              • UAC bypass
                                                                                              • Disables RegEdit via registry modification
                                                                                              • Event Triggered Execution: Image File Execution Options Injection
                                                                                              • Executes dropped EXE
                                                                                              • Impair Defenses: Safe Mode Boot
                                                                                              • Adds Run key to start application
                                                                                              • Checks whether UAC is enabled
                                                                                              • System policy modification
                                                                                              PID:39524
                                                                                              • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                vssadmin delete shadows /all /quiet
                                                                                                3⤵
                                                                                                • Interacts with shadow copies
                                                                                                PID:39644
                                                                                              • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                vssadmin delete shadows /all /quiet
                                                                                                3⤵
                                                                                                • Interacts with shadow copies
                                                                                                PID:39652
                                                                                              • C:\Windows\SYSTEM32\vssadmin.exe
                                                                                                vssadmin delete shadows /all /quiet
                                                                                                3⤵
                                                                                                • Interacts with shadow copies
                                                                                                PID:39668
                                                                                              • C:\Windows\SYSTEM32\NetSh.exe
                                                                                                NetSh Advfirewall set allprofiles state off
                                                                                                3⤵
                                                                                                • Modifies Windows Firewall
                                                                                                • Event Triggered Execution: Netsh Helper DLL
                                                                                                PID:39684
                                                                                              • C:\Windows\System32\shutdown.exe
                                                                                                "C:\Windows\System32\shutdown.exe" -r -t 00 -f
                                                                                                3⤵
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:13584
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:2324
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:4660
                                                                                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                1⤵
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:2872
                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 240 -ip 240
                                                                                                1⤵
                                                                                                  PID:3156
                                                                                                • C:\Windows\system32\vssvc.exe
                                                                                                  C:\Windows\system32\vssvc.exe
                                                                                                  1⤵
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:8088
                                                                                                • C:\Windows\system32\werfault.exe
                                                                                                  werfault.exe /h /shared Global\7a53e96d58e94694a310f496c70256c4 /t 6316 /p 6308
                                                                                                  1⤵
                                                                                                    PID:36436
                                                                                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                                                                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                                                    1⤵
                                                                                                    • Modifies registry class
                                                                                                    PID:37172
                                                                                                  • C:\Windows\system32\werfault.exe
                                                                                                    werfault.exe /h /shared Global\10bba92f32fb45248a2386aab64f8577 /t 6372 /p 6344
                                                                                                    1⤵
                                                                                                      PID:37264
                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\FILES ENCRYPTED.txt
                                                                                                      1⤵
                                                                                                        PID:46700
                                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\FILES ENCRYPTED.txt
                                                                                                        1⤵
                                                                                                          PID:26244
                                                                                                        • C:\Windows\system32\vssvc.exe
                                                                                                          C:\Windows\system32\vssvc.exe
                                                                                                          1⤵
                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                          PID:39840
                                                                                                        • C:\Windows\system32\LogonUI.exe
                                                                                                          "LogonUI.exe" /flags:0x4 /state0:0xa39f8055 /state1:0x41c64e6d
                                                                                                          1⤵
                                                                                                          • Modifies data under HKEY_USERS
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:8856

                                                                                                        Network

                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                        Reconnaissance

                                                                                                        Resource Development

                                                                                                        Initial Access

                                                                                                        Execution

                                                                                                        Scheduled Task/Job

                                                                                                        1
                                                                                                        T1053

                                                                                                        Scheduled Task

                                                                                                        1
                                                                                                        T1053.005

                                                                                                        Windows Management Instrumentation

                                                                                                        1
                                                                                                        T1047

                                                                                                        Persistence

                                                                                                        Boot or Logon Autostart Execution

                                                                                                        2
                                                                                                        T1547

                                                                                                        Registry Run Keys / Startup Folder

                                                                                                        1
                                                                                                        T1547.001

                                                                                                        Winlogon Helper DLL

                                                                                                        1
                                                                                                        T1547.004

                                                                                                        Create or Modify System Process

                                                                                                        2
                                                                                                        T1543

                                                                                                        Windows Service

                                                                                                        2
                                                                                                        T1543.003

                                                                                                        Event Triggered Execution

                                                                                                        2
                                                                                                        T1546

                                                                                                        Image File Execution Options Injection

                                                                                                        1
                                                                                                        T1546.012

                                                                                                        Netsh Helper DLL

                                                                                                        1
                                                                                                        T1546.007

                                                                                                        Scheduled Task/Job

                                                                                                        1
                                                                                                        T1053

                                                                                                        Scheduled Task

                                                                                                        1
                                                                                                        T1053.005

                                                                                                        Privilege Escalation

                                                                                                        Abuse Elevation Control Mechanism

                                                                                                        1
                                                                                                        T1548

                                                                                                        Bypass User Account Control

                                                                                                        1
                                                                                                        T1548.002

                                                                                                        Boot or Logon Autostart Execution

                                                                                                        2
                                                                                                        T1547

                                                                                                        Registry Run Keys / Startup Folder

                                                                                                        1
                                                                                                        T1547.001

                                                                                                        Winlogon Helper DLL

                                                                                                        1
                                                                                                        T1547.004

                                                                                                        Create or Modify System Process

                                                                                                        2
                                                                                                        T1543

                                                                                                        Windows Service

                                                                                                        2
                                                                                                        T1543.003

                                                                                                        Event Triggered Execution

                                                                                                        2
                                                                                                        T1546

                                                                                                        Image File Execution Options Injection

                                                                                                        1
                                                                                                        T1546.012

                                                                                                        Netsh Helper DLL

                                                                                                        1
                                                                                                        T1546.007

                                                                                                        Scheduled Task/Job

                                                                                                        1
                                                                                                        T1053

                                                                                                        Scheduled Task

                                                                                                        1
                                                                                                        T1053.005

                                                                                                        Defense Evasion

                                                                                                        Abuse Elevation Control Mechanism

                                                                                                        1
                                                                                                        T1548

                                                                                                        Bypass User Account Control

                                                                                                        1
                                                                                                        T1548.002

                                                                                                        Direct Volume Access

                                                                                                        1
                                                                                                        T1006

                                                                                                        Impair Defenses

                                                                                                        4
                                                                                                        T1562

                                                                                                        Disable or Modify System Firewall

                                                                                                        1
                                                                                                        T1562.004

                                                                                                        Disable or Modify Tools

                                                                                                        2
                                                                                                        T1562.001

                                                                                                        Safe Mode Boot

                                                                                                        1
                                                                                                        T1562.009

                                                                                                        Indicator Removal

                                                                                                        2
                                                                                                        T1070

                                                                                                        File Deletion

                                                                                                        2
                                                                                                        T1070.004

                                                                                                        Modify Registry

                                                                                                        5
                                                                                                        T1112

                                                                                                        Credential Access

                                                                                                        Unsecured Credentials

                                                                                                        1
                                                                                                        T1552

                                                                                                        Credentials In Files

                                                                                                        1
                                                                                                        T1552.001

                                                                                                        Discovery

                                                                                                        Query Registry

                                                                                                        1
                                                                                                        T1012

                                                                                                        System Information Discovery

                                                                                                        3
                                                                                                        T1082

                                                                                                        Lateral Movement

                                                                                                        Collection

                                                                                                        Data from Local System

                                                                                                        1
                                                                                                        T1005

                                                                                                        Command and Control

                                                                                                        Web Service

                                                                                                        1
                                                                                                        T1102

                                                                                                        Exfiltration

                                                                                                        Impact

                                                                                                        Inhibit System Recovery

                                                                                                        3
                                                                                                        T1490

                                                                                                        Replay Monitor

                                                                                                        Loading Replay Monitor...

                                                                                                        Downloads

                                                                                                        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id-BF08C0AC.[[email protected]].ncov
                                                                                                          Filesize

                                                                                                          3.2MB

                                                                                                          MD5

                                                                                                          df61751f9899739bece33ed9515ef8ec

                                                                                                          SHA1

                                                                                                          13e30acfc4197329eb98962864b21fcfd74cdc28

                                                                                                          SHA256

                                                                                                          96b5718ccf89ab9dde15a5b6431969d46f9ff8e32b27edf9c11714745ff53e78

                                                                                                          SHA512

                                                                                                          896901438df0ed62ceecaf424b6f8b47b9cb04cdb8e4a4d9e7053c562b218b35284ebfaf6fc67e9f1b3dd359bae072af2a278ff31dc39a43cfbeb3f0b1ef526c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WarzoneRAT.exe.log
                                                                                                          Filesize

                                                                                                          507B

                                                                                                          MD5

                                                                                                          a0c3e1aca0335d2d3a6c16038a5e1feb

                                                                                                          SHA1

                                                                                                          865132ecfd8bc3781419e10a57ef33686d80f83f

                                                                                                          SHA256

                                                                                                          68e52b0dae9281848730d457702a3fbe0868a0209d2740c9b5435dcf872d1072

                                                                                                          SHA512

                                                                                                          6b5dc7bb61bebea323e806e4eeaac8383621c84be7545af744923445dc4545b9395abcd8f7b82f8b30fddc28872e3f47a010a271f588b5dd725cdd1be2ee4ed8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                          Filesize

                                                                                                          152B

                                                                                                          MD5

                                                                                                          f1d33f465a73554cd1c183cbcd0a28a2

                                                                                                          SHA1

                                                                                                          f5c16fc4edff600cb307f762d950500aa29a1e8b

                                                                                                          SHA256

                                                                                                          22d8c228cdcfd3e05431d7377748014035a3488ad3a0d4aecc334e724245a1f9

                                                                                                          SHA512

                                                                                                          7cc94f77f3943143ee86eabbfddcb110ce52c6ff0975842e3a3d06072f51f2c48914ee61f24484a539888ad19a7e6a1becfb029485cd5984bc736434a63cee95

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                          Filesize

                                                                                                          152B

                                                                                                          MD5

                                                                                                          575466f58c7d9d3224035d23f102d140

                                                                                                          SHA1

                                                                                                          2fce4082fa83534b3ddc91e42fb242baee4afa1c

                                                                                                          SHA256

                                                                                                          9da0e657652daa1ef86af7c3db62b0af9cce372a5f765c98c68479922ccf1923

                                                                                                          SHA512

                                                                                                          06503e718fe967076dd8a061b57debdc663b9616b005f8567099a84fc7184880633079335d622c243918efc3356b40e683708fb0583084abeed7db6168a212ab

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8c20e438-a44c-4d3e-9dd7-fc82d06d52fe.tmp
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          63af1c7cd10fc778d40f0c09d40e9760

                                                                                                          SHA1

                                                                                                          29df3ab3a70d3fb42073f06c9ed3387b62bbc0c5

                                                                                                          SHA256

                                                                                                          03f3c5a252b5bd2798c8d4e01ab598b9af9f8eeeaf3201c4d7522e4aa2ad7583

                                                                                                          SHA512

                                                                                                          677a1dfd8663b026c72538afbecca6f6c06c35c73d12def2fdf2faabbbd2d98bb52870544de72d75e2b2a5e463b0616969f97a0402a2219d319a204d45641908

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9dec64b5-c519-45c1-a11c-1bffd29af47e.tmp
                                                                                                          Filesize

                                                                                                          784B

                                                                                                          MD5

                                                                                                          6f1428e139b1e1e032f545b527f0e1d6

                                                                                                          SHA1

                                                                                                          99ba879668bce410d948032fb9511638afb3b703

                                                                                                          SHA256

                                                                                                          f343c1d04da4e826fc44df8cbfa92cfee2b54d92d8a60fd674597d9fd9d26af1

                                                                                                          SHA512

                                                                                                          fc2bd33dd75f678fa63da913dfefe5c774c2f57c2790b11c1f69de019408ddfd04896f403bc2eead2d4821f912d73e2723d18aca1683a741a7ee9481b49b1ba7

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                          Filesize

                                                                                                          211KB

                                                                                                          MD5

                                                                                                          151fb811968eaf8efb840908b89dc9d4

                                                                                                          SHA1

                                                                                                          7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                                                          SHA256

                                                                                                          043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                                                          SHA512

                                                                                                          83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
                                                                                                          Filesize

                                                                                                          760KB

                                                                                                          MD5

                                                                                                          515198a8dfa7825f746d5921a4bc4db9

                                                                                                          SHA1

                                                                                                          e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae

                                                                                                          SHA256

                                                                                                          0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d

                                                                                                          SHA512

                                                                                                          9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
                                                                                                          Filesize

                                                                                                          15.9MB

                                                                                                          MD5

                                                                                                          0f743287c9911b4b1c726c7c7edcaf7d

                                                                                                          SHA1

                                                                                                          9760579e73095455fcbaddfe1e7e98a2bb28bfe0

                                                                                                          SHA256

                                                                                                          716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac

                                                                                                          SHA512

                                                                                                          2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          144B

                                                                                                          MD5

                                                                                                          1d90c4ea0c9b0a40383ecafb32296d36

                                                                                                          SHA1

                                                                                                          de5ec36b9e3faf949e01c2cc757b21312fd0f5fa

                                                                                                          SHA256

                                                                                                          cabc21459056502730ba909e64eae811185941e4d8ebac98ccd481a5f45cf5e7

                                                                                                          SHA512

                                                                                                          adbc2ab9be2871236c491ad6df8c625e772290a2f7c71e013bf50de9fc2cd5dc7a1d99ae8df9a8fbaa7dac4afe728e80fa6ea6165cfebf6b3de5f79192d10a26

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          6629ddb30d70a25413caecc922624dcc

                                                                                                          SHA1

                                                                                                          55acfa2a342ed7e927429d2a422e65d8a917673f

                                                                                                          SHA256

                                                                                                          ff177296a1d6f28689a26afbda1e9bc28f8e66eaef3e0c5322c0fce511397735

                                                                                                          SHA512

                                                                                                          c504bc29a1ce06ab71dc341451c7343295e87c3925d0564bbb860f845a20f3b0ee1452fc438b76db2c16bf1d42a9548edf7979c042deba36ee77befb94ef7679

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          a1404c1bf11ff886e21193056792d801

                                                                                                          SHA1

                                                                                                          0bfa10d69cd16866151e0f338e303dc5b77485db

                                                                                                          SHA256

                                                                                                          f4ef580d2f6919ea811e033875437eedac3f53350e713cb8b0bd7ec5684277c9

                                                                                                          SHA512

                                                                                                          25028772857fc1167aee69ebc3b29884a5f265501fc5c46773e758e0c20b3ff383b94ed9357e153f95a8824ada97da2e89b9dbb305e18715d818b07c54fe69b0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          7c75f524af659155927de346755c524b

                                                                                                          SHA1

                                                                                                          332dca09c8c441a7dd4404165f67f5fae0af84db

                                                                                                          SHA256

                                                                                                          7826b6280c62c62a5cc46ac35b387dc732c9ac7ce00ac4e26b36f8097797d2fe

                                                                                                          SHA512

                                                                                                          25efaec8d1671b43c594a947135e3e66bfea4bee138935c7e124a5f196fe407b0e4f252e6f9cc8423c853e5c87c33ce7fb41b0201fa99951e43bdc2806c912a5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          3KB

                                                                                                          MD5

                                                                                                          b90c8e3230fd64be12fa7f7d0405addf

                                                                                                          SHA1

                                                                                                          86331d9691ad57d366f815a784e67ba71bcb4aab

                                                                                                          SHA256

                                                                                                          5654091a7279f2b81b5e188ba9fecf4e0c2f131cb6edb7a52d8314ca96dbafc8

                                                                                                          SHA512

                                                                                                          cfb15a9f5252d39ba36e5adfd0ffca0c25f24a0de53f69886db25bea7f6a1d3625a88d3c1bc31bef38643c32976873d5ce5cb64eacaf392cdb116b212fce5f87

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          e1eab757ab2cb7c259e23d62d7f0c2c4

                                                                                                          SHA1

                                                                                                          44f323a72b6a0439bc13b4b9fa67200324664e41

                                                                                                          SHA256

                                                                                                          03945851f54a17073be5cc4ffc2d109c6f12083a61f2de9c1385b5551d6d0c0d

                                                                                                          SHA512

                                                                                                          1ac778e4ba5bab70d9b66cbf88cc7ad14787652974c139bd7cfd67b269e32da54b6edcd31a1360e6aca7cfff58bbeae900b673888d36d50130d21f88928ba1b3

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          38f921eb5bb3bb6a5235d086ad8f7764

                                                                                                          SHA1

                                                                                                          80c399214e5e28484974b814ecd7024e2ba4483a

                                                                                                          SHA256

                                                                                                          5d90e9850273028bf2124e2ecb80ad9ae57cffc9ae05ea4fe5016f55df0f6e2b

                                                                                                          SHA512

                                                                                                          ea2a57161f23eb8ccf417373c0a7523465c6dd3eb9f0b57302c8ef5f94ae7cf8fb9d0ff5a785db85fcec1429774d9f9e8ee41d883994032103240cabd889c3d6

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          5KB

                                                                                                          MD5

                                                                                                          1ac9418e2f6c02ec15495e24e74cd402

                                                                                                          SHA1

                                                                                                          df240015f68e19930bd6e7425e92431c9c447f61

                                                                                                          SHA256

                                                                                                          002b40e3ad066e0f6f5140ee804fbc17f4c6f12d330439c5b2bc56e05414d6b2

                                                                                                          SHA512

                                                                                                          71ee490a4b01efe8dc52c3e0b164831fbfb19369719683b6a6036d920ff69e7af454654c6078d760778e997b30746f9608749479f255bd85505944d445b40999

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          b35c55c31d914089b9943533cc0d8aed

                                                                                                          SHA1

                                                                                                          975c86461b5561defa6f4123f338e815577ecdad

                                                                                                          SHA256

                                                                                                          6745d5b6227de88fd1a3d78453719c405aa6b76071884ec798a2e44fa7b6d23c

                                                                                                          SHA512

                                                                                                          ca245759ac00286d2e21c7f879a99d16730a7b0b94a433ca1bd62796c94ffc427942edb40da23f25c7b270d7f38debb61b5ae23d6f48a64ca42ec3da22cc4e04

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          6b7a20118c39acb64f576a5491e84fcd

                                                                                                          SHA1

                                                                                                          e8b722ca90e8cb0513f7288742958f2cc6f3c8fd

                                                                                                          SHA256

                                                                                                          ce9cba33e08df5fff67d9eb6b7286a2a6873c760832066edbb1c5d35470e0c96

                                                                                                          SHA512

                                                                                                          e82ac2f92c8cce7e10cd6fb8d6c3f47283ea85d37eac9c9238b5b2d40cfed47873ed726b4077505fb9aad85e89056b13ea264e9417e4fa94ca761060bec1e96e

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          a9195ffc14c184b98b72a9a5dfa36dcc

                                                                                                          SHA1

                                                                                                          3c69110d4e41ebbf4a59b00e35096fd9164efb74

                                                                                                          SHA256

                                                                                                          a862985c01ef13edf5068b7aaa392f8fccf09d9ee36230ae810a60d5d275de59

                                                                                                          SHA512

                                                                                                          4ed6f6e44d22cc2cba41881e5ce4b46918b3575f77f853f4919ed79751726fda7dbcaeb4c3534f11d2e0e084e9ba7d7a88b6bb88c68c4cf0c6dd9228626f05a7

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          a6fc1363ddf95f95b9bee950796636fa

                                                                                                          SHA1

                                                                                                          a4327e72a5a7e62401c6b897599df0ee6f30565c

                                                                                                          SHA256

                                                                                                          cc63114d403d3ff7c3cac37ef13c91565be35a3abe1d1a3e70a9b1b62294db06

                                                                                                          SHA512

                                                                                                          baba994ba234a086ce598d0618bbf054b495721c2a8b80848ba5646fe0b0e7a9d77884f3daa9043abba62098a962fd2a0d34214ae5c82ad878ab7f4a9beb000a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          19881306125b794a5307f2f08c8f8e60

                                                                                                          SHA1

                                                                                                          2102fd79ce35d9ed3f091144daacca27842f2070

                                                                                                          SHA256

                                                                                                          b2419e133c29527707ab3f687b5d26ff14214755d2a85b02bbd754a36c90889d

                                                                                                          SHA512

                                                                                                          f80ab2104e648a1337a6552d7f2dadd93d483f5e6f90175f34bb758b173ea689712f2cdca65c6c515d3028bb203f2cce24a373f0c2dd50a53b455f132d2c17e0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          68e2abad48c692ce2c0f88e333bc3d24

                                                                                                          SHA1

                                                                                                          81576193d41388e9bfacf534d16329b363c29e12

                                                                                                          SHA256

                                                                                                          d3c09cc6855152ede02218877735e573396857a2c6e29c0159a76c95ba932d17

                                                                                                          SHA512

                                                                                                          3589f51f6e650a3f3a6ef347a99ca8e0d68a2373ec6bcacedea6fb32807e8d2066c731e4f3aa765b3fac4c45bf4d8e39c5398bd64db4de72c0e35f04feed309d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          86a5e3710f97171bd97a0bf516354864

                                                                                                          SHA1

                                                                                                          c7e9fc62f05b64b6532f278063d5aaee66f986a9

                                                                                                          SHA256

                                                                                                          a5eded427c9da0575c8ff9411035c6ed78eaf74c75c4b9765532064c9fb7ca1d

                                                                                                          SHA512

                                                                                                          ac4f913c25ccd8cc6f79ad5c7e22e11935c5523802fc411a8514c35d59c4817a8d0aa10944b6277ca7e886604463682cc24cb3479d0607ae9029d4e3b5a9d66b

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          bf58a4c4e4349027099c917775544a3e

                                                                                                          SHA1

                                                                                                          266be22071097e82387300500f6cf0c55de0b19e

                                                                                                          SHA256

                                                                                                          74ad43d18ea84343ea7912968e2995785463e36569a22c6f72b75e516f361609

                                                                                                          SHA512

                                                                                                          e40f34e509fa5ed31a3c8ba1e5edef3e7a5ac015d5b8351dafbe80cbb4de9ca8466d26c9349baacb75090cf29cfa24fdb56632fd439bf7facb98401764f96ff8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          d9b9e7e1d5081a95dbe68ef40f70feab

                                                                                                          SHA1

                                                                                                          740fd7b884b733abaa9753f68f0f0e507e35c8e3

                                                                                                          SHA256

                                                                                                          ca72bc333e9ad9223ec8c3cd77ea574e91acb95fec044a59a8e60a3560ada532

                                                                                                          SHA512

                                                                                                          ef71491403bc276ad6bd3eb15dc6bb945cb5e837003ca643bf65c69825d249bbec385904a9ab6cee63e8a96dfcb5abcf52cd0cc4e72d104b8223ba830cb65651

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          0eb439c49273f937361ff220377b7f25

                                                                                                          SHA1

                                                                                                          6fc92b7435ed7b421246aefae2b988c5efb04e23

                                                                                                          SHA256

                                                                                                          fbbfd0aa2e84d87b076052775c6310379c753e9a2de3faf1d959760fd14341f4

                                                                                                          SHA512

                                                                                                          89bf45a3199ab6845052ba80e6d17910754965d1842081179fb43c2bd722313d0dffee5f4ba0a91d832fa897fffc6f1ae96b3087f9a3e950f730c95f4eadb931

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          5d759e15d803924f4487e40030102744

                                                                                                          SHA1

                                                                                                          c2bfabd899bb1cc0538643ae7d2cbd9d0cee20e3

                                                                                                          SHA256

                                                                                                          874b262c5b5aeb6a97bb695ac0e723ca707ebfef719adba52ecc0730e37c20a7

                                                                                                          SHA512

                                                                                                          8c4a10bf7356887476bbf27d7af0bdf1024cc07f384f8bbb9160bcceee5209edf15b91b67c4cf3eb9e3e9e41e5059f81186695bc64c55739974b701bd73c1591

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          89ebcd80064042df557c9b0ee5f8005c

                                                                                                          SHA1

                                                                                                          1a92871b76cf217c25cbee4b4cfa60defb52d393

                                                                                                          SHA256

                                                                                                          a67e899376817c94476c96bce53feaf19bcb4945740d9805846a85c59641630f

                                                                                                          SHA512

                                                                                                          5fe63f348f08fd0781fa5515b44b8c4fd2cb387404e70e1a8f98d80845a2aaf826d4ec547775bb8bfb598666477c80a728cf0adc560aba00790d3aec3933a568

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          daecded666d160462d7f1ee02415ba46

                                                                                                          SHA1

                                                                                                          2adda9b67836fa38897e945940109d93cd696030

                                                                                                          SHA256

                                                                                                          4a0d08dd63548aee06aa769eb6c11a9256579baf27fb14018bc20d83115e6032

                                                                                                          SHA512

                                                                                                          aaa46a3a261bfd06e276f507fcac06f2adacb68311c000183364bb0524e81d43a2a3eb93057ecd7c8541385e62b0aa9f19d26d8dc6672dbdf6d1f2d39cf241ed

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          86c99bdeb5fa1951f148001a1b19e3d7

                                                                                                          SHA1

                                                                                                          aefb7734865773298c67eb875890e2a0e808cf5d

                                                                                                          SHA256

                                                                                                          73a9692d4945691eb3c9212d342faa6c0ebff0538554d72e215ce2af5cd37614

                                                                                                          SHA512

                                                                                                          a06bc0aed4f132148d2e464758bc284aa28bbedf52592f3b8e33853ff0372ed7ee5a57cee9cc09bf64e5b2f4b777564b3cefe9c94ac66e8e3aa933279f20e86b

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          772dab36f6b9878e42bf8cfd654f0145

                                                                                                          SHA1

                                                                                                          2e11aec48cb0a656fa522a1b9008a53f383e8cc3

                                                                                                          SHA256

                                                                                                          e08d020fb06ab65d7f4450a1d63039b423c9b085d8634571fdae02c8aca282e6

                                                                                                          SHA512

                                                                                                          d3717b65170aaf3246ce48ddcd62e7e9905fa5b30e06c3f2f553c8f162a570b155c88d1625e1688a581f99a3698a460b0a502985cae6f686760fddf5f6748f59

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          700cb0ee75f9ac6f1e569c8b994b9507

                                                                                                          SHA1

                                                                                                          92d73729cd6570bedddf1c3caf1be500b909365b

                                                                                                          SHA256

                                                                                                          af6f6af702e567cddb7590ae050b7bf2fb4df8d4392527aace080db9180bc13c

                                                                                                          SHA512

                                                                                                          b9fd792886cc462d695dd4edda726734c7192bb76708e6307e9baea00d07bd5de9b1fd1aaf6f03f000635079126e69a391da865e4aad1e23c9edbf255ef83c6f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          279039972f9b965cb7cb864ca6b54c36

                                                                                                          SHA1

                                                                                                          d06378a45306ee90e825ea460eb3410ec81d5669

                                                                                                          SHA256

                                                                                                          f3219d0c14975ef169ac94fd300a4adfc412994cdaabbafcd6108484f7145b79

                                                                                                          SHA512

                                                                                                          54ee40011da7e0441eb6b06d77dcf596972b109919a2a1249915dee034245b9c1a76acec23686428c80cc85892af3aea36cedfc03654b5cc0d5e7d71a53ed6a5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          58777c07e827c33d77ce9a8c8fe20bd5

                                                                                                          SHA1

                                                                                                          1bf9770f08b2348429fb6d014eecc45c25d68dff

                                                                                                          SHA256

                                                                                                          4331da940b34fed18db6e07236241e67122864cfd43158cdf084f215c37e0b9f

                                                                                                          SHA512

                                                                                                          c1b64847745332977dc55fa0be0e10d0ba079271e4ccb3e374941b5bdc218b7a431afbe23fa2fc366dff6d613abcdce9571c9a37d30939c73482225db5d7444a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          e7bc61b2c54333e023da55f11b78a0b3

                                                                                                          SHA1

                                                                                                          2fa9770f9efd47804b29a07a656a785bd52fb3cd

                                                                                                          SHA256

                                                                                                          d4262a764929e407ee3e2a571d03a0da3424085620f5fe4f4c72aafcb95ca6df

                                                                                                          SHA512

                                                                                                          84f95a0c54a1961f0477761461618c28796a16306c309fdc40606f36f6084a4bde4b1d73bcd9add2be7beb7f69e11ce6a9c4135c64612a94e3a5cc77c7eb49a0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          4c8f51799e6d053ebd03791c38eceee1

                                                                                                          SHA1

                                                                                                          35b275bd959c217cd1453482d4c9c60a27685db2

                                                                                                          SHA256

                                                                                                          21bb1cd4595a4b65385a1b74c8c6b85078e2e8a133cb977532a6bac086bd7d49

                                                                                                          SHA512

                                                                                                          a81f34c101796fb842116fc959df2e541644b58d91cb6569c526085424541ef85a7210cea6ea61bdc06a1b206299538e94c80b36eeec906b6934ed43bb4029ae

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          f10b33856e0abeb094ef94fff4b93d49

                                                                                                          SHA1

                                                                                                          daf7ea78f6f8939caf83ba5a31d7ee070085bfd3

                                                                                                          SHA256

                                                                                                          2402d5b4ac6ddd5ce04a79074ad596e40614875af1c08bceffaf0ffba9ddb51e

                                                                                                          SHA512

                                                                                                          e4308dc695f5d10b29fc574063d1aa731a6830bbfc9d9ac7c5ebb97577dce79140d53fba96137f60ee799d2bebe480c1785ca855ff820510f654193cc1a83f04

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          fb999f00d3a500a207c384d06ef42458

                                                                                                          SHA1

                                                                                                          aff0ee6c886d843d77aa97ede17f3e3ed8c8c321

                                                                                                          SHA256

                                                                                                          0e58ca5034f6e74f1647f6dbaa3da3e4ab193e1e6fa6121463693838a4ffaaf7

                                                                                                          SHA512

                                                                                                          08ee2ea7113dc77ff68d82f3578a687a368ea68d4f09fa38df04700605743c1ef23b979ee16ebbb32b94088ce4d80f5e09a604de3623e6b62e4110e3a91ae5ba

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          206f902732362c64a0edef63c741b8a9

                                                                                                          SHA1

                                                                                                          94560222a70a601efaa572f7d2732d33c9b78366

                                                                                                          SHA256

                                                                                                          61b6f453cafb96a7e9805dc67c92d79a5907abd3b462a257edab2d2dd124e5c7

                                                                                                          SHA512

                                                                                                          d58ac73d82aea57ea67f6479a72efb948f4b968e3d5690971c63fd7fa300c76c55fdfbe79c74a5ebde90d6a023c7b22758373ce2c881860ad34fa8a9ce447731

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          3884e37226fd81e6ed097835d7745e93

                                                                                                          SHA1

                                                                                                          4b65a2f8a58e73ad9f37a9c35f396aafe660f572

                                                                                                          SHA256

                                                                                                          9a62656dea99313191caca68c6ac82d99ebde2345b4a784f623df6eac7452e40

                                                                                                          SHA512

                                                                                                          2465a6028787101f9cda93171d0206d854bb3a34b071aede3e7821f77cb833d3741ddfe84d67930a1f3572f8c2673b5b27df1d21c1668f90651adf0b638527ac

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          6982ea3de91a8554b90c9617cf55b9ad

                                                                                                          SHA1

                                                                                                          a5a056cbc824c264c7fb7ef30ac5fdcd22c7c674

                                                                                                          SHA256

                                                                                                          c9fd52f818f577b9c3320072ac0251900d7aed276ee3de4f491fa6b2143e352d

                                                                                                          SHA512

                                                                                                          fecb4787ccaa8cd8931aae5e292bd0d4dd71824cb7114911a7fc22d971af0295a0e53056ff268b44be7d9e69d3954438f61ee508b69fd2abb209364a29624661

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          70220937b60184f6ebf4b73e60de73e7

                                                                                                          SHA1

                                                                                                          40dd0296be0d9f043f2793bd2cdd0470b289462b

                                                                                                          SHA256

                                                                                                          cd239df42c0eb05ca1e47a08c83f9bf1095ceb835b39bc7218527d832a3b3431

                                                                                                          SHA512

                                                                                                          015e2673b9d9da8525187e747cdf7b643b69af02c6af118c868faecef6835454576598305461aa130a71009d52e59c6fecac12a8effb2db3db98f9f612ac1974

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          abe32b665e90773a324e3f002e5d84a2

                                                                                                          SHA1

                                                                                                          f1cca003928c79e1558cc0b0b01707586993e5e4

                                                                                                          SHA256

                                                                                                          51ea44ef8a70a992776a6751154fec5b14e82c9545f38364533999f8991726c4

                                                                                                          SHA512

                                                                                                          10d9615c79cc6beff7b08ca5058e14be0300f1d9840db1712c351ed6ca09c97343b4fb14d2755b5f53bcc5b7c95d4259d43c626997622d49c56aee8d49d9e221

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          9ab6cc7a4ff170ebf5da78905b8e2285

                                                                                                          SHA1

                                                                                                          cd38fbfa8c7ced29bd2dd269d507e6be3febddb6

                                                                                                          SHA256

                                                                                                          19cffa4515f991a525d46696dfe8fd657354ccb37a6df69f07639c3372ce3e98

                                                                                                          SHA512

                                                                                                          55aa32a4cd598eef4fe7481ce4a6438e16793f3e2644db14b97c9782ee8b082006bd537cddc4a2db776fe17ec24280f7d46f3c0d0be0ad64cb18632243d94901

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          79b11f1778fbd40e40197ec663a11685

                                                                                                          SHA1

                                                                                                          65c18b55cc68c6727de351951ae5ceba8bd72869

                                                                                                          SHA256

                                                                                                          84b74acc4f5412d0eefdc37d6d23fbaf255d6c4d06a38a8b788a4ee84b880438

                                                                                                          SHA512

                                                                                                          09ef9dd04bfc07d18246082a66fcde424a70de672f636ae6b64a86680c572337615e22b0325755379fe6c04b65c71018c5f9cd344c08572928c61d547fe66d63

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          bfd4bba958d79f4c7ae2b6248108eaea

                                                                                                          SHA1

                                                                                                          cff9d7ce91e4ccc509bf0aabc0afdf7d8c0c5e11

                                                                                                          SHA256

                                                                                                          15fd10ec70640f576f750bd521061bd1a18ef05d483790f29b8ebc161c064004

                                                                                                          SHA512

                                                                                                          f3f5f09ae6960812722dd80f6991415de537d35370dc18586270cecc9313956d6f4586857e67b185baf8239252e7536374bec3c3cdb46123a418dc9d05956ce0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59f505.TMP
                                                                                                          Filesize

                                                                                                          538B

                                                                                                          MD5

                                                                                                          5e92e295a04dddcf05c280e6f20102e5

                                                                                                          SHA1

                                                                                                          787503969d904f1eced7f484b0dc832cd4eafcd4

                                                                                                          SHA256

                                                                                                          cc1954d8d582c9986e6d339794c952714f3cbddf85d34b22dfe9cf7b9e9c4d34

                                                                                                          SHA512

                                                                                                          92448c63d2938023859b986980990d1bd7beaf4196dedaeffd910070459beb948b1414f3baba81096393a7f6ac9b51108aa92539da656bab427584ffbdb1bce4

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe638c38.TMP
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          c700a1d7bce4d4f4235fb40f18d1c1de

                                                                                                          SHA1

                                                                                                          797be070361b0cc87f0948a0fba8e876aeccac38

                                                                                                          SHA256

                                                                                                          9785c5f6ab6ba1ce0ab8e8b624fe8dd938e99282de3a5f6d839ff91be7011784

                                                                                                          SHA512

                                                                                                          d7d1e02554e4418ec7a6ad898bc7dbe0ac248c1f62014724a31b1c5f5215b76497525ec0117607c1474be4575359cc4ce2a8d1865ba6222f7dc9c34c9e71cf84

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\9dbdad81-28cf-43eb-a608-aa048b11598d\1
                                                                                                          Filesize

                                                                                                          10.9MB

                                                                                                          MD5

                                                                                                          c2c4450dd9dd82f2214c555cead43118

                                                                                                          SHA1

                                                                                                          af8f5b2955f2f1976128d08045b35d6c939495f5

                                                                                                          SHA256

                                                                                                          838fa0b08fba45c99233254dd2e1b02840c6f2c842a3848ee1fd343d0f3dc6b7

                                                                                                          SHA512

                                                                                                          6e30efbaab63f33776e263a72a42a52fa15cf145edee80b129b50ac80be97411285dc1263cb4609896be6150ba49ba59fae3f906e9cdf55f8539da0d79837de9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                          Filesize

                                                                                                          16B

                                                                                                          MD5

                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                          SHA1

                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                          SHA256

                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                          SHA512

                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                          Filesize

                                                                                                          16B

                                                                                                          MD5

                                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                                          SHA1

                                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                          SHA256

                                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                          SHA512

                                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          4498c63a54aeae74393ac8b763211df1

                                                                                                          SHA1

                                                                                                          e95f1838ee1a1ab0acc50e6f288c95ab3622465a

                                                                                                          SHA256

                                                                                                          f28d7f3e36a0e6572c785ff6431cda0d7ce881a24a0886a988660532479dbbc2

                                                                                                          SHA512

                                                                                                          8edb8b3992e8576fb955167c67b822e809c4de9de1a1cb06efa5b2098deb3d38d4cdc0be890d0d17ba48635ef2abfa47ef8af3ff4a578a8ab53e5b3500098918

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          620b4eb18a5f9894ad47edefc252d937

                                                                                                          SHA1

                                                                                                          258a97308e5f5ce3f99d92c19e4a563489894503

                                                                                                          SHA256

                                                                                                          210b68bb1793958b257930170e365caffc7c8a8ab64eca2dedbff2614f4f69e6

                                                                                                          SHA512

                                                                                                          d68b9cb82cb040d8174332afba3e74ddb1bbacc01b8293175fc4614026b602041c96c456dae5aaaaee8440ec26cd22874d0e527bddb551ba35d63d99ecc35a90

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          58c0d8a6e458d02cabc6d84e69ace003

                                                                                                          SHA1

                                                                                                          1ad99543567c5315b48b4b3ee250237d914981f8

                                                                                                          SHA256

                                                                                                          81701f98f7556314193f1e126c1963874825b3b582c54c340c11f24fb20f5fc0

                                                                                                          SHA512

                                                                                                          de320488997a0866a80d3745a6c53a606ee0a161a71529b7994df7fbff746744880959e5b2311c44d674f52c6d1e992689584d3f59b587511edc1ce281114fd9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          fd7cc7b6c7f6f710882aa8c381bfb022

                                                                                                          SHA1

                                                                                                          8fe3a5cb9f8bc1c0280217cf0398d10ffabd0429

                                                                                                          SHA256

                                                                                                          5583caf7a4a83b22a0f44aa02a4ef7ff30d951ebb7b9d3d193bde873510c67c7

                                                                                                          SHA512

                                                                                                          696d8ba6a71c12c81dae8b1f78e3b580b656eaa5cc31998b29411d0311278f3883019c2f29fa01c7ba3b55a0ec0f75a6b174f9727c148c6e8469f2993dd86ca3

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          4c129acc29876b8f01386857f3152179

                                                                                                          SHA1

                                                                                                          b497f8a353289ce277f9595bc6b9e854e7834e5e

                                                                                                          SHA256

                                                                                                          b79700c1593e5ccb5e4eccb8139374a7ccdf0cae529a78feb34654982ab0fa2b

                                                                                                          SHA512

                                                                                                          0e1d68cb647f589f0f030c6b9b4b07ec960aade53b3d6ff93e9c6a9fea882eaf44571b1822f6bf7cc1676e1ea7d9509b642dead154c8389bedd87800b6d47b6c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          f664357b196d1bbb043017f86ce65a66

                                                                                                          SHA1

                                                                                                          7eacc0867428088939e194196701d36174880cee

                                                                                                          SHA256

                                                                                                          81aebe2f8504fd21eacbe29478c1ead3993db516e7f6f1c6b2c8983892470cd8

                                                                                                          SHA512

                                                                                                          7c7d10c4b0d7862d956158b3f9cc9bca0e2487a883b64438a57695e5bad2e7014b7312c9ae1ccd7278ec4df27090bd28f7911cb93ccce4b5e1c4c67f5b517dc5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          d55b46a8a0a038187083e9ec2d33c9a9

                                                                                                          SHA1

                                                                                                          5caec56acd20d9212e05479b74e732e2388a2b2e

                                                                                                          SHA256

                                                                                                          85464657ca7c3ebef911469b332717f3b9c31eabb2fc5c24b3b15712a283f162

                                                                                                          SHA512

                                                                                                          10a30e3478c02457a01f291708e3c205b19562a5cf838fd6a891b92358fcf946cb4dd4eaf5fce781004613c00a70f66d5fcd09019ae2507f53d5a6f059c64915

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          7e3f61d9e1ba6734bc137f8304515afe

                                                                                                          SHA1

                                                                                                          758c110320797450e89de04ed2ec3b686f62bd21

                                                                                                          SHA256

                                                                                                          4d528c08b31fde13c8f08f03590df405c1fe957f5eb94d471f8ce3265121717c

                                                                                                          SHA512

                                                                                                          ae5647f6e8dcbb0a070d4cc20126f8ef590aed462d7424e62809498940127765aae9b811ea3fc175523acb52a6c388e0b44b920ceef0fe8f8326d1c3bde051a4

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          7fbf2a3230470ec3cdc30c347bf9971b

                                                                                                          SHA1

                                                                                                          79a349debcc483b5b5a4fbcfdd8ccb0eb4be8c64

                                                                                                          SHA256

                                                                                                          484edff62b6e1b102187fb7fb472494133c0ebc56d046623fa48751c3909f078

                                                                                                          SHA512

                                                                                                          114cee3d6aacd3306c218bc2d104e65aa406f726ce219a9404c069433ec3d8df7ea8ec893801bebc0f9ba578bd2f37eac9979e601a3161f423e01a28aa78c902

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          d084e4184da632cf65f31c52901ff646

                                                                                                          SHA1

                                                                                                          e5eb62462be7c6e902560074be5a3d4e5e9ff281

                                                                                                          SHA256

                                                                                                          4a62660573b96ba7dab84066492ed23a4fdee947b16c2edb89be0cf0892c552c

                                                                                                          SHA512

                                                                                                          3eb92aed6e7c24a11822b3a239a37ef0409105ebdc6e114c92acaa2413ee465a476153eb1e52f5c7705f7ac1e2ae66d52cebadb9d5c752c0f0cb6717d4418db7

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          9db70e4f8fcdb534483de92179903ca2

                                                                                                          SHA1

                                                                                                          08e67f4d7376cfed912c273f67b7d7122631eafa

                                                                                                          SHA256

                                                                                                          c923244201f35ac72d0361aac08afdbde9fe2da04a814c179c95da471fe9b722

                                                                                                          SHA512

                                                                                                          d1767c0a3032156437c92cec50cbb8ff7d041caf4f4eddaeca986858421d8ddf70c8bd042e81d55666ae13ffb3bba32b839048ab8f54f4cc33e00e1ae36a9083

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          292c075fd35be614c67bfb84414d424c

                                                                                                          SHA1

                                                                                                          eac6875ee7bbf3faf4ed4af7a6ca53d556851ab3

                                                                                                          SHA256

                                                                                                          f79bb3c98d843fa3a1e5626517d58e616551c94127dc9cb3dcb97d6af06ea8e9

                                                                                                          SHA512

                                                                                                          3949969eef6cac63acad5b151d5945b1baa818ac146d70fa5f12140980820304f30120d5e1db2f94c72da6f14fd925de69ca0dba6564d5c8d2a7efcac207f0c1

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State~RFe6367f7.TMP
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          dbd432fe4f3c222bceac63332a64d4ee

                                                                                                          SHA1

                                                                                                          56879cb71ef2b2207af08072332be3e72d019d72

                                                                                                          SHA256

                                                                                                          84c832749ba50f5a0b5d9adfc0101da1a70b1bf4ef7c22f8f38a03bfdb3e3f95

                                                                                                          SHA512

                                                                                                          e7d5b746f172c46f3d8abe5dcbebf2ab09bf6715cb77b454d52b22fded55033c43e058e7502d0ee0ed7eea3386fce7d1f7df6332e5046128706110bbd44c74b0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\8e125aea-4639-44de-b4fb-1ccc82f51d50.down_data
                                                                                                          Filesize

                                                                                                          555KB

                                                                                                          MD5

                                                                                                          5683c0028832cae4ef93ca39c8ac5029

                                                                                                          SHA1

                                                                                                          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                                          SHA256

                                                                                                          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                                          SHA512

                                                                                                          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          f14d35e09a6dc5894408e3e4d2b71cdc

                                                                                                          SHA1

                                                                                                          df29ec121d401c6894fa1abd4ccc73b164b2beff

                                                                                                          SHA256

                                                                                                          8880a0b04af6e95fed9d68f98585fa976416a373ced4706c535bb37a8820d984

                                                                                                          SHA512

                                                                                                          e5ec58fc970dafb685f6990b213447e9fb4e40a14c25a79567f619d68be5b05061ef736110026d389c343573e30fe134d0de442b53593af54dd29b3c446d306c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpDB8F.tmp
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          36664cc7a3e3d4d6cbf9ab635e7af726

                                                                                                          SHA1

                                                                                                          a6b3daf73a75d1b1320122a5a30c758a15c3e7f6

                                                                                                          SHA256

                                                                                                          dd0421578f01ffcc13981443aa21bc18005ff4f9118e2cc938122169510f9dd8

                                                                                                          SHA512

                                                                                                          5884347cc7ae58a26dfdf4d987d29dbb6af317fc67ffe077e2f193eabc78b0cc0dddc2529ee4e52f455d7e52e0e460efc8718896386abc513c54feacb988b033

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Documents\ResizeDisconnect.xlsm.id-BF08C0AC.[[email protected]].ncov.ANNABELLE
                                                                                                          Filesize

                                                                                                          2.5MB

                                                                                                          MD5

                                                                                                          3902ca2aafdeb67f4f3517cadad2aa5d

                                                                                                          SHA1

                                                                                                          ec52fc77519440efa1efafa17dc56951ff1f4df8

                                                                                                          SHA256

                                                                                                          2bc8754a94b6139f91e0e2aebd35a0eb5b1f542a57d02f1de6f97c78bd9b28b9

                                                                                                          SHA512

                                                                                                          0b137b3ed53667a3477f408229343500d9eb372affb9d89931dc5c7a58af3a5d3d2efe98603216a94ebbedd72a829dcc2cfa13dac7c39ecc1c9e3aff2ffee916

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Launcher.exe:Zone.Identifier
                                                                                                          Filesize

                                                                                                          26B

                                                                                                          MD5

                                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                          SHA1

                                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                          SHA256

                                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                          SHA512

                                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 379934.crdownload
                                                                                                          Filesize

                                                                                                          321KB

                                                                                                          MD5

                                                                                                          600e0dbaefc03f7bf50abb0def3fb465

                                                                                                          SHA1

                                                                                                          1b5f0ac48e06edc4ed8243be61d71077f770f2b4

                                                                                                          SHA256

                                                                                                          61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

                                                                                                          SHA512

                                                                                                          151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 430205.crdownload
                                                                                                          Filesize

                                                                                                          424KB

                                                                                                          MD5

                                                                                                          e263c5b306480143855655233f76dc5a

                                                                                                          SHA1

                                                                                                          e7dcd6c23c72209ee5aa0890372de1ce52045815

                                                                                                          SHA256

                                                                                                          1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

                                                                                                          SHA512

                                                                                                          e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 470749.crdownload:SmartScreen
                                                                                                          Filesize

                                                                                                          7B

                                                                                                          MD5

                                                                                                          4047530ecbc0170039e76fe1657bdb01

                                                                                                          SHA1

                                                                                                          32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                          SHA256

                                                                                                          82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                          SHA512

                                                                                                          8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 533961.crdownload
                                                                                                          Filesize

                                                                                                          2KB

                                                                                                          MD5

                                                                                                          a56d479405b23976f162f3a4a74e48aa

                                                                                                          SHA1

                                                                                                          f4f433b3f56315e1d469148bdfd835469526262f

                                                                                                          SHA256

                                                                                                          17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

                                                                                                          SHA512

                                                                                                          f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 548110.crdownload
                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          MD5

                                                                                                          63210f8f1dde6c40a7f3643ccf0ff313

                                                                                                          SHA1

                                                                                                          57edd72391d710d71bead504d44389d0462ccec9

                                                                                                          SHA256

                                                                                                          2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

                                                                                                          SHA512

                                                                                                          87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 802091.crdownload
                                                                                                          Filesize

                                                                                                          1.0MB

                                                                                                          MD5

                                                                                                          055d1462f66a350d9886542d4d79bc2b

                                                                                                          SHA1

                                                                                                          f1086d2f667d807dbb1aa362a7a809ea119f2565

                                                                                                          SHA256

                                                                                                          dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

                                                                                                          SHA512

                                                                                                          2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 850002.crdownload
                                                                                                          Filesize

                                                                                                          111KB

                                                                                                          MD5

                                                                                                          9d0d2fcb45b1ff9555711b47e0cd65e5

                                                                                                          SHA1

                                                                                                          958f29a99cbb135c92c5d1cdffb9462be35ee9fd

                                                                                                          SHA256

                                                                                                          dc476ae39effdd80399b6e36f1fde92c216a5bbdb6b8b2a7ecbe753e91e4c993

                                                                                                          SHA512

                                                                                                          8fd4ce4674cd52a3c925149945a7a50a139302be17f6ee3f30271ebe1aa6d92bcb15a017dca989cd837a5d23cd56eaacc6344dc7730234a4629186976c857ca9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 983539.crdownload
                                                                                                          Filesize

                                                                                                          197KB

                                                                                                          MD5

                                                                                                          7506eb94c661522aff09a5c96d6f182b

                                                                                                          SHA1

                                                                                                          329bbdb1f877942d55b53b1d48db56a458eb2310

                                                                                                          SHA256

                                                                                                          d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c

                                                                                                          SHA512

                                                                                                          d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\WindowsUpdate.exe:Zone.Identifier
                                                                                                          Filesize

                                                                                                          55B

                                                                                                          MD5

                                                                                                          0f98a5550abe0fb880568b1480c96a1c

                                                                                                          SHA1

                                                                                                          d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                          SHA256

                                                                                                          2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                          SHA512

                                                                                                          dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                          Download Submit

                                                                                                        • \??\pipe\LOCAL\crashpad_4720_LCWNFMNKCZIGTIRX
                                                                                                          MD5

                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                          SHA1

                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                          SHA256

                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                          SHA512

                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                          Download Submit

                                                                                                        • memory/240-876-0x0000000004DF0000-0x0000000004E46000-memory.dmp

                                                                                                          Filesize

                                                                                                          344KB

                                                                                                          Download

                                                                                                        • memory/240-862-0x0000000000110000-0x0000000000182000-memory.dmp

                                                                                                          Filesize

                                                                                                          456KB

                                                                                                          Download

                                                                                                        • memory/240-863-0x0000000004C10000-0x0000000004CAC000-memory.dmp

                                                                                                          Filesize

                                                                                                          624KB

                                                                                                          Download

                                                                                                        • memory/240-875-0x0000000004CD0000-0x0000000004CDA000-memory.dmp

                                                                                                          Filesize

                                                                                                          40KB

                                                                                                          Download

                                                                                                        • memory/240-874-0x0000000004D50000-0x0000000004DE2000-memory.dmp

                                                                                                          Filesize

                                                                                                          584KB

                                                                                                          Download

                                                                                                        • memory/240-873-0x0000000005260000-0x0000000005806000-memory.dmp

                                                                                                          Filesize

                                                                                                          5.6MB

                                                                                                          Download

                                                                                                        • memory/1392-1004-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/1392-1136-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/1392-1036-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/1392-1084-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/1440-883-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                          Filesize

                                                                                                          548KB

                                                                                                          Download

                                                                                                        • memory/1440-638-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                          Filesize

                                                                                                          548KB

                                                                                                          Download

                                                                                                        • memory/1440-637-0x0000000000400000-0x0000000000489000-memory.dmp

                                                                                                          Filesize

                                                                                                          548KB

                                                                                                          Download

                                                                                                        • memory/1640-1397-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          Download

                                                                                                        • memory/1640-27021-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          Download

                                                                                                        • memory/3408-1008-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/3408-1051-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/3408-1121-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/3408-990-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                                                          Filesize

                                                                                                          296KB

                                                                                                          Download

                                                                                                        • memory/4664-989-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.7MB

                                                                                                          Download

                                                                                                        • memory/4664-730-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.7MB

                                                                                                          Download

                                                                                                        • memory/4664-724-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.7MB

                                                                                                          Download

                                                                                                        • memory/4664-27490-0x0000000000400000-0x00000000006BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.7MB

                                                                                                          Download

                                                                                                        • memory/4752-1255-0x0000000005C10000-0x0000000005C38000-memory.dmp

                                                                                                          Filesize

                                                                                                          160KB

                                                                                                          Download

                                                                                                        • memory/4752-1254-0x0000000005860000-0x0000000005868000-memory.dmp

                                                                                                          Filesize

                                                                                                          32KB

                                                                                                          Download

                                                                                                        • memory/4752-1253-0x0000000000C10000-0x0000000000C66000-memory.dmp

                                                                                                          Filesize

                                                                                                          344KB

                                                                                                          Download

                                                                                                        • memory/39524-27249-0x0000022801720000-0x0000022802714000-memory.dmp

                                                                                                          Filesize

                                                                                                          16.0MB

                                                                                                          Download

                                                                                                        • memory/39524-27266-0x000002281CD50000-0x000002281E2DE000-memory.dmp

                                                                                                          Filesize

                                                                                                          21.6MB

                                                                                                          Download

                                                                                                        • memory/49340-26888-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          Download

                                                                                                        • memory/49340-24287-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          Download